lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42346705.28635.2BDA2E2D@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Re: Microsoft to give holes info to Uncle Sam
	first

Bruce Ediger wrote:

> On a more anecdotal level, just after the 1988 Internet Worm,
> I participated in a discussion at a US defense contractor where a
> fellow with several clearances claimed that the NSA had dossiers on
> each operating system, and they knew all the holes in each of them,
> "Even in VMS".

Would anyone be surprised by that??

The US military and its contractors were long-interested in ways to 
break software _long_ before the Morris Worm made the notion at all 
real-world or media-worthy...  In fact, they had teams of folk 
employeed to investigate just these kinds of things and if you know the 
right folk they will even confirm this (off the record of course).  It 
is not, hoiwever, too difficult to find references to some of their 
work, as being the military everything was documented and recorded and 
indexed and many early "mainstream" computer security papers refer to 
various US Army/Navy/Air Force reports that no-one outside the military 
actually seems to have copies of.

Now, if the US military was doing it, do you think that the NSA was not 
doing it too?  (Or at least not making sure it had access to all the 
material learned in this research??)

And does anyone really think it's entirely coincidental that the 
creator of the Morris worm (Robert Tappan (sp?) Morris Jr.) was the son 
of Robert T. Morris, the chief scientist of the NSA's National Computer 
Security Center?  (No conspiracy theory here, but the old adage "like 
father, like son" springs to mind...)


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ