> >"Official documents" are a source of urban legends second only to Ann
> >Landers and Paul Harvey.
>
>
> I guess I'm just gullible,

Oops, sorry.  Not what I meant *at all*.  I firmly believe that the entire
computer security community now accepts as fact the idea that the word
"welcome" in a sign-on message means "the door is open, come on in and make
yourself at home".

> but when about 20 people are brought to a
> theatre, a 1/4" thick document with an official seal is handed to each
> person as they enter the theatre, and a variety of military, civil service,
> and NIS people impart various security edicts, I tend to take them
> seriously.

I always take people with guns very seriously.  I just don't always believe
them.  They could be honestly wrong, or knowingly wrong, or carelessly wrong.

> The Navy project has moved twice since "the lecture" and any document over
> five years old is automatically sent to an archive (documents 2-5 years old
> often get archived when there is a move) so the original document is
> probably not on site, but perhaps the latest security manual references the
> 1/4" document we received (official documents have a serial number which can
> be used to track them).  I will make a point of checking the security manual
> tomorrow.  If it it contains the reference numbers for the preceding
> documents, I'll pass along those identifying numbers and anyone interested
> can look into obtaining them (freedom of information act), as I'm positive
> that the document we received was stamped UNCLASS.

Thanks for the offer!  I'd very much like to follow it up.  Remember, what
we're looking for is an actual lawsuit, not a security recommendation.  Even
if no such case has ever been tried, the "welcome message defence" might
still be valid.  I just want to know if it's been attempted yet.
---
Michael D. Hensley             |
Software Development Manager   | mailto:[log in to unmask]
Lund Performance Solutions     | http://www.lund.com