Full Disclosure: Re: need help in managing administrators

[Valdis.Kletnieks () vt edu]

On Sun, 02 Dec 2007 20:04:42 EST, Dude VanWinkle said:

> Anyone who was a security expert 30 yrs ago should be ridiculed. Their
> job description was "I inspect all 5 & 1/4 disks that get mailed to
> us" and should be a reason NOT to hire them :-P
Anybody who doesn't know the history of security well enough to know what
was going on 30 years ago deserves to be ridiculed.

Here's a classic paper (the original Multics vulnerability analysis by Karger
and Schell):

http://www.acsac.org/2002/papers/classic-multics-orig.pdf

Here's their 30-years-later retrospective:

http://www.acsac.org/2002/papers/classic-multics.pdf

Executive summary: We've learned somewhere between diddly and squat from
30 years of experience. 

Incidentally, Karger&Schell is the "unnamed Air Force document" that Ken
Thompson references as the source for his Turing Award lecture:

Thompson, K., "Reflections on Trusting Trust", Communications of the ACM,
Vol. 27, No. 8, August 1984, http://www.acm.org/classics/sep95/ 

Ridicule these guys at your own peril.  You can count me out, my personal timer
is currently sitting at 29 years 10 months.. ;)

Incidentally, 30 years ago, the 5.25" disk was still well in the future - even
the 8" floppy was relatively new.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/