funsec mailing list archives
Re: Hey old people
From: Roland Dobbins <rdobbins () cisco com>
Date: Thu, 22 Dec 2005 20:49:49 -0800
I already mentioned that one. ;> On Dec 22, 2005, at 1:48 PM, Drsolly wrote:
Remember the vulnerability in Enigma, which considerably hastened the end of the war. On Thu, 22 Dec 2005, Blue Boar wrote:Tom Van Vleck wrote:Wow. Bob Fiske was one of my room mates freshman year at MIT (1961). And another friend of mine dated Goheen.I'm seriously considering tracking some people down for interviews at some point, any idea if they are still around and locatable? I'll be taking a hard look at the multicians for some of this.These are not nearly old enough though. But one gets into the question of the definition of vulnerability.e.g. it was well known that one could disable the 7094 FMS supervisor'sjob time limit counter and accounting by storing zero in a certain location in core. (No, I'm not going to say which one on an open channel.) That was a vulnerability in a system with no memory protection where only one job was running at a time, circa 1962.I've had some private conversations with the osvdb guys, and I think wehave semi-agreed that we're looking for a documented privilege escalation or bypass bug, and and OS/hardware combination with some protection mechanism, probably a supervisor mode at least. I suspect for this exercise, they would exclude things like a crypto crack. Original link for those that missed it: http://www.osvdb.org/blog/?p=77 So I don't think a system with no memory protection would qualify in this instance. Not that I still wouldn't love details.I *think* this means that for this definition, the earliest possible isearly '60s?A little later, there was a documented bug in CTSS where programsthat increased their memory allocation size would get non-zeroed core.So a programmer in the system group wrote a little program to startsmall, get big, scan its new memory for passwords. Quickly got root,that is, Dick Mills's password. This would be 1965 or so.I've known that one as folklore for a long time. (It's older than my personal experience, I was born in 1969.) That's one I'm looking for documentation on. In the '72 paper, that (class of) bug is already treated as an old-time bug.You folks have looked at Donn Parker's book, right, and you are lookingfor things earlier than his earliest?I don't think so, I think we're a bunch of newbs approaching this from aposition of ignorance. That's the case for myself, anyway. I see Amazon knows of lots of books by him. Is it one of these? Crime by computer 1976 Manager's Guide to Computer Security (Paperback) 1983Computer abuse perpetrators and vulnerabilities of computer systems 1975Computer abuse assessment 1975 (The list goes on, he's done quite a few) BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-------------------------------------------------------------------- Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice Algorithm agility is an essential feature in any Internet protocol. -- Bruce Schneier _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Hey old people, (continued)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people Drsolly (Dec 21)
- Re: Hey old people Valdis . Kletnieks (Dec 21)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people dudevanwinkle () gmail com (Dec 22)
- Re: Hey old people Blue Boar (Dec 22)
- Re: Hey old people Drsolly (Dec 22)
- Re: Hey old people Roland Dobbins (Dec 22)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Jeff Kell (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 22)
- Re: Hey old people Drsolly (Dec 23)