Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Allan Scherr Hacked Around the First Computer Password

Posted by timothy on from the used-his-onion dept.

New submitter MikeatWired writes "If you're like most people, you're annoyed by passwords. So who's to blame? Who invented the computer password? They probably arrived at MIT in the mid-1960s, when researchers built a massive time-sharing computer called CTSS. Technology changes. But, then again, it doesn't, writes Bob McMillan. Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early '60s, came clean about the earliest documented case of password theft. In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn't nearly enough time to run the detailed performance simulations he'd designed for the new computer system. So he simply printed out all of the passwords stored on the system. 'There was a way to request files to be printed offline by submitting a punched card,' he remembered in a pamphlet (PDF) written last year to commemorate the invention of the CTSS. 'Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.' To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab's director Robert Fano, and leaving 'taunting messages' behind."

12 of 89 comments (clear)

  1. More on CTSS by Anonymous Coward · · Score: 5, Interesting

    CTSS is notable for a lot of things. Like having the first e-mail, and the first spam.

    http://opinionator.blogs.nytimes.com/2011/06/19/did-my-brother-invent-e-mail-with-tom-van-vleck-part-one/

    The first documented hacking occurred earlier, to make certain networking-esque programs work.

  2. Re:submitter maths fail by MightyYar · · Score: 5, Informative

    I know I shouldn't tell someone with a 5-digit id to RTFA, but here I go anyway... FTFA:

    Scherr left MIT in May 1965 to take a job at IBM, but 25 years later he confessed to Professor Fano in person. “He assured me that my Ph.D. would not be revoked.”

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  3. Re:what is a password? by pbjones · · Score: 4, Interesting

    it's a route, the way to connect to your phone. A password is more like a key, if you have one then you can get into your whatever.

    Worst password/pin. A telephone system at a major event many years ago, each journalist was given a unique 4 digit pin, they enter it and get dialtone and dial. Took about 10 seconds for them to workout that they could just pump in 4 digit codes until they got dial tone and they were then using other peoples accounts. Or the Video store software that stored passwords in plain text in a file called PW.TXT.

    --
    There was an unknown error in the submission.
  4. Re:Rant (-5 insightful) by Anonymous Coward · · Score: 5, Informative

    http://xkcd.com/301/

  5. I wish he hadn't published this... by Alien+Being · · Score: 4, Funny

    The next thing you know, cardpunches will be declared to be terrorist tools.

    1. Re:I wish he hadn't published this... by dbc · · Score: 3, Funny

      A card punch launched from a trebuchet could do some serious damage. They are big and heavy.

      Tell you what, though, the chad is an *outstanding* terrorist tool :) Going through the student keypunch room with a garbage bag, emptying all the chad bins, gets you enough annoying confetti to last a long time. Go through somebody's closet, and put chad in every pocket of everything he owns. Months later he will still be picking the stuff out. Sprinkle it liberally into the pages of various books. And 2 or 3 handfuls in the bed is always a winner.

      My sister the artist still laments the passing of card punches. Back in the days of card punches she was into paper mache, and the chad makes excellent paper mache, and is zero labor. Just chuck a few handfuls into the paste and get to work.

  6. Re:submitter maths fail by martin-boundary · · Score: 4, Funny

    He assured me that my Ph.D. would not be revoked

    Uh, uh. But now the DHS knows what he did...

  7. Spreading the guilt by Dan+East · · Score: 3, Funny

    Back in high school our band performed at EPCOT, and that night, to keep all the kids in their hotel rooms, the chaperones put tape on each door. If a student left their room, then the tape on the outside of the door would be broken loose and they would get in trouble. However there was a fatal flaw. Late that night when we were sneaking around the hotel, we simply removed the tape from a dozen other rooms.

    --
    Better known as 318230.
  8. Re:submitter maths fail by 93+Escort+Wagon · · Score: 4, Insightful

    I know I shouldn't tell someone with a 5-digit id to RTFA, but here I go anyway... FTFA:

    Scherr left MIT in May 1965 to take a job at IBM, but 25 years later he confessed to Professor Fano in person. “He assured me that my Ph.D. would not be revoked.”

    Okay, so to sum up:

    Slashdot just posted a 25-year-old story.

    --
    #DeleteChrome
  9. First keylogger? by djchristensen · · Score: 5, Interesting

    I'm sure not the first time it happened, but while in college in the mid '80s, the computer lab was set up with 68k-based evaluation boards to use for embedded systems programming assignments. The boards had two serial ports, one to the ASCII terminal and another to the Sun server. The boards normally operated in a transparent pass-through mode when they weren't being used, and a hot-key was used to access the board directly.

    We realized that we could easily install code to look for "login:" and "password:" coming from the server and catch the replies and save them in memory. We'd check back towards the end of the day and harvest the results. We were on very good terms with the head of the CS department, so when we told him about our little exploit and proved it with his password, he was more amused than anything else.

    We didn't keep or use any of the passwords, but thinking back on it, it could have been quite lucrative to sell them to a certain group of CS students who were quite prone to cheating. Those were the ones that you could put their assignment printouts together (I worked as a TA for a while) and hold them up to the light to see they were identical except for the variable names. One of them also set fire to the pile of final assignments that had been left on the floor outside a professor's office in a 100+ year old building, figuring if nobody's assignment got turned in, the professor couldn't grade them (yeah, too dumb to realize all those programs were still on the server). That was a very narrowly avoided tragedy. Ah, memories.

  10. By 1970, the FBI was arresting hackers by Anonymous Coward · · Score: 3, Interesting

    When I was attending a small techical college which had government contracts, one student got passwords to several research accounts and used them for homework and for the primitive games of the time. He started with guessing simple ones and shoulder surfing. After a couple of catch-and-release sequences, he seemed to self-destruct. He started running CPU and memory intensive do-nothing programs to deliberately tie up the computer. He was finally arrested, expelled, tried, convicted, and jailed.
    He was sure proud he could do it. He was sure resentful that computer time wasn't free.

  11. Learn your history... by Gription · · Score: 5, Informative

    J. C. R. Licklider is about the most important person in the development of the Internet. He worked in the Pentagon and had three different dedicated terminals to three different systems in his office and each had its different connection procedure. He asked the question of "Why can't these things be connected together?" (probably to save office space...)
    He took his question across the hall and in 5 minutes had the funding to start what became the ARPAnet. He was as close as the computer world gets to an expeditionary explorer.
    In other words: He funded the startup of the Internet.

    For a really great read get a copy of "Where Wizards Stay Up Late: The Origins Of The Internet". Besides learning about the incredible minds that built the foundations, you can read a number of entertaining anecdotes. (Like AT&Ts refusal to believe that it was possible long after it was working!!!)