On Sat, Oct 04, 2003 at 11:31:36PM -0700, Ian Clarke spake thusly:
I have never ever characterized Freenet as being anything other than in
development. If you don't like the fact that Freenet is taking so-long
to perfect, then either help, or use Earth Station 5 - I hear its great.
You never
Wherin Carroll trashes Schneier a bit...
Cheers,
RAH
---
http://zdnet.com.com/2102-1107_2-5086379.html?tag=printthis
CCIA Microsoft report--the core issues
By John Carroll
Special to ZDNet
October 6, 2003, 5:13 AM PT
URL: http://zdnet.com.com/2100-1107-5086379.html
COMMENTARY--The
Nathan P. Bardsley [EMAIL PROTECTED] writes:
Anecdotally, I've heard that there are many, but almost all of them were done
by vendors for embedding in their proprietary products.
Ditto. The problem is that when vendors have spent $100K+ on the
certification, they're very reluctant to give
- Original Message -
From: Ian Grigg [EMAIL PROTECTED]
[...]
In terms of actual practical systems, ones
that implement to Brands' level don't exist,
as far as I know?
There were however several projects that implemented
and tested the credentials system. There was CAFE, an
I was asked by someone to anonymously forward the following reply to
Joshua Hill to the list. (Second time in a week, and on the same topic!)
If you reply, please don't put my name in the reply -- this isn't my
comment.
--
- Original Message -
From: Peter Gutmann [EMAIL PROTECTED]
[...]
If you think that's scary, look at Microsoft's CryptoAPI for Windows XP
FIPS
140 certification. As with physical security certifications like BS 7799,
you
start by defining your security perimeter, defining everything
On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
Bill Frantz [EMAIL PROTECTED] writes:
This is the second significant problem I have seen in applications that use
ASN.1 data formats. (The first was in a widely deployed implementation of
SNMP.) Given that good, security
I took the initial view that closed source and trustable
crypto are mutually incompatible
Of course this isn't true. When is the last time you built your
own ATM or credit-card POS terminal?
Claims such
as Download this app and you will be secure should definitely need to
be proven, and
| From: Jill Ramonsky [EMAIL PROTECTED]
| From: Ian Grigg [mailto:[EMAIL PROTECTED]
|
| The only question I wasn't quite sure of
| was whether, if I take your code, and modify it,
| can I distribute a binary only version, and keep
| the source changes proprietary?
|
| You can't
Anton Stiglic [EMAIL PROTECTED] writes:
This is why you get requirements of the type that it should run on Windows in
single-user mode, which I take to mean have only an admin account. This
prevents privilege escalation attacks (regular user to root) that are easily
done.
I think this is
Markus Friedl [EMAIL PROTECTED] writes:
On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
We've already seen half the
SSH implementations in existence taken out by the SSH malformed-packet
vulnerabilities,
I don't think so.
According to the CERT advisory, roughly half of all
- Original Message -
From: Peter Gutmann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 11:07 AM
Subject: Re: NCipher Takes Hardware Security To Network Level
Anton Stiglic [EMAIL PROTECTED] writes:
This is why you get requirements of the
On Mon, 6 Oct 2003, Ian Grigg wrote: (answering Jill's questions)
The only question I wasn't quite sure of
was whether, if I take your code, and modify it,
can I distribute a binary only version, and keep
the source changes proprietary?
I'd strongly recommend to think about some code-signing
13 matches
Mail list logo
