[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hackers invade DOJ web site
> Since we don't know how the intruders broke in, we can only speculate. I
> can think of several scenarios where cryptographic techniques could help.
> I can also think of several where they wouldn't. When you've only got 20
> seconds to explain to a non-technical audience, I don't think it's dishonest
> to say that it might have prevented it.
All webservers (except maybe Spinner?) are riddled with buffer overrun
bugs and other similar security holes. If you run a webserver, you
should basically assume that anyone who really wants a shell on your
machine can get one. Grab your favorite webserver and grep for
sprintf.
Crypto? Get real. The lock on the door matters little when you've
left the window wide open.