On December 20, 2005, I posted a contest looking for the oldest documented vulnerability. This generated a lot of interest and was posted to the FunSec Mail List which generated even more interest and information. It also lead to me spending more time digging through my own notes and archives, something I had been meaning to do for ages. Even after all this time, the list of old papers and resources I have to track down is daunting. Since it is an ongoing project, I am overdue in posting about the winner of this contest. Not only did he eventually lead me to the documentation referencing what we call “Multics System Text Editor Multiple Instance CTSS Password File Disclosure” (Jan 1, 1965), but during ongoing e-mail discussion we were able to uncover several more in 1972. For that, Ryan Russell is the winner of this contest. We’ll be sending him some OSVDB schwag in return for his time and research.
Stay tuned for the next contest!