> The solution to this is Palladium (NGSCB).
>
> You'd want each ecommerce site to download a Nexus Computing Agent into
> the client. This should be no more difficult than downloading an Active-X
> control or some other DLL. The NCA has a manifest file associated with it
No shit? This is moron
At 11:01 AM -0700 6/11/03, Major Variola (ret) wrote:
>At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
>>IMHO, the problem is that the C language is just too error prone to be
>used
>>for most software. In "Thirty Years Later: Lessons from the Multics
>>Security Evaluation", Paul A. Karger and Rog
At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
>At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>>somebody (else) commented (in the thread) that anybody that currently
>>(still) writes code resulting in buffer overflow exploit maybe should
be
>>thrown in jail.
Not a very friendly bug-submission
> the lack of buffer overruns in Multics. However, in the
> Unix/Linux/PC/Mac
> world, a successor language has not yet appeared.
Work on the existing C/C++ language will have a better chance
of actually being used earlier. Not that it removes the problem
entirely, but it should catches a lot of
Adam Lydick writes:
> I'd guess that no applications (besides the secure nexus) would
> have access to your "list of doggie names", just the ability to display
> it. The list just indicates that you are seeing a window from one of
> your partitioned and verified applications. I would also assume t
Joseph Ashwood writes:
> Ok what flavor of crack are you smoking? Because I can tell from here that's
> some strong stuff. Downloading random DLLs that are given complete access to
> private information is one of the worst concepts that anyone has ever come
> up with, even if they are signed by
James A. Donald wrote:
> How many attacks have there been based on automatic trust of
> verisign's feckless ID checking? Not many, possibly none.
I imagine if there exists a https://www.go1d.com/ site for purposes of
fraud, it won't be using a self-signed cert. Of course it is possible that
the a
The problem to be solved is this. Spoofed sites can acquire user
credentials, especially passwords, and then use those to impersonate the
user on the real sites. With paypal and e-gold, this allows stealing
real money.
Using client certificates to authenticate would solve this, because
even if t
It's simple. It solves the problem that Microsoft Salesmen have. In
order to sell shit, you have to make it look like gold. Cee Eee Ohs have
heard it said that Microsoft software is insecure crap. Now the Microsoft
Salesmen can do fancy demos with pretty colors and slick Operators Are
standing
Take this with a grain of salt. I'm no expert.
However: I'd guess that no applications (besides the secure nexus) would
have access to your "list of doggie names", just the ability to display
it. The list just indicates that you are seeing a window from one of
your partitioned and verified applica
At 11:43 PM 6/8/2003 +0100, Dave Howe wrote:
>HTTPS works just fine.
>The problem is - people are broken.
>At the very least, verisign should say "ok so '..go1d..' is a valid server
>address, but doesn't it look suspiously similar to this '..gold..' site over
>here?" for https://pseudo-gold-site/ -
James A. Donald wrote:
> Attached is a spam mail that constitutes an attack on paypal similar
> in effect and method to man in the middle.
>
> The bottom line is that https just is not working. Its broken.
HTTPS works just fine.
The problem is - people are broken.
At the very least, verisign shoul
At 02:55 PM 6/8/2003, James A. Donald wrote:
Attached is a spam mail that constitutes an attack on paypal similar
in effect and method to man in the middle.
The bottom line is that https just is not working. Its broken.
The fact that people keep using shared secrets is a symptom of https
not work
13 matches
Mail list logo