Forty years ago, The Mentor—Loyd Blankenship—published “The Conscience of a Hacker” in Phrack. > You bet your ass we’re all alike… we’ve been spoon-fed baby food at school > when we hungered for steak… the bits of meat that you did let slip through > were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by > the apathetic. The few that had something to teach found us willing pupils, > but those few are like drops of water in the desert. > > This is our world now… the world of the electron and the switch, the beauty of > the baud. We make use of a service already existing without paying for what > could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us > criminals. We explore… and you call us criminals. We seek after knowledge… and > you call us criminals. We exist without skin color, without nationality, > without religious bias… and you call us criminals. You build atomic bombs, you > wage wars, you murder, cheat, and lie to us and try to make us believe it’s > for our own good, yet we’re the criminals...

The NSA and GCHQ have jointly published a history of World War II SIGINT: “Secret Messengers: Disseminating SIGINT in the Second World War.” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Security Officers).

It was created in 1973 by Peter Kirstein: > So from the beginning I put password protection on my gateway. This had been > done in such a way that even if UK users telephoned directly into the > communications computer provided by Darpa in UCL, they would require a > password. > > In fact this was the first password on Arpanet. It proved invaluable in > satisfying authorities on both sides of the Atlantic for the 15 years I ran > the service ­ during which no security breach occurred over my link. I also > put in place a system of governance that any UK users had to be approved by a > committee which I chaired but which also had UK government and British Post > Office representation...

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

Stuart Schechter makes some good points on the history of bad password policies: > Morris and Thompson’s work brought much-needed data to highlight a problem > that lots of people suspected was bad, but that had not been studied > scientifically. Their work was a big step forward, if not for two mistakes > that would impede future progress in improving passwords for decades. > > First, was Morris and Thompson’s confidence that their solution, a password > policy, would fix the underlying problem of weak passwords. They incorrectly > assumed that if they prevented the specific categories of weakness that they > had noted, that the result would be something strong. After implementing a > requirement that password have multiple characters sets or more total > characters, they wrote:...