-----Original Message-----
From: Brian J. Beesley <[EMAIL PROTECTED]>
To: Daran <[EMAIL PROTECTED]>
Date: 12 March 2001 21:08
Subject: Re: Mersenne: Security of prime95
On 12 Mar 2001, at 6:03, Daran wrote:
>Now I'm not saying it's sensible to ignore risk, or not to take
>reasonable measures to reduce it - far from it - but, when the risk
>is _very_ small (as I believe it is in the case of running the
>Prime95 / mprime client), I believe it makes more sense to be
>reassuring than to _risk_ pressing the panic button.
By giving out incorrect information? "The network communications between the
server and client pose no risk as there is no instruction payload" is simply
wrong.
I'm not trying to scaremonger. I don't think the risks are that great either,
or I wouldn't be running it. I can't speak for anyone else, but what /I/ find
reassuring is to be told that security was a primary consideration in the
project design, implementation, and testing. I do not find it reassuring to
be told that there is "no risk".
[...]
>I did try _very_ hard to crack into both Windows & linux clients at
>about v20.3 and was entirely unsuccessful...
That's the most reassuring thing you've said so far.
[...]
>Aim this message at the server operators. Having said that, I see
>several breaches per week which are attributable to badly coded
>Microsoft clients, and I haven't noticed them sufferring too much as
>a consequence.
Microsoft gets away with what it does because of its overwhelmingly dominant
market position. And yes they do suffer for it. Unfortunately they don't
suffer enough.
>Regards
>Brian Beesley
Daran G.
_________________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
