[Full-disclosure] need help in managing administrators
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Dec 5 22:44:37 GMT 2007
On Sun, 02 Dec 2007 20:04:42 EST, Dude VanWinkle said:
> Anyone who was a security expert 30 yrs ago should be ridiculed. Their
> job description was "I inspect all 5 & 1/4 disks that get mailed to
> us" and should be a reason NOT to hire them :-P
Anybody who doesn't know the history of security well enough to know what
was going on 30 years ago deserves to be ridiculed.
Here's a classic paper (the original Multics vulnerability analysis by Karger
and Schell):
http://www.acsac.org/2002/papers/classic-multics-orig.pdf
Here's their 30-years-later retrospective:
http://www.acsac.org/2002/papers/classic-multics.pdf
Executive summary: We've learned somewhere between diddly and squat from
30 years of experience.
Incidentally, Karger&Schell is the "unnamed Air Force document" that Ken
Thompson references as the source for his Turing Award lecture:
Thompson, K., "Reflections on Trusting Trust", Communications of the ACM,
Vol. 27, No. 8, August 1984, http://www.acm.org/classics/sep95/
Ridicule these guys at your own peril. You can count me out, my personal timer
is currently sitting at 29 years 10 months.. ;)
Incidentally, 30 years ago, the 5.25" disk was still well in the future - even
the 8" floppy was relatively new.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071205/ed0213f6/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.