[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CERT statement
Marc Horowitz says:
> You're exactly right. However, getting people to deploy real security
> systems is nearly impossible. My company sells a kerberos system, and
> although everyone is saying they want security, nobody really
> understands what this means, and as soon as we tell them that it
> actually involves effort, they become far less interested.
Kerberos per se isn't sufficient to defend against session hijacking
attacks, you know. The situation in question is really insidious and
requires packet-by-packet cryptographic authentication.
Perry