Hi and welcome to Malicious Life, I'm Ran Levy.

A few years ago, while I was researching the Morris Worm incident

for a book I was writing about the history of information security,

I came across an interesting analysis of the worm

written by a then young university professor named Eugene Spafford, or Spaffy, as it was more

commonly known.

The Morris worm, for the benefit of some of our younger listeners, God, it makes me feel old saying

these words, was an infamous malware that crippled a large part of the early internet network in 1988 and caused quite a bit of panic in the general public.

We did two full episodes of malicious life about the Morris worm, so head over to malicious dot life if you wish to hear the full story.

Anyway, last year, while I was tending Sabey Reason reasons deep 2017 information security conference in Boston,

I had the pleasure of talking to Spafford about his work.

Spafford, it turns out, was fortunate to be standing in many of the critical crossroads

in the development and maturing of the field of information security.

Snippets of this interview were already aired in the episode about the Morris worm, but a lot of interesting stuff was left out.

With the summer vacation still going strong, we decided it'd be a good opportunity to air the full interview.

So what you'll be hearing is Spafford talking about information security in the 1970s and

80s and why Infosec wasn't considered a proper academic

field of research back then. We also go into the Morris-Werm incident in

more details and how it landed Spafford a contract

to write the first English language book about information security.

Finally, we talk about Spafford's latest research into a very interesting topic, deceptive computing,

and how can fake software patches help against hackers using reverse engineering techniques.

...