lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <31582.1196894677@turing-police.cc.vt.edu>
Date: Wed, 05 Dec 2007 17:44:37 -0500
From: Valdis.Kletnieks@...edu
To: Dude VanWinkle <dudevanwinkle@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: need help in managing administrators

On Sun, 02 Dec 2007 20:04:42 EST, Dude VanWinkle said:

> Anyone who was a security expert 30 yrs ago should be ridiculed. Their
> job description was "I inspect all 5 & 1/4 disks that get mailed to
> us" and should be a reason NOT to hire them :-P

Anybody who doesn't know the history of security well enough to know what
was going on 30 years ago deserves to be ridiculed.

Here's a classic paper (the original Multics vulnerability analysis by Karger
and Schell):

http://www.acsac.org/2002/papers/classic-multics-orig.pdf

Here's their 30-years-later retrospective:

http://www.acsac.org/2002/papers/classic-multics.pdf

Executive summary: We've learned somewhere between diddly and squat from
30 years of experience. 

Incidentally, Karger&Schell is the "unnamed Air Force document" that Ken
Thompson references as the source for his Turing Award lecture:

Thompson, K., "Reflections on Trusting Trust", Communications of the ACM,
Vol. 27, No. 8, August 1984, http://www.acm.org/classics/sep95/ 

Ridicule these guys at your own peril.  You can count me out, my personal timer
is currently sitting at 29 years 10 months.. ;)

Incidentally, 30 years ago, the 5.25" disk was still well in the future - even
the 8" floppy was relatively new.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ