Re: Re: Microsoft to give holes info to Uncle Sam first

[Nick FitzGerald <nick () virus-l demon co uk>]

Bruce Ediger wrote:

> On a more anecdotal level, just after the 1988 Internet Worm,
> I participated in a discussion at a US defense contractor where a
> fellow with several clearances claimed that the NSA had dossiers on
> each operating system, and they knew all the holes in each of them,
> "Even in VMS".

Would anyone be surprised by that??

The US military and its contractors were long-interested in ways to 
break software _long_ before the Morris Worm made the notion at all 
real-world or media-worthy...  In fact, they had teams of folk 
employeed to investigate just these kinds of things and if you know the 
right folk they will even confirm this (off the record of course).  It 
is not, hoiwever, too difficult to find references to some of their 
work, as being the military everything was documented and recorded and 
indexed and many early "mainstream" computer security papers refer to 
various US Army/Navy/Air Force reports that no-one outside the military 
actually seems to have copies of.

Now, if the US military was doing it, do you think that the NSA was not 
doing it too?  (Or at least not making sure it had access to all the 
material learned in this research??)

And does anyone really think it's entirely coincidental that the 
creator of the Morris worm (Robert Tappan (sp?) Morris Jr.) was the son 
of Robert T. Morris, the chief scientist of the NSA's National Computer 
Security Center?  (No conspiracy theory here, but the old adage "like 
father, like son" springs to mind...)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/