The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

Recent CHANGES to the site (Updated: 2003/06/03):

2003-02-01: Further material obtained for the Zardoz 'Security Digest'.
2003-02-01: Obtained and archived the Phage List.
2003-02-01: Obtained and archived the TCP-IP mailing list.
2002-12-12: Completed work for Unix Security Mailing List, and infrastructure re-organisation.
2002-11-01: Added site notices and changes, changed to stylesheets.


This site is dedicated to preserving the history of early computer security digests and mailing lists, specifically those prior to the mid 1990's. This includes the Unix 'Security Mailing List', through to the Zardoz 'Security Digest' to the Core 'Security List', i.e. those preceeding BugTraq. These forums are a valuable insight into the embryonic development of the field of computer security, especially as it relates to the Internet, and the development of the Doctrine of Disclosure.

In time, the plan is to build a comprehensive history. At the moment, there's part of the archives to start with, and a need to fill in the gaps - so if you can contribute, please do. The archive will also store all manner of supporting material (retrospectives, anecdotes, etc), some of which will be generated by the curator and other interested parties.

People like to visit the British Museum, so why not the Security Digest Museum ? It's an important part of our online cultural history. Maybe one day, these resources will be captured in our digital World Heritage and a part of the history of technology.


The curator is a technical professional, and he's interested in documenting the history of computer security, for no other reason than "it was there". You can reach him at [email protected].


The archive has the following objectives:

Acquire and preserve -- significant computer security mailing lists, newsgroups, forums and discussion artifacts prior to the mid/late 1990's (focus on USENET/ARPANET period).
Enhance and extend -- by capturing, and creating, ancillary material relating to these artifacts, such as interviews, retrospectives, commentary and so forth.
Inquire and investigate -- various underlying issues in the development of computer security during this phase, such as the doctrine of disclosure, incident coordination, evolutionary expansion, etc.
Provide and present -- mechanisms for searching, downloading and inspection of such materials to aid analysis and research by interested parties.

The archive can be browsed:

TCP-IP List [in progress]
8 October 1981 - present (Mike Muuss, Henry W. Miller)
Mailing list created for the transition of the ARPANET from NCP to TCP/IP, turned into a general discussion forum for development and deployment issues relating to TCP/IP, and illustrates a growing interest in communications security in the technical community. Initially began in an ad-hoc form as the "TCP-IP Digest" at BRL in 1981, and then formalised into the "TCP-IP Distribution List" at SRI-NIC in 1982 - both gatewayed to USENET newsgroups fa.tcp-ip and mod.protocols.tcp-ip, which became the NETNEWS groups comp.protocols.tcp-ip during 1986/87.
Unix 'Security Mailing List' [completed]
18 December 1984 - 13 May 1989 (Lyle McElhaney)
The UUCP/ARPANET semi-open discussion list resulting from discussions on USENET about the need for restricted forum dealing with security issues, particularly for administrators. Started by Lyle McElhaney in 1984, and later run by Andrew Burt, it is the earliest known forum to specifically concern itself with security and disclosure of vulnerabilities, but was sporadic and failed to gain momentum before its demise in 1989.
Rutgers 'Security List' [in progress]
17 July 1985 - 10 April 1992 (Al Walker [aka. hobbit])
Mailing list established by Al Walker in 1985, and gatewayed to NETNEWS group, to discuss general topics of security, not specifically related to computer security. The list ceased and the group had been removed prior to 1995.
Phage List [completed]
3 November 1988 - 24 May 1989 (Gene Spafford)
Mailing list established by Gene Spafford during the 1988 Robert T. Morris Worm incident. Lasting for 6 months, it acted as a focal point of communication about the nature of the worm, its impact and its after-effects.
Zardoz 'Security Digest' [in progress]
23 January 1989 - 21 November 1991 (Neil Gorsuch)
ARPANET/Internet semi-open discussion mailing list that was an outcome of the failure of the Unix 'Security Mailing List', and has legendary status in the underground community.
Core 'Security Mailing List' [in progress]
23 June 1990 - 12 November 1991 (Neil Gorsuch)
The ARPANET/Internet semi-open discussion list that was a sister to the Zardoz 'Security Digest' and addressed a more restricted "core" audience.
RISKS List [pending]
1 August 1985 - present (n/a)
The well known RISKS List, a long standing forum for discussion of risks in information technology
VIRUS List [pending]
1 April 1988 - present (n/a)
The well known VIRUS List, a long standing place for information about viruses

The archive can be searched:

The confidentiality of all contributers will be respected. Best efforts will be made to make contributions available for viewing within 28 days, with cleaner integration following. Please send submissions to the Curator.

This site has benefited from the assistance of the following people (in no particular order): Julian Assange, Nate Lawson, Perlfect, Rick Weldon, Lyle McElhaney, Gene Spafford.

Please contact with feedback to help this archive go forward. I'd like to hear of suggestions for improvement, compatibility issues, references to new material and anything else of relevance.