Zardoz (computer security)

In computer security, the Zardoz list, more formally known as the Security-Digest list, was a famous semi-private full disclosure mailing list run by Neil Gorsuch from 1989 through 1991. It identified weaknesses in systems and gave directions on where to find them. Zardoz is most notable for its status as a perennial target for computer hackers, who sought archives of the list for information on undisclosed software vulnerabilities.[1]

Membership restrictions

edit

Access to Zardoz was approved on a case-by-case basis by Gorsuch, principally by reference to the user account used to send subscription requests; requests were approved for root users, valid UUCP owners, or system administrators listed at the NIC.[2]

The openness of the list to users other than Unix system administrators was a regular topic of conversation, with participants expressing concern that vulnerabilities or exploitation details disclosed on the list were liable to spread to hackers. On the other hand, the circulation of Zardoz postings among computer hackers was an open secret, mocked openly in a famous Phrack parody of an IRC channel populated by notable security experts.[3]

Notable participants

edit

The majority of Zardoz participants were Unix systems administrators and C software developers. Neil Gorsuch and Gene Spafford were the most prolific contributors to the list.

References

edit
  1. ^ Suelette Dreyfus and Julian Assange (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.
  2. ^ "Zardoz security mailing list status".
  3. ^ AOH :: Phrack, Inc. Issue #43 :: P43-04.TXT
edit