Cuckoo’s Egg

cuckoo.jpgI re-read The Cuckoo’s Egg by Clifford Stoll this week. I last read it about 10 years ago as I was just starting my career.
Reading it now, it kind of funny to see that the debates haven’t changed. If you are new to this field, you might think that Dan Greer invented the concept of Operating System diversity. As I read the book, I found that Cliff mentioned this twice. Of course then the diversity was Unix, Berkeley Unix, and the VAX.
Passwords were another point of contention that hasn’t changed. Cliff was complaining that admins made their passwords requirements too stringent (such as system selected) and as a result the users wrote them down. Of course, Cliff later found that when users select the passwords, they are often dictionary words and that was easily brute forced.
In the book, Bill Chandler of Mitre is quoted as saying, “simply impossible. We’re running a secure shop. No one can break in” when told that a hacker had abused their systems to attack others. Lets not similarly stick our head in the sand when it comes to security issues.