nanog mailing list archives
What have we learned in 3 decades? Not much.
From: Valdis.Kletnieks () vt edu
Date: Mon, 09 Sep 2002 18:55:08 -0400
The guys who did the Multics penetration tests for the Air Force have re-released it, with commentary on what 30 years has changed (and more importantly, not changed). Most depressing quote: Thus, systems that are weaker than Multics are consid- ered for use in environments in excess of what even Mul- tics could deliver without restructuring around a security kernel. There really seem to be only four possible con- clusions from this: either (1) today's systems are really much more secure than we claim; (2) today's potential attackers are much less capable or motivated; (3) the in- formation being processed is much less valuable; or (4) people are unwilling or unable to recognize the compel- ling need to employ much better technical solutions. http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdf
Attachment:
_bin
Description:
Current thread:
- What have we learned in 3 decades? Not much. Valdis . Kletnieks (Sep 09)