January/February 2018 issue of acmqueue

The January/February issue of acmqueue is out now


  Download PDF version of this article PDF

ITEM not available


Originally published in Queue vol. 12, no. 3
see this item in the ACM Digital Library



Arvind Narayanan, Jeremy Clark - Bitcoin's Academic Pedigree
The concept of cryptocurrencies is built from forgotten ideas in research literature.

Geetanjali Sampemane - Internal Access Controls
Trust, but Verify

Thomas Wadlow - Who Must You Trust?
You must have some trust if you want to get anything done.

Mike Bland - Finding More Than One Worm in the Apple
If you see something, say something.


(newest first)

Richard Sawey | Wed, 21 May 2014 16:16:26 UTC

Greg, The article is entitled, in part, 'The NSA and Snowden', so 'leaving all the NSA and Snowden references out' wouldn't make a lot sense, would it? Speaking of flaws in assumptions, where does your assumptions that the NSA have 'the most complex IT environment in the world' come from?

And the article is clearly based on media reports about someone who WAS there - Mr. Snowden.

And good security practice is based, in part, on 'Monday morning quarter-backing', that's how you learn, and get to fix your 'in game' mistakes.

Have you actually read the article or did you just tee off based on the title and first paragraph?

Greg | Wed, 21 May 2014 06:15:27 UTC

This is the most naive pile of drivel I've read in my life. It has numerous flaws in both assumptions and facts.

While the described security techniques are valid, the paper should have been written as practical techniques for improving computer security, leaving all the NSA and Snowden references out. Unfortunately it descended into Monday morning quarter-backing about the most complex IT environment in the world based on a handful of media reports by someone that wasn't there.

David Collier-Brown | Thu, 01 May 2014 01:48:26 UTC

As late as ten years ago, parts of the U.S. government were using moderately secure systems like Trusted Solaris, but it was getting less common. Part of it was probably the tendency of Orange-Book systems to have everything drift upwards to the highest level, but that doesn't explain why all the other good ideas were discarded along with the only-fairly-good ones. I fear it was a combination of arrogance and cheapness. If you can get a "common criteria" certification for a frighteningly bad commercial system, why spend the extra money for something competently done??

Bob | Tue, 29 Apr 2014 10:21:57 UTC

"The British equivalent to top secret is most secret"

No, it isn't.

Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.