Security, 1994-2004: Then And Now

Security, 1994-2004: Then And Now
Daniel Hanson, 2004-10-20

Comparing the state of security in 1994 versus 2004, has anything really changed over the course of ten long years?

Security, 1994-2004: Then And Now 2004-10-20
tbird@precision-guesswork.com (1 replies)

Hi Dan --

Although I agree with the essence of your comments, they're exactly the opposite of what I've just found by looking at CERT advisories and the SANS Top Twenty :-)

In 1989, a CERT advisory on recent compromises concluded that bad passwords, insecure services and unpatched applications...

[ more ] [ reply ]

And what those all have in common... 2004-10-25
Roger

Bad passwords: there have been solutions to the "bad password" problem since at least the early '80s. But hardly anyone uses them because they're a bit inconvenient and there's no drive to implement.

Unpatched apps: admins just don't get enough time and priority for managing security, too many "b...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-21
elmurado

Ten years ago, very few of the users where I worked had email.
Now everyone has email and most users here have net access. The sheer number of threat avenues has increased, in my mind.
Also,back then I used to work in a company which had two computers which did a few accounting roles.
Now, we hav...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-21
CR

You are looking into the wrong community. BugTraq has never, and never will be the place to look for security trends on the inside...just the user-experience parts of it.

Talk to the guys @ phrack! instead...they might point you to the right sources of information.

But you do have some good p...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-21
Saphire

Nice article. I agree with you in most of your affirmations. I guess this is because I am an 'old school' guy. Most people never think about those days. I think (and dislike) that the industry is only focusing on doing prettyer things, instead of doing sth. useful. SysAdmins are everywhere, but admi...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-24
David Prinzing

Consider the rapid growth of the computer industry in the last 10 years. Consider that most companies back then didn't even use computers and computers were only for the large corporations. Can we say that there has been a change? Absolutely. Not only has our quanity of computers and computer us...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-25
Tisca774

Being a computer owner and enthusiast since 1989 (And now working as a systems administrator at a large university while studying), the major change I noticed in problems and attitudes towards viruses is the introduction of the internet.

Most of the users are still uneasy about using other people...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-25
Anonymous#1

Thanks for the trip down memory lane!

I've been in networks administration starting 10 years ago, and my view is a bit different from that of most of yours, since it leans more towards saving the network from its users and keeping 'my' systems patched.
With that in mind, I would say that the mai...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-25
Mene Tekel

The main difference I see is that security no longer is a state of mind, as it was back then. These days, security is an off-the-shelf product that you slap on to your system, or downloadable vendor patches. It's not even up to the sysadmins to decide on security changes -- it's done the corporate...

[ more ] [ reply ]

Security, 1994-2004: Then And Now 2004-10-27
Anonymous

A funny side note...

It was mentioned in the article that in 1994 the majority of the discussions on Bugtraq were UNIX-based, specifically SunOS/Solaris. Aside from the obvious market dominance, there was a little more behind the prevelance of Sun stuff.

When the mailing list started in 199...

[ more ] [ reply ]