[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Internet Flaws

[stuff deleted]

>People seem to miss that the NFS hack was only an _example_ of a powerful
>way to silently destroy the integrity of an executable. Spoofing the
>insecure FTP session they used to retrieve it works. Sending them a random
>trojan horse works. The point was not that NFS is insecure. It was that
>unless you can authenticate your executables as being trustworthy NOTHING

No I don't think the community missed the point.  While both NFS and FTP are
equally weak in the way you point out, I think you should have used FTP as
your main example because if we presume that the file server where the
binary lives is reasonably trustworthy (like the guys at Netscape haven't
inserted a trojan horse into their own binary and placed it up for FTP) then
the way the file will propogate throughout the net is FTP and not NFS.

Nonwithstanding, the NY Times writer took an otherwise reasonable point and
blew it up into a "War of the Worlds" style article.  I'd make sure he
writes a decent article before quoting me in it.

David  (wondering whose stock fell because of this page one-er)
David A. Berger
Software Engineer/Internet Product Development
Enterprise Integration Technologies|800 El Camino Real|Menlo Park, CA 94025
[email protected]   http://www.eit.com/~dvberger/ (415) 617-8792