On Thu, 1 Mar 2012 08:52:45 -0800 Edward Jaffe <[email protected]> wrote:
:>On 3/1/2012 6:52 AM, David Cole wrote: :>> This is not just despicable, under today's law, it is actually criminal! Any :>> vendor who does this could be (and should be) jailed in criminal courts and :>> sued out of existence in civil courts. :>> I do not know who is doing this, but I believe utmost pressure must be brought :>> to bear upon that vendor so that it will commit every resource to removing the :>> breach from its products. :>Just to clear: intercepting the FLIH does not itself constitute an exposure and, :>as far as state changes go, the checking and requirements could be complete :>enough to avoid any integrity problem. For example, the methodology could be :>similar to that employed by IBM's IGX00011 "magic" SVC and its intended caller. :>Unless someone can prove there really is an exposure, which to my knowledge has :>not been done, I suggest that passing such judgment is premature. I would suggest by the fact that they do it in a tricky way and not in a forthright way that there is an exposure. Otherwise why not simply use a PC? There is no need to do this (at least since DAS) in the FLIH. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies.
