[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL weakness affecting links from pa



At 12:41 AM 4/13/97 -0700, Rich Graves wrote:
>Or blame it on the client. Microsoft handled the utter absence of security
>in their WFW/Win95 SMB implementation by claiming, falsely, that Samba was
>sending "illegal commands." After a thorough public thrashing, the Win95
>product manager eventually changed that to "specific networking commands,"
>with no retraction and no indication that the document had changed.

Heh.  Sending illegal or unexpected commands to a program is _the_
standard way to break security; if they can't defend against that, they're
hosed.
I'd reserve the phrase "utter absence of security" for systems that
let you ignore the permissions by just asking nicely :-)

><URL:http://www.research.microsoft.com/research/os/main.htm>

Interesting paper.  I was surprised it didn't explicitly mention Plan 9
when it was discussing other operating systems, though mentioning Inferno 
does include that indirectly.  It also didn't mention security -
it talked about the kind of world where you can just buy a computer,
turn it on, plug it in, and it'll find whatever resources it wants
in the One Big Operating System.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)