Hi all,
Here's some more coverage of the book. I hope you find this interview as
interesting to read as I did working on it (last week). Please pass it on!
http://www.informit.com/guides/content.asp?g=securityseqNum=181rl=1
gem
At 12:35 PM -0500 3/5/06, William L. Anderson wrote:
My question is whether it's more accurate to say secure their network
rather than encrypt. I'm not clear myself about the meaning of these
terms; I think of encryption as being one way to make a network secure.
Another way that was
This is a very good question and is worth a careful answer.
For most off the shelf users and press people, securing and
encrypting traffic on do amount to the same thing when it comes to
wireless networks. In this case, the encryption they turn on is
hopefully WPA and not WEP. Early versions of
Encryption is one way to secure the *transport* on the network (subject to
various caveats about appropriate use of crypto, trust issues, etc.). I'd
strongly disagree with anyone who says that encryption makes a network
secure - because people interpret that to mean if I encrypt the network, I
At 6:04 AM -0800 3/6/06, Jeremy Epstein wrote:
Encryption is one way to secure the *transport* on the network (subject to
various caveats about appropriate use of crypto, trust issues, etc.). I'd
strongly disagree with anyone who says that encryption makes a network
secure - because people
I think it's important to understand the difference between encryption
and security (or being secure). Encryption is a tool, being secure is a
state.
Think of encryption as a lock on a door. Putting a lock on a door
doesn't necessarily make your house any more secure. If you leave your
Hi there,
I replied to Kentaro privately before I was subscribed to this list.
The OWASP Guide 2.1 Ajax chapter is about 80% done and 80% to go. I
have some serious vulnerabilities to report to a few vendors,
research to be included in the paper, such as JSON injection and so
on, and
On Sun, 05 Mar 2006 12:35:23 -0500
William L. Anderson [EMAIL PROTECTED] wrote:
Today's NYTimes has an article about piggybacking on open wireless
networks and what some people think about it and what some are doing
about it. The link is:
I personally think that AJAX has the potential to create very insecure applications because it pushes the data validation and authorization layers back to the client (i.e. the browser)"AJAX brings 'Back the Rich Client' and all its security problems"Kentaro, on your AJAX application you must