[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Internet Flaws



> 
> Patrick Horgan wrote:
> > 
> > > From: "K. M. Ellis" <[email protected]>
> > >
> > I'd love to see something in there about most commercial sites being behind
> > firewalls without nfs access across the firewall.  This greatly reduces the
> 
>   It might also be worth noting that people accessing the net
> via an ISP from home do not typically use NFS either.
> 

They don't often have the skill/knowledge/concern to verify a PGP checksum
to ensure someone didn't patch their browser, either.

People seem to miss that the NFS hack was only an _example_ of a powerful
way to silently destroy the integrity of an executable. Spoofing the
insecure FTP session they used to retrieve it works. Sending them a random
trojan horse works. The point was not that NFS is insecure. It was that
unless you can authenticate your executables as being trustworthy NOTHING
ELSE MATTERS.

SSL, good RNGs for session key selection, etc, are all null
and void if you run (any) untrusted software that patches
your Netscape executable, for example, or if you got a bum copy to
start with.

Paul