[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Flaw in Netscape rejoinder (was Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards)
Jeff Weinstein wrote:
> I think that you may have to rethink some of your assumptions that
> were valid back when you designed the system, but are no longer given
> the current growth and changing demographics of the internet.
This is all getting unnecessarily complicated. As I pointed out
in another post ("FV's blatant double standards") NO SYSTEM FOR
SECURITY IS SAFE when one allows for recipient compromise, i.e.
privileged access to a recipient's system by a malicious program.
> I'd really like to see some effort spent on closing some of the more
> gaping holes in the underlying systems. Why should it be so easy
> for one program to snoop on the keystrokes directed to another?
Easy or difficult is not the point. In DOS it's possible for any program,
in Unix only for those with root access. Security fails when it is
not possible to make a distinctionbetween a program that _should_
have access and one that _shouldn't_. Anyone who's tried to teach
novice DOS users what to do when one of those anti-virus TSR tools
complains that something is doing something it shouldn't will know
how hard it is for _users_ to guard themselves.
> Why should it be so easy for a program downloaded from the net
> to patch a part of the operating system?
I would think that most viruses are transmitted by floppy
disk, even now, or by programs _intentionally_ downloaded
and _intended_ to patch the OS (such as a screen blanker).
The possibility of mass net-based creepy-crawlies has been
remote due to the uniquely multi-platform nature if Internet
protocols; they're Unix-based, but end-users have PCs. Only
metaplatforms such as Java, perlCCI, Telescript could change
this.
Rishab
----------------------------------------------------------------------
The Indian Techonomist - newsletter on India's information industry
http://dxm.org/techonomist/ [email protected]
Editor and publisher: Rishab Aiyer Ghosh [email protected]
Vox +91 11 6853410; 3760335; H 34 C Saket, New Delhi 110017, INDIA