[51892] in North American Network Operators' Group
What have we learned in 3 decades? Not much.
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Sep 9 18:55:45 2002
To: nanog@merit.edu
From: Valdis.Kletnieks@vt.edu
Date: Mon, 09 Sep 2002 18:55:08 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1952615040P
Content-Type: text/plain; charset=us-ascii
The guys who did the Multics penetration tests for the Air Force have
re-released it, with commentary on what 30 years has changed (and more
importantly, not changed). Most depressing quote:
Thus, systems that are weaker than Multics are consid-
ered for use in environments in excess of what even Mul-
tics could deliver without restructuring around a security
kernel. There really seem to be only four possible con-
clusions from this: either (1) today's systems are really
much more secure than we claim; (2) today's potential
attackers are much less capable or motivated; (3) the in-
formation being processed is much less valuable; or (4)
people are unwilling or unable to recognize the compel-
ling need to employ much better technical solutions.
http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdf
--==_Exmh_1952615040P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9fSbMcC3lWbTT17ARAnjBAKDHbXDxKJKxPOckkecKvg+/dLHAYACfTEXl
TFsrdxYi+Hkoo6QK1QtLOHg=
=+Bg7
-----END PGP SIGNATURE-----
--==_Exmh_1952615040P--
