Cybersecurity

On May 3, 1978, a Digital Equipment Corporation marketer named Gary Thuerk sent a message to 393 ARPANET users advertising a new computer system. The message generated $13 million in sales. It also created a permanent problem that would plague the internet for the next four decades: Thuerk had sent the first spam email. What made this possible wasn’t clever hacking or sophisticated exploitation. It was a fundamental design decision built into email itself—a protocol that assumed everyone on the network could be trusted. When Jonathan Postel published RFC 821 in August 1982, defining the Simple Mail Transfer Protocol (SMTP), he created a system where the sender’s identity was entirely self-declared. Any mail server could claim to be sending from any address, and receiving servers had no way to verify it. ...

On June 5, 2012, a Russian hacker named Yevgeniy Nikulin accessed LinkedIn’s database and exfiltrated 6.5 million password hashes. What happened next became a textbook case of what not to do with passwords. LinkedIn had stored those passwords using SHA-1—without any salt. Within hours, security researchers were cracking thousands of passwords per minute. By the time LinkedIn disclosed the breach, over 60% of the stolen hashes had already been reversed. ...