From: Anonymous <nobody@replay.com>
To: cypherpunks@toad.com
Message Hash: 9b35ef4e4bd6375e10d63de91b73665358eb8a2ee57b7ec868d92f671a90a949
Message ID: <199811150307.EAA08300@replay.com>
Reply To: N/A
UTC Datetime: 1998-11-15 03:31:08 UTC
Raw Date: Sun, 15 Nov 1998 11:31:08 +0800
From: Anonymous <nobody@replay.com>
Date: Sun, 15 Nov 1998 11:31:08 +0800
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199811150307.EAA08300@replay.com>
MIME-Version: 1.0
Content-Type: text/plain
At 09:35 PM 11/14/98 -0500, John Young <jya@pipeline.com> wrote:
>
>An NSA team presented at NISSC98 in October
>"The Inevitability of Failure: The Flawed Assumption
>of Security in Modern Computing Environments:"
...
>Not that NSA would ever exploit OS weaknesses not warned
>about.
>
Part of the context for this: NSA is trying to encourage their new
testing program for security products. My feeling is that program, in
turn, is intended to preserve the spaces for all the employees
involved in the failed TCSEC/Rainbow testing program. I say "failed"
because it hasn't caught on in the private sector, it's expensive and,
of course, the laughable "C2 in '92."
If you can't trust your OS, Dum-dum-Dah! NSA to the rescue with
testing!
The new Common Criteria is to replace TCSEC/Rainbow next year, but if
it walks like a duck....
Return to November 1998
Return to ““Paul H. Merrill” <PaulMerrill@acm.org>”