1995-09-26 - Re: Hack Microsoft?

Header Data

From: Tim Scanlon <tfs@vampire.science.gmu.edu>
To: Ray Cromwell <rjc@clark.net>
Message Hash: 0207876c31dd0d123ba204ddb06f52642c5f47f38f28af7ebb178e4cb3e8aed0
Message ID: <9509261444.AA10518@vampire.science.gmu.edu>
Reply To: <199509260404.AAA14297@clark.net>
UTC Datetime: 1995-09-26 14:45:11 UTC
Raw Date: Tue, 26 Sep 95 07:45:11 PDT

Raw message

From: Tim Scanlon <tfs@vampire.science.gmu.edu>
Date: Tue, 26 Sep 95 07:45:11 PDT
To: Ray Cromwell <rjc@clark.net>
Subject: Re: Hack Microsoft?
In-Reply-To: <199509260404.AAA14297@clark.net>
Message-ID: <9509261444.AA10518@vampire.science.gmu.edu>
MIME-Version: 1.0
Content-Type: text/plain




It should be possible to FOIA the evaluation that
led to the C2 status on this. That would be one good
avenue to start looking at it.

At the end of the process there should be a document
that shows how the OS meets each of the C2 requirments
and what aspects of the software were considered as
well.

Things like the state the OS was running under at the
time, (network vs. non-network etc.) are important
considerations in evaluations.

And I would not be too surprised at all if the "C2"
designation was relativly bogus. This sort of thing
can get much like the anti-crypto crowds arguments.
Highly political with little basis in rationality.

Since I've seen stuff like a ported version of Unix's
"ps" utility, and know NT runs a microkernel, I can think
of a hell of allot of ways it'd be possible to fail
it right out of the box... Considering that it has the
cpacity to do all sorts of network stuff, including FTP
& the like, I wonder how the hell they passed any audit
requirements. Probably a "Well it runs in a single user model,
we don't need to have strong audit requirments".

My point basicly being that I would consider the C2 designation
for this to be broken coming out of the box unless I saw
proof that it was otherwise. To operate it in a C2 required
environment without consideration of how & under what
conditions the rating was achived would be criminaly
irresponsible.


Tim Scanlon




________________________________________________________________
tfs@vampire.science.gmu.edu (NeXTmail, MIME)  Tim Scanlon
George Mason University     (PGP key avail.)  Public Affairs
I speak for myself, but often claim demonic possession





Thread