North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

What have we learned in 3 decades? Not much.

  • From: Valdis.Kletnieks
  • Date: Mon Sep 09 18:57:25 2002

The guys who did the Multics penetration tests for the Air Force have
re-released it, with commentary on what 30 years has changed (and more
importantly, not changed).  Most depressing quote:

    Thus, systems that are weaker than Multics are consid-
    ered for use in environments in excess of what even Mul-
    tics could deliver without restructuring around a security
    kernel.   There really seem to be only four possible con-
    clusions from this: either (1) today's systems are really
    much more secure than we claim; (2) today's potential
    attackers are much less capable or motivated; (3) the in-
    formation being processed is much less valuable; or (4)
    people are unwilling or unable to recognize the compel-
    ling need to employ much better technical solutions.

http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdf

Attachment: pgp00006.pgp
Description: PGP signature