funsec mailing list archives
Re: InfoSec: Food for Thought
From: Donal <irldexter () gmail com>
Date: Wed, 31 Dec 2008 18:27:28 +1100
a) 1974 http://web.mit.edu/Saltzer/www/publications/protection/ and b) SecurityMetrics mailing list going round in circles..... including c) "It'll be just as insecure as it possibly can, while still continuing to function." http://www.ranum.com/security/computer_security/editorials/point-counterpoint/homeusers.htm One does worry. Until we can elicit a value to shared and dedicated nodes/messages + the organisational superorganism as a whole, risk and the quantification thereof is a joke.... unfortunately shared infrastructure and services such as routing/DNS/SNMP/NTP/logging *are* business critical e.g. data and control planes including management control planes. http://twitter.com/irldexter/status/1087480944 Here's to 2009! And some standardisaiton of code development and testing including liability etc as per David Rice's arguments in Geekonomics. http://my.safaribooksonline.com/9780321477897 Peace. On 12/31/08, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Tue, 30 Dec 2008 18:53:05 EST, Bruce Potter said:This rabbit hole goes very deep indeed. Here's a study from 1972 that is still relevant today (unfortunately) http://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdfKarger&Schell (of the Multics pentest paper fame) did a 30-years-later paper, in which they basically concluded that we've regressed in the 3 decades since... http://www.acsac.org/2002/papers/classic-multics.pdf (And if anybody here *still* hasn't read the original, it's at http://www.acsac.org/2002/papers/classic-multics-orig.pdf) Trivia: That's the "unnamed Air Force document" Thompson referenced in "On Trusting Trust"...
-- ________________________________________________________________________________ Donal ( http://bsdosx.blogspot.com/ ) "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." E. F. Schumacher _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- InfoSec: Food for Thought Paul Ferguson (Dec 29)
- Re: InfoSec: Food for Thought Paul M. Moriarty (Dec 30)
- Re: InfoSec: Food for Thought Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
- Re: InfoSec: Food for Thought Bruce Potter (Dec 30)
- Re: InfoSec: Food for Thought Valdis . Kletnieks (Dec 30)
- Re: InfoSec: Food for Thought Donal (Dec 30)
- Re: InfoSec: Food for Thought Bruce Potter (Dec 30)