funsec mailing list archives

Re: InfoSec: Food for Thought

From: Donal <irldexter () gmail com>
Date: Wed, 31 Dec 2008 18:27:28 +1100

a) 1974 http://web.mit.edu/Saltzer/www/publications/protection/

and

b) SecurityMetrics mailing list going round in circles.....

including

c) "It'll be just as insecure as it possibly can, while still
continuing to function."
http://www.ranum.com/security/computer_security/editorials/point-counterpoint/homeusers.htm

One does worry.

Until we can elicit a value to shared and dedicated nodes/messages +
the organisational superorganism as a whole, risk and the
quantification thereof is a joke.... unfortunately shared
infrastructure and services such as routing/DNS/SNMP/NTP/logging *are*
business critical e.g. data and control planes including management
control planes. http://twitter.com/irldexter/status/1087480944

Here's to 2009! And some standardisaiton of code development and
testing including liability etc as per David Rice's arguments in
Geekonomics. http://my.safaribooksonline.com/9780321477897

Peace.

On 12/31/08, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:

On Tue, 30 Dec 2008 18:53:05 EST, Bruce Potter said:

This rabbit hole goes very deep indeed.  Here's a study from 1972 that
is still relevant today (unfortunately)

http://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf
http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf


Karger&Schell (of the Multics pentest paper fame) did a 30-years-later
paper, in which they basically concluded that we've regressed in
the 3 decades since...

http://www.acsac.org/2002/papers/classic-multics.pdf

(And if anybody here *still* hasn't read the original, it's at
http://www.acsac.org/2002/papers/classic-multics-orig.pdf)

Trivia: That's the "unnamed Air Force document" Thompson referenced in
"On Trusting Trust"...



-- 
________________________________________________________________________________
Donal ( http://bsdosx.blogspot.com/ )

"Any intelligent fool can make things bigger, more complex, and more
violent. It takes a touch of genius -- and a lot of courage -- to move
in the opposite direction." E. F. Schumacher
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

InfoSec: Food for Thought Paul Ferguson (Dec 29)
- Re: InfoSec: Food for Thought Paul M. Moriarty (Dec 30)
- Re: InfoSec: Food for Thought Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
  - Re: InfoSec: Food for Thought Bruce Potter (Dec 30)
    - Re: InfoSec: Food for Thought Valdis . Kletnieks (Dec 30)
    - Re: InfoSec: Food for Thought Donal (Dec 30)