The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

Unix 'Security Mailing List'

Overview:

Name: Unix 'Security Mailing List'
Paternity: Lyle McElhaney
Propriety: Lyle McElhaney (18 December 1984 - 11 March 1987);
Andrew Burt (11 March 1987 - 13 May 1989)
Spatiality: Denelcor, and ConTel (Delver, Colorado USA); ARPANET; UUCP
Temporality: 18 December 1984 - 13 May 1989
Constituency: Approximately 138 (max) posters, 452 (max) readers, 42 archives, containing 254 items of mail, 18506 lines of text, for 679k size
Notable participants: Robert T. Morris; Len Rose; Gene Spafford; John Gilmore; Matt Bishop; Theodore Ts'o
Notable occurrences: Robert T. Morris was the first poster to the list in the 2nd issue, and correspondingly a reader;
Neil Gorsuch was a reader, and the Zardoz 'Security Digest' was a splinter from the list;
The 1988 discussion on USENET about revitalising the list, and about open/closed lists, was in progress when the RTM Worm was released;
The proposals for alt.security/comp.security.misc was partially a result of discussion about revitalising the list;
During CERT's birth, it posted an early draft of its 'how to secure your system' for review to the list
Artifacts: Archives (complete); USENET postings (complete); Founder correspondence (incomplete); Participant perspectives (incomplete)

Summary:

Lyle McElhaney began the Unix 'Security Mailing List' in late 1984 after discussions on Usenet. The first (1) issue was dated 18th December 1984, and issues continued until Andrew Burt took over ownership with the twenty-fifth (25) issue on 11th March 1987. Andrew continued ownership until the forty-second (42) issue on 13th May 1989. The list initially operated out of an ARPANET UUCP node at 'denelcor' (a super-computer manufacturer in Aurora, Colorado, USA), but later moved to 'cisden'. The nature of the list can be described as sporadic and haphazard, but largely revolved around early 4.2 and 4.3 BSD UNIX issues of privilege violations, file permissions, scripts, passwords, uu programs, and early networking. Many of the participants are well known in the computer security community, including Robert T. Morris, Len Rose, Gene Spafford, John Gilmore, Theodore Ts'o and Matt Bishop. Neil Gorsuch was also a reader, and the Zardoz 'Security Digest' can be seen as being a splinter from the list. The USENET groups of alt.security and comp.security.misc grew out of discussions about the list and the doctrine of disclosure. An approximate count shows the list having about 452 readers, and 138 posters, for a total of 254 messages in 42 digests, comprising 18506 lines and 679 kilobytes.

Description:

Beginning

In 1983, net.unix-wizards was, amongst other newsgroups, a key discussion forum for the UNIX community that congregated around USENET. Although the idea of a security mailing list had been discussed before [USENET-1983-06-19], it was a posting by Lyle McElhaney on the 7th December 1984 [USENET-1984-12-07] that ultimately resulted in the creation of the Unix 'Security Mailing List'.

Lyle's post outlines the nature of the proposed list: it was to provide a semi-public forum between those with administrative responsibility. There was some understanding about the relative insecurity of the mailing list itself, and a subsequent post by Lyle [USENET-1984-12-08] discussed the possible use of crypt(1) as a means of protection, but with export control issues. One respondent pointed out the 'more severe' problem about not knowing whether those on the list were 'good guys or bad', while the other seven respondents went off onto a tangent about the use of crypt(3) and passwords.

There was no other public discussion until a post by Lyle on the 22nd December 1984 [USENET-1984-12-22] announcing the creation of the list, with 65 initial members. It was decided not to encrypt the list, and Lyle was canvassing the opinion of UUCP sites through which the list would be distributed - asking if those sa's (system administrators) had any concerns about such a list passing through them, with the potential for the list to leak to other users.

The list also had an address: '...denelcor!sec-request'.

Less publicly, there had been a first mailing of the list on the 18th December 1984 [ARCHIVE-001]. This first mailing discussed the outstanding questions of validation and distribution. Lyle resolves this through the opinion of others, representing both sides of the open and closed spectrum. He proposes that 'anyone can receive the list, but they must be recommended by a major node's root user'. The distribution issue is resolved with the suggestion to 'lean toward the lazy side: let the "security" inherent in mail itself protect the data'.

Lyle recalls the time today: 'There was a lot of e-mail going around about breakins (generally students in academic settings, but a few other as well), and some controversy about who should be alerted about it - admins or everyone. Like now, lots of machines (in academia and in businesses) on the net were vanilla "right out of the box" setups, and no one patched them except under extreme duress. I couldn't find out what I needed to know, so I decided to start the list and worry the distribution problem as we went along.'

As for Lyle himself, his background was in software. He'd worked with Martin-Marietta (now Martin-Lockheed) before coming to Denelcor, a then Colorado based manufacturer of super-computers. At Denelcor, just running USENET and external e-mail was 'extra-curricular', let alone a security mailing list. Although he didn't try to hide it, he doubts that anyone else at Denelcor knew about the list. The need for security at Denelcor was limited to patching UNIX machines, and 'trying to keep ahead of the kids in the summer'.

At the time, computer security was in its infancy. As Lyle says, 'viruses were unknown, and worms were just a science-fiction item', although 'there was some concern about what [...] the remote variety of commands could do, but you still had to be on the local net to use them, and that meant inside our building'. Denelcor's HEP machines were UNIX based, and 'designed to be use [sic] in the national labs and NSA': places where 'security was physical', and 'the full implications of networking weren't understood'. Although Lyle was interested in resolving security issues as part of his administrative role, there didn't seem to be any specific concern for security in the production systems.

For Lyle, security wasn't a burning passion: not something to focus on as a career, or particular hobby or interest: he says, '"Security" was not a CS discipline that you could be an "expert" in': 'there was no theoretical basis for security back then; only a few concrete tactical things could be done'. His act of goodwill at the time was to do something about a problem in the community that affected him. Lyle says that the list gave him, as the lead systems administrator, 'some of the clues [he] needed to patch up [Denelcor] systems', and 'that was what [he] needed [the list] for in the first place'.

Apart from the list, his involvement in security work was about average for someone with long service in the field of technology: the occasional project every now and then. His views have moderated with time, and while, in his own words, he 'apparently thought at the time that full disclosure was the way to go', he is 'not sure that [he] would say the same thing now'.

On the 5th January 1985, Lyle made an 'official' announcement to USENET [USENET-1985-01-05] with a leader: 'State of the list: Security mail list about to start'. He described the intervening discussion about the security of the list itself, and the protocol for parties that wanted to join. Again, he stressed the need for any concerned 'sa's to speak up if they have issues with the sensitive material on the list passing through their UUCP hosts. Lyle's was applying the appropriate level of diligence.

Operating

The list's first 'real edition' went out on the wires on the 6th January 1985 [ARCHIVE-002], with '42 people on the list right now', and about 65 yet to be approved. Famously, the first posting to the list is from Robert T. Morris (then at Harvard) with a short request for 'software which maintains lists of permissable modes (or paradigms for determining reasonable ones) and perhaps checksums for files and periodically traverses the file hierarchy looking for changes'. The list was off to an auspicious start, even if the none of the participants were aware.

The third edition went out within a fortnight on 18th January 1985 [ARCHIVE-003], with a reply to Robert T. Morris's question from Matt Bishop, describing a system that Purdue University had in place for periodically verifying correct permissions on files. Two other posts in this edition included details of exploits. Although early traffic was good, the eighth edition on 6th March 1985 [ARCHIVE-008] asked whether the list was 'out of topics, or is [the editors] mail getting fouled up again?'.

According to a USENET post at the time [USENET-1985-03-07], this is quite possible: Georgia Tech had been having problems reaching the list for several weeks. Another poster reported similar connectivity problems [USENET-1985-03-08], including what looked like local site mis-configuration on denelcor. UUCP was not the most reliable delivery medium.

Regardless, conversation did recover and continue at a reasonable level with topics including 4.2 and 4.3 BSD UNIX bugs, patches and exploits; issues with uu*, sendmail, and ftp; and discussion about the nature of the list and disclosure of security issues. Most new editions also contained a list of new recipients, and membership was increasing at a respectable rate.

During this period, the list made its way into the 'Publicly accessible mailing lists', posted to USENET on 12th August 1985 [USENET-1985-08-12]. This described the list as having 'discussion and comment (and sometimes bug fixes) which touch on the security aspects of the UNIX operating system' and membership would be granted by discretion.

The first sign of change came with a posting to USENET by Lyle on 11th September 1985 [USENET-1985-09-11], indicating that the mailing list 'is alive and well, although it's host is not', and the list was being 'moved to another system'. One other respondent in the thread, a Michael C. Berch, asked whether this was 'the same list as exists on ARPA that is remailed via Rutgers?'. It wasn't, that was another list being run by The Hobbit.

Within a week, the 21st edition arrived on 16th September 1985 [ARCHIVE-021], comforting recipients with the message that 'the Security Mailing List is alive and well in spite of troubles at Denelcor and that the list has a new address', as '...!cisden!sec-request'. Lyle had moved to ConTel Information Systems. This edition was short: one article from over a month ago.

The list was again silent for some time. A poster to USENET on 17th December 1985 asked whether it was 'still in existance?' [USENET-1985-12-17]. There was no reply to this. Lyle responded to related thread on 1st January 1986 [USENET-1986-01-12] with the message that 'unfortunately I now have to work for a living, since I'm no longer an SA', and that since 'the last one that [he] was able to send from Denelcor before the plug got pulled', he had 'received only one article for the list', and he thought 'most everything concerning security had been said, although 4.3 hadn't yet arrived...'.

Months later, on 13th March 1986, Lyle was posting to USENET [USENET-1986-03-13] asking for help from 'sendmail fans', as he was 'supposed to be [...] running a mailing list for UNIX security matters', and 'trying to get the list back up, and [was] having trouble using sendmail'. Other details in the post revealed that there were some 260 recipients, and the problem was that copies were being exploding to all recipients on the local machine and delivered independently, rather than being forked by downstream nodes.

Despite this, the list remained silent until the 22nd edition arrived on 11th May 1986 [ARCHIVE-022], containing a profuse apology for the excruciating delay. Lyle indicated that he needed to re-verify the 'about 250 addresses, including several generic aliases', and work on a backlog of some '120 requests to join the mailing list'. Some articles had been lost in the gap, and the only available one was a notification of vulnerability in Sun Unix 3.0 FCS, by one 'John Gilmore'. USENET was, at the time, not a large community, and many well known individuals in the technology community are found participating back in the day.

Changing

The list returned to silence, until a post to USENET on 27th February 1987 [USENET-1987-02-27] announcing that Andrew Burt had 'taken over administration of the Unix Security Mailing List from Lyle McElhaney and [was] officially announcing its rebirth'. This was long post, outlining concerns about stagnation on the list, the membership rules (with a pro-forma membership form), the location of archives, and how to make submissions.

Soon, a repost of the 23rd edition went came out on 11th March 1987 [ARCHIVE-023], with the new administrator announcing that he didn't 'know what happened to Lyle's distribution near the end', and that he needed to re-send the 23rd and 24th editions, with the 'first NEW issue' being the 26th.

The 25th issue on 11th March 1987 [ARCHIVE-025] revealed all, starting with:

''This note is to inform you of the rebirth of the Unix Security Mailing List.''
''I am mailing this out to all the members currently on the list, of which about half are new members. The purpose of this note is for the other half: to let you know what's going on.''
''I, Andrew Burt, have taken over administration of the list from Lyle McElhaney. He was overworked at his last sight (cisden) and hadn't done anything with the list for about a year. He then left the company and couldn't take the list with him. I volunteered to take it because I think it's too important a list to let die like that.''

The announcement went on to discuss the rebirth of the list, and some of Andrew's background.

The 26th edition on 21 March 1987 [ARCHIVE-026] was acknowledged as the 'first "real" issue since [Andrew Burt had] taken over the list', and came with the entire membership list. Andrew said that he would use the 'next two issues' to post the source code of programs by Pat Wood, from the 'Unix System Security' book. He acknowledged concerns that people had about the 'security of the list itself', and described his approach to validation, and his belief that 'encrypting the list' isn't 'worth the slight edge it gives'. This edition contained ample new traffic, including a breakin report.

The 27th and 28th editions on 1st April 1987 [ARCHIVE-027] [ARCHIVE-028], carried the code for the security analysis program by Pat Wood: Andrew Burt was putting the pieces of the list back together again, and it seemed to be working.

The 29th edition [ARCHIVE-029] contained avid discussion on IFS, login scripts, uu problems, Ethernet problems, and an announcement of the forthcoming 'crypt-breaker's workbench'. The traffic here does show a slightly different character to that of a few years before: there are more networking related issues.

The 30th edition on 24th April 1987 [ARCHIVE-030], and the 31st edition on 9th May 1987 [ARCHIVE-031] demonstrated a revived interest in the list, even if there are duplicates in the editions. But mailing problems continued, and were reported in the 32nd edition on 2nd June 1987 [ARCHIVE-032], although the edition contained lively discussion and good code.

Around this time, Andrew Burt could be found discussing 'Passwords' and 'thefts' in a mailing to comp-risks on 19th May 1987 [USENET-1987-05-19]. Speaking in the position of 'administrator of the Unix security mailing list', he welcomed system administrators 'to join the USML'. He seemed to be taking an interest in the community, but otherwise the list was not mentioned on USENET for the remainder of 1987.

While the 33rd edition [ARCHIVE-033] worked, the 34th edition [ARCHIVE-034] demonstrated that mailing problems continued to plague the list. There are no dates on these editions, but the submissions range from late March to the 19th April 1987.

Reviving

A posting to USENET on 11th October 1988 [USENET-1988-10-11], well over a year since the last edition, asks 'when the security list will be "active" again', suggesting that if the 'list is going to be out of service for a while, perhaps it is time to start another list somewhere?'. Matt Crawford responded to this on 14th October 1988 [USENET-1988-10-14] suggesting that there are multiple tasks required in reviving the list, and that he'd be 'willing to volunteer' for some of these. Neil Gorsuch also replied to this thread on 22nd October 1988 [USENET-1988-10-22] indicating that he 'was willing to host the security mailing list'. Neil also provided eleven detailed points about how the new list would be run. Three days later, on 25th October 1988, another posting to this thread by Neil [USENET-1988-10-25] made it clear that a new was underway: 'In the first 3 days, 13 members have been added to the new security mailing list'.

Andrew Burt announced to USENET on 27th October 1988 [USENET-1988-10-27] that the list was subject to many operational problems, and he 'felt pangs of guilt about not getting the list back sooner'. The rest of the long posting described some changes to the operation of the list before it would be revived. He requested 'a few days to coordinate sites ...' before announcing 'new procedures for signing up'. Neil Gorsuch replied to the thread with details of the new list that had been created at 'zardoz'.

Interestingly, a posting to USENET on 30th October 1988 [USENET-1988-10-30] mentioned 'the discussion in news.sysadmin', but specifically concerned itself with 'the larger issue of whether closed mailing lists or open forums are more appropriate for discussion of security matters'. The author, Michael C. Berch, proposed the provisional creation of 'alt.security' and the need for discussion on the creation of an 'unmoderated and unrestricted' 'comp.security' : a number of respondents to this thread discussed the idea. Neil Gorsuch's later post to this thread on 18th November 1988 [USENET-1988-11-18] made it clear that the splinter 'zardoz' mailing list had '153 mailing destinations' with 'approximately 70 requests waiting'.

The timing of this discussion cannot be understated. On the 2nd November 1988, the Robert T. Morris Worm 'escaped' into the ARPANET, infecting many hosts, and in the course of doing so, escalating the path of computer security, and earning itself a place in history.

There had obviously been considerable debate over the resumption and nature of the security list, which would have been fanned by the Worm incident. Andrew Burt's posting to USENET on 6th November 1988 [USENET-1988-11-06] outlined several issues about revival of the list, including justification for having a 'closed' list. Andrew acknowledges the validity of '(alt|comp).unix.security' but proposes to continue running the list as closed, feeling that it serves a purpose. Rahul Dhesi's reply to this on 7th November 1988 [USENET-1988-11-07] sniped that 'ironically enough, even as this discussion continues, thousands of machines are bitten by a simple security hole in sendmail that could have been fixed *had it been widely publicized*'. In another thread on 14th November 1988 [USENET-1988-11-14], John Nagle 'suggest[ed] that the security mailing list be posted to a newsgroup, but with a 60-day delay'.

The 35th edition [ARCHIVE-035] finally arrived, with only an editorial: an apology for 'The Great Hiatus', and a summary of the operation of the list with an acknowledgement that Neil Gorsuch's list had started in the meantime. The intervening period had also seen the Robert T. Morris Worm, and the birth of the phage list. Andrew rebuts some criticism that the list was being restarted as a result of the Worm incident: the October 1988 postings to USENET easily confirm that the restart had begun before the Worm incident, but only by weeks. In fact, one could speculate that there is a causal chain from the USENET discussions to the Worm, rather than vice versa - but Robert T. Morris denies the connection.

It's with the 36th edition [ARCHIVE-036] that dates of 11th November 1988 are apparent on submissions. In it, Andrew Burt describes the idea of posting a 'complete' archive of the phage list, indicating that 'for those who don't know, the phage list is the emergency list Gene Spafford set up when the worm problem started'.

The 37th edition in December 1988 [ARCHIVE-037] contained much discussion, and a number of issues related to the Worm incident, including a copy of Bob Page's 'A REPORT ON THE INTERNET WORM'. While the archive itself is undated, all submissions in this edition have dates in the last half of November 1988.

The 38th edition in December 1988 [ARCHIVE-038] shows the hallmarks of an increasing maturity in discussion on computer security. The security of tftp is discussed, there's a submission by Gene Spafford to advertise his Internet Worm tech report, a copy of a DDN FTP security public was forwarded, Russell Brand announces that 'Arpa is in the process of extrablishing (sic) a computer security emergency reponse (sic) team', another sendmail bug was found, and the philosophy of a security list continues to the talked about. These are different in nature to those from the early days of the list.

On 3rd December 1988, a posting to USENET by The Hobbit [USENET-1988-12-03] announces that 'The Security List is back', outlining the reasons for the long vacation, and the intervening 'RTM virus uproar', but making it clear that 'this is *not* the "unix security mailing list"', which 'is a separate entity run by Andrew Burt' that 'deals exclusively with unix security problems', where 'membership is restricted in a number of ways'. The Hobbit acknowledges that the Worm incident was an impetus to restart his list.

It was on the 8th December 1988 that Andrew Burt announced to USENET [USENET-1988-12-08] the 'official procedures for joining the "secure" Unix security mailing list (the old one that has awoken again).'.

Ending

The 39th edition on 19th January 1989 [ARCHIVE-039] is followed a long time later by the 40th edition on 5th March 1989 [ARCHIVE-040]. While the submissions are good, the delay is just too long. One submitter complains that he had 'tried sending [an article] to the list two weeks ago, but [had] yet to see it appear for general distribution'. The complaint is dated 8th December 1988, but doesn't appear until this 5th March 1989 edition. Interestingly, a 9th December 1988 submission contains an early draft of CERT 'Stock message' designed to 'help secure your systems'. CERT's formalisation was largely in response to the Worm incident, and it was in the process of putting basic resources into place: CERT was consulting its community.

The 41st edition arrives on 12th April 1989 [ARCHIVE-041], followed another month later by the 42nd edition on 13 May 1989 [ARCHIVE-042]. This is the final edition: Andrew Burt sighs about the lack of time he can provide, asking for any volunteers to take over, and indicating that it 'will be the last issue ... sent out'. A number of submissions are from Neil Gorsuch at zardoz.uucp, or seem to have been routed via. zardoz - indicating that they have been copied to both lists. Perhaps the zardoz list has stolen some thunder.

The last submissions in the 42nd edition are dated 6th January 1989 and befit closing remarks, as Rahul Dhesi states:

'I am slightly concerned about the contents of this mailing list.'
'I had originally supposed that the purpose of this mailing list was the posting of security-related messages that were not appropriate for posting in an open newsgroup.'
'I was added to the list a few weeks ago, I find that almost nothing that I have received from this list so far (since I was added to the list a few weeks ago) has deserved to be restricted to a private mailing list.'
'I highly recommend that all people sending a message to this list ask themselves if the message really should be restricted to this list. If not, it should probably be posted to an appropriate Usenet newsgroup and not sent to this list.'

to which Matthew Crawford responds with:

'I agree with Rahul entirely.'

That was the last post.

Earlier and elsewhere, in a posting to USENET on 31st March 1989 [USENET-1989-03-31], Dan Troxel asks 'what is going on with the isis!security list? I have sent several times for an application, and not a whimper. I have talked to a couple of netters who are on the list, and they haven't received anything for quite some time.'. A response by Andrew Burt on 13th April 1989 [USENET-1989-04-13] suggests that 'the list is alive', although he'd 'been busy', and 'there aren't that many' requests to join pending. Neil Gorsuch replied on the same day with news that 'the zardoz security list is alive and well, has over 350 members and welcomes new qualified members'. Two days later on 15th April 1989 a response [USENET-1989-04-15] to Andrew Burt's wonders whether the mailing list 'must be 4 light-months away from here' as 'the dates of the messages in this last issue' range between 17th December 1988 and 31st December 1988, and most of these were destined for zardoz anyway.

Len Rose's response to a USENET posting on 17th April 1989 [USENET-1989-04-17] has the Subject 'Re: isis!security (ha)' and a Summary 'No Virginia, Andrew Burt doesn't care.', containing dialogue of a failed sendmail transaction to the list, with Len's comment 'Too bad this doesn't work either..'.

A final post was made by Andrew Burt to USENET on 13th May 1989 [USENET-1989-05-13] with a copy of the message sent out with the final edition of the list. This was followed by a response from Neil Gorsuch on 19th May 1989 [USENET-1989-05-19] again selling the 'well established unix security mailing list hosted on zardoz (cpd.com) that has been joined by over 400 sites in the last 6 months, and has sent out 21 digests so far this year'. Neil provided prescriptive detail about joining the list, and some insight into the work taken to maintain it.

The Unix 'Security Mailing List' had yielded to its successor.

Archives:

'Archive' (1984 - 1989, 42 items):
1984-12-18Unix 'Security Mailing List' #1
1985-01-06Unix 'Security Mailing List' #2
1985-01-18Unix 'Security Mailing List' #3
1985-01-27Unix 'Security Mailing List' #4
1985-03-11Unix 'Security Mailing List' #5
not known Unix 'Security Mailing List' #6
1985-03-06Unix 'Security Mailing List' #8
1985-03-11Unix 'Security Mailing List' #9
1985-03-17Unix 'Security Mailing List' #10
1985-03-25Unix 'Security Mailing List' #11
1985-04-13Unix 'Security Mailing List' #13
1985-04-24Unix 'Security Mailing List' #14
1985-05-05Unix 'Security Mailing List' #15
1985-05-17Unix 'Security Mailing List' #16
1985-06-12Unix 'Security Mailing List' #17
1985-07-26Unix 'Security Mailing List' #18
1985-08-01Unix 'Security Mailing List' #19
1985-08-03Unix 'Security Mailing List' #20
1985-09-16Unix 'Security Mailing List' #21
1986-05-11Unix 'Security Mailing List' #22
1987-03-11Unix 'Security Mailing List' #23
1987-03-11Unix 'Security Mailing List' #24
1987-03-11Unix 'Security Mailing List' #25
1987-03-21Unix 'Security Mailing List' #26
1987-04-01Unix 'Security Mailing List' #27
not known Unix 'Security Mailing List' #28
not known Unix 'Security Mailing List' #29
1987-04-24Unix 'Security Mailing List' #30
1987-05-09Unix 'Security Mailing List' #31
1987-06-02Unix 'Security Mailing List' #32
not known Unix 'Security Mailing List' #33
not known Unix 'Security Mailing List' #34
not known Unix 'Security Mailing List' #35
not known Unix 'Security Mailing List' #36
not known Unix 'Security Mailing List' #37
not known Unix 'Security Mailing List' #38
1989-01-19Unix 'Security Mailing List' #39
1989-03-05Unix 'Security Mailing List' #40
1989-04-12Unix 'Security Mailing List' #41
1989-05-13Unix 'Security Mailing List' #42

Resources:

'Usenet':
1983-06-19: Unix Security List
1984-12-07: unix security
1984-12-08: Unix encryption methods
1984-12-22: security issues mailing list
1985-01-05: security mail list
1985-03-07: Address for the Security Issues Mailing List
1985-03-08: Can't get mail to denelcor (Lyle McElhaney please read this)
1985-08-12: Publicly accessible mailing lists
1985-09-11: Re: Security mailing list
1985-12-17: UNIX security mailing list net address wanted
1986-01-12: Re: Security List?
1986-03-13: mailing lists with sendmail
1987-02-27: Unix Security Mailing List reborn
1987-03-25: Home Directory Checker - Security/Sanity Aid
1987-05-19: RISKS DIGEST 4.86
1988-10-11: Security Mailing List Still out there?
1988-10-14: Re: Security Mailing List Still out there?
1988-10-22: Re: Security Mailing List Still out there?
1988-10-25: Re: Security Mailing List Still out there?
1988-10-27: Security list awakes
1988-10-30: Proposal for comp.security/alt.security
1988-11-06: Unix security list - status & more
1988-11-07: Unix security list - status & more
1988-11-14: Re: Security mailing list
1988-11-18: Re: Proposal for comp.security/alt.security
1988-12-03: The Security List is back
1988-12-08: How to join the Secure Unix Security Mailing List
1989-03-31: isis!security
1989-04-13: Re: isis!security
1989-04-15: Re: Re: isis!security
1989-04-17: Re: isis!security (ha)
1989-05-13: News of the (secure) Unix security mailing list
1989-05-19: News of the (secure) Unix security mailing list
'Resources':
Lyle McElhaney: Homepage
<< Lyle McElhaney (ThistleKeep Engineering) >>

Homepage of one of the parents of the mailing list.
Andrew Burt: Homepage
<< Andrew Burt >>

Homepage of one of the parents of the mailing list.