[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: [email protected]
From: Anonymous <[email protected]>
Date: Sun, 15 Nov 1998 04:07:27 +0100
Comments: This message did not originate from the Sender address above.It was remailed automatically by anonymizing remailer software.Please report problems or inappropriate use to theremailer administrator at <[email protected]>.
Sender: [email protected]


At 09:35 PM 11/14/98 -0500, John Young <[email protected]> wrote:
>
>An NSA team presented at NISSC98 in October
>"The Inevitability of Failure: The Flawed Assumption 
>of Security in Modern Computing Environments:"

...

>Not that NSA would ever exploit OS weaknesses not warned 
>about.
>

	Part of the context for this:  NSA is trying to encourage their new
testing program for security products.  My feeling is that program, in
turn, is intended to preserve the spaces for all the employees
involved in the failed TCSEC/Rainbow testing program.  I say "failed"
because it hasn't caught on in the private sector, it's expensive and,
of course, the laughable "C2 in '92."  
	If you can't trust your OS, Dum-dum-Dah! NSA to the rescue with
testing!
	The new Common Criteria is to replace TCSEC/Rainbow next year, but if
it walks like a duck....

Follow-Ups:
- Re:
  - From: "Paul H. Merrill" <[email protected]>

Prev by Date: NSA on OS Flaws
Next by Date: hello -- do not read
Prev by thread: No Subject
Next by thread: Re:
Index(es):
- Date
- Thread