Oldest Vulnerability Contest - Winner
Posted by jericho
On December 20, 2005, I posted a contest looking for the oldest documented vulnerability. This generated a lot of interest and was posted to the FunSec Mail List which generated even more interest and information. It also lead to me spending more time digging through my own notes and archives, something I had been meaning to do for ages. Even after all this time, the list of old papers and resources I have to track down is daunting. Since it is an ongoing project, I am overdue in posting about the winner of this contest. Not only did he eventually lead me to the documentation referencing what we call ”Multics System Text Editor Multiple Instance CTSS Password File Disclosure” (Jan 1, 1965), but during ongoing e-mail discussion we were able to uncover several more in 1972. For that, Ryan Russell is the winner of this contest. We’ll be sending him some OSVDB schwag in return for his time and research.
Stay tuned for the next contest!
Nice, thanks!
Might be fun to add a new field to vulnerabilities:
“Developers have been creating this class of vulnerability for 41 years”. :)
Ryan Russel, A Sample Please
Over at the Open Source Vulnerability Database blog, we learn that Ryan Russel has won the “Oldest Vulnerability Contest.” It is in the interests of science that I ask how Mr. Russel was able to come from behind like this….
He didn’t actually come from behind. I still have several dozen mails from various people, including Ryan, with pointers to old security papers and the like. I still have outstanding mail requesting other papers and references. The oldest vuln is our 1965 vuln which was dug up after a few dozens emails back and forth shortly after the contest was posted. That mail thread in my eyes was giving credit to the person who pointed me in the direction of the information.
Running into Ryan at Defcon prompted Jake to remind me to officially declare a winner instead of letting the contest go stagnant (even though it already had). Since I have so much more to read, I was waiting until I found time to do so.. but that won’t happen anytime soon due to other obligations. Thus, Ryan was appointed the winner for his contributions. I’ll be glad to declare you a co-winner though, as you sent in a lot of great info as well!