Guess your password? Crack your password? Steal your password? What if the crooks already have one of your passwords, and can use it to figure out all your others as well?
DOUG. LifeLock woes, remote code execution, and a big scam meets big trouble.
All that, and more, on the Naked Security podcast.
[MUSICAL MODEM]
Welcome to the podcast, everybody.
I am Doug Aamoth; he is Paul Ducklin.
And Paul, I’m so sorry… but let me wish you a belated Happy ’23!
DUCK. As opposed to Happy ’99, Doug?
DOUG. How did you know? [LAUGHS]
We dovetail immediately into our Tech History segment.
This week, on 20 January 1999, the world was introduced to the HAPPY99 worm, also known as “Ska”.
Paul, you were there, man!
Tell us about your experience with HAPPY99, if you please.
DUCK. Doug. I think the most fascinating thing for me – then and now – is what you call the B-word…
…the [COUGHS APOLOGETICALLY] “brilliant” part, and I don’t know whether this was down to laziness or supreme cleverness on the part of the programmer.
Firstly, it didn’t use a pre-generated list of email addresses.
It waited till *you* sent an email, scraped the email address out of it, and used that, with the result that the emails only went to people that you’d already just communicated with, giving them a greater believability.
And the other clever thing it had: it didn’t bother with things like subject line and message body.
It just had an attachment, HAPPY99.EXE,…
