The solution to this is Palladium (NGSCB).
You'd want each ecommerce site to download a Nexus Computing Agent into
the client. This should be no more difficult than downloading an Active-X
control or some other DLL. The NCA has a manifest file associated with it
No shit? This is moronic.
At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
At 5:12 PM -0700 6/8/03, Anne Lynn Wheeler wrote:
somebody (else) commented (in the thread) that anybody that currently
(still) writes code resulting in buffer overflow exploit maybe should
be
thrown in jail.
Not a very friendly bug-submission
At 11:01 AM -0700 6/11/03, Major Variola (ret) wrote:
At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
IMHO, the problem is that the C language is just too error prone to be
used
for most software. In Thirty Years Later: Lessons from the Multics
Security Evaluation, Paul A. Karger and Roger R.
James A. Donald wrote:
How many attacks have there been based on automatic trust of
verisign's feckless ID checking? Not many, possibly none.
I imagine if there exists a https://www.go1d.com/ site for purposes of
fraud, it won't be using a self-signed cert. Of course it is possible that
the
the lack of buffer overruns in Multics. However, in the
Unix/Linux/PC/Mac
world, a successor language has not yet appeared.
Work on the existing C/C++ language will have a better chance
of actually being used earlier. Not that it removes the problem
entirely, but it should catches a lot of
Take this with a grain of salt. I'm no expert.
However: I'd guess that no applications (besides the secure nexus) would
have access to your list of doggie names, just the ability to display
it. The list just indicates that you are seeing a window from one of
your partitioned and verified
It's simple. It solves the problem that Microsoft Salesmen have. In
order to sell shit, you have to make it look like gold. Cee Eee Ohs have
heard it said that Microsoft software is insecure crap. Now the Microsoft
Salesmen can do fancy demos with pretty colors and slick Operators Are
standing
At 11:43 PM 6/8/2003 +0100, Dave Howe wrote:
HTTPS works just fine.
The problem is - people are broken.
At the very least, verisign should say ok so '..go1d..' is a valid server
address, but doesn't it look suspiously similar to this '..gold..' site over
here? for https://pseudo-gold-site/ - but