Sunday 2 November 2003 was a special date for those interested in computer security - it was the 15th anniversary of one of the most important events in the history of computer hacking.

A little after 6pm on 2 November 1988, those responsible for managing the Unix and VAX/VMS systems connected to the Arpanet noticed their computers were behaving oddly. Machines that should have been idling were suddenly running with crippling load-averages, which made them grind to a halt.

Rebooting the systems didn't help, nor did killing the multitude of processes running on each: within seconds, the load-average again shot off the scale. Something was clearly wrong and a little before midnight a system manager at Harvard announced that "there might be a virus loose on the internet".

There was indeed a virus loose: Robert Morris's Internet Worm. A sophisticated "automated hacker", this program broke into and flooded thousands of computer systems accessible over the nascent internet. It wasn't the first virus, nor indeed the first worm, and it wasn't the first program to flood computers within a network. But it was important for one crucial reason: it was the first time the "buffer overflow" hacking trick had been seen in the wild.

It is widely accepted that it was Morris's father, a senior analyst at the National Security Agency, who first appreciated that unchecked buffers in many programs written in C could permit hackers to gain control of systems. He noticed that over-running the end of an input buffer would allow the return address to be overwritten and suggested to his son - a computer science student at Cornell - that this might be a huge problem.

How right he was. The Morris Worm showed clearly that computers could be hacked and remotely accessed through this mechanism. The virus exploited an unchecked buffer in the "finger" service to gain access to computers for which it was unable to guess valid passwords.

The events of November 1988 led to the creation of the first Computer Emergency Response Team (Cert) at Carnegie Mellon University, and made the buffer overflow trick popular among the more expert hackers. By November 1996, an article entitled Smashing the Stack for Fun and Profit by hacker Aleph One in Phrack magazine alerted even the most unsophisticated script kiddie to how the trick worked. By the end of the decade, a Darpa-funded report said buffer overflow was the most commonly exploited system vulnerability.

Today, the buffer overflow exploit remains as popular and as successful as ever. Most worryingly, not only do such unchecked buffers continue to be discovered in old code, but also in newly produced programs. Despite the millions of pounds and untold man-years of time lost to buffer overflow exploits, they still plague us. Perhaps the Microsoft Trustworthy Computing Initiative will at last eradicate them, but I'm not betting on much improvement before the Internet Worm's 20th anniversary.