IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [historical]

For questions about the history of the IT security domain. For user's history managed by software such as browsers, use the [logging] tag instead.

For questions about the history of the IT security domain. For user's history managed by software such as browsers, use the tag instead.

39 questions
80
votes
5 answers

What was so dangerous about PGP that its creator was charged in court for it?

I was reading up on the history of the PGP encryption software when I realised its creator was under criminal charges for munitions export without a license for releasing the source code of PGP. What was so dangerous about PGP at that point in time…
Computernerd
  • 2,391
  • 9
  • 23
  • 30
64
votes
2 answers

Why has the NSA had a hand in deciding on encryption standards?

The NSA has had a large hand in the design of at least two significant encryption standards: the Digital Encryption Standard, and its successor, the Advanced Encryption Standard. Because of their involvement, there is much speculation of backdoors.…
IQAndreas
  • 6,557
  • 8
  • 32
  • 51
36
votes
1 answer

Was Goggle.com actually crazy malware in 2006?

This video shows how somebody accidentally opens Goggle.com instead of Google.com. He gets flooded with pop-ups, SpySheriff or SpywareSTOP get installed automatically, and the computer user has no chance of closing the seemingly hundreds of pop-up…
neverMind9
  • 479
  • 1
  • 4
  • 7
15
votes
4 answers

What was SSL 1.0?

What was SSL 1.0? SSL 2.0 and 3.0 are well-known and well-documented. But what did the SSL 1.0 protocol look like? Wikipedia says there was a SSL 1.0 but doesn't say anything about how it worked. Why was SSL 1.0 superseded/replaced? Did it have…
D.W.
  • 98,420
  • 30
  • 267
  • 572
12
votes
1 answer

Password length limits in history of operating systems and popular web sites

I heard that many years ago for example passwords on linux systems were limited to 8 characters. Or rather, you could type in more than 8 characters, but only the first 8 characters mattered. Consider the most common operating systems Windows, Mac…
student
  • 1,433
  • 4
  • 15
  • 23
12
votes
2 answers

Who was in the first set of CAs

I am currently digging into the history of SSL/TLS. I found that netscape introduced SSL around 1994/1995. They obviously decided to go with a X.509 PKI to mitigate MitM attacks. I, however, could not find any information who was in the first set of…
Jay
  • 121
  • 3
8
votes
2 answers

When did development on various TLS versions begin?

What I'm looking for I'm looking for an approximation of the date that the development on each TLS or SSL version started (so the development start date). So I do not want to know the date when the first RFC was released, but when people started…
user23127
  • 203
  • 1
  • 5
8
votes
2 answers

Why is the BCrypt text "OrpheanBeholderScryDoubt"

I'm looking for a reference about the weird initial BCrypt text "OrpheanBeholderScryDoubt" Why was this string used? Would using 192 zeros or ones not have worked well in practice for some reason? Was that just four random dictionary words…
wim
  • 623
  • 1
  • 5
  • 18
7
votes
2 answers

NSA crypto Suite B - historical

I'm looking for information on what NSA suggested for use in commercial systems in past times. 90's and early 2000's. I'm mainly interested in PKI and symmetric cyphers for SSL and file/disk encryption.
Hubert Kario
  • 3,708
  • 3
  • 27
  • 34
7
votes
3 answers

Where did common "minimum password length" guidelines originate?

Not long ago, the common wisdom was that passwords should be at least 8 characters long. These days, the most common minimum is 12. Where did these common values originate? Interestingly, 8 is exactly the number of characters in "password" - did…
Iszi
  • 26,997
  • 18
  • 98
  • 163
6
votes
1 answer

When Shellshock was introduced, how bad was it **then**?

The shellshock bug, and the underlying feature allowing Function Import from the Environment (I'm calling it FIE), have been in bash since at least 1993, before the rise of CGI. At that time, the rest of the Unix/Linux/GNU environment was very…
Ben
  • 3,697
  • 1
  • 18
  • 24
6
votes
1 answer

Why was the Same-origin policy originally introduced (before XMLHttpRequest)?

As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain. I understand that this is important to prevent a page from grabbing private data and passing…
sleske
  • 1,622
  • 12
  • 22
5
votes
1 answer

What was state of the art knowledge on security of speculative evaluation when it was introduced to Intel CPUs?

Many sources claim that almost all Intel x86 CPUs back to Pentium Pro are vulnerable to the Meltdown attack. Pentium Pro was introduced to the market in 1995. What was the state of the art knowledge on security of speculative evaluation, the basis…
liori
  • 161
  • 4
4
votes
1 answer

Why don't browsers trust the US Treasury?

(inspired by How do you tell a website they have expired security certificates? ) Why don't major browsers trust the US Treasury PKI certificate authority by default? I know that the government isn't necessarily trustworthy, but surely they're at…
Please stop being evil
  • 183
  • 8
4
votes
1 answer

Notable XSS attacks in 2011

I am wondering what notable events in XSS attacks we saw in 2011. What big events hit the infosec community in regards of XSS? I am thinking of specific events like for example the Samy worm in 2007 or the HBGary SQL Injection attack in 2011.
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
1
2 3