Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread Peter Gutmann
R. A. Hettinga [EMAIL PROTECTED] forwarded: But the security experts said the issue of computer security had more to do with the ubiquity of Microsoft's software than any flaws in the software. There was an example of a point raised in the paper the same day it was published, when two anti-spam

Tinc's response to Linux's answer to MS-PPTP

2003-09-26 Thread Guus Sliepen
Hello Peter Gutmann and others, Because of its appearance on this mailing list and the Slashdot posting about Linux's answer to MS-PPTP, and in the tinc users' interest, we have created a section about the current security issues in tinc, which currently contains a response to Peter Gutmann's

Re: Can Eve repeat?

2003-09-26 Thread Peter Fairbrother
Ivan Krstic wrote: On 24 Sep 2003 08:34:57 -0400, Greg Troxel [EMAIL PROTECTED] wrote: [snip] In Quantum Cryptography, Eve is allowed to not only observe, but also transmit (in the quantum world observing modifies state, so the notion of read only doesn't make sense). Also, Eve is typically

Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread martin f krafft
also sprach Ian Grigg [EMAIL PROTECTED] [2003.09.25.2253 +0200]: I wouldn't put all of the blame on Microsoft, Schneier said, the problem is the monoculture. On the face of it, this is being too kind and not striking at the core of Microsoft's insecure OS. For example, viruses are almost

Re: Can Eve repeat?

2003-09-26 Thread Greg Troxel
That's pretty much what I was talking about when I said that it may be possible to clone an arbitrarily large proportion of photons - and that Quantum Cryptography may not actually be secure. A key point is the probability that the measurement/cloning operation has of disturbing the

A different Business Model for PKI (was two other subjects related to the demise of Baltimore)

2003-09-26 Thread Ed Reed
I've suspected that the pricing was set along a line of thinking that goes like this... 1) work group and departmental networking managed to charge $100-$150 / yr / user in exchange for making user administration, file and print share access control management and other related identity

Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread Victor . Duchovni
On Thu, 25 Sep 2003, Ian Grigg wrote: On the face of it, this is being too kind and not striking at the core of Microsoft's insecure OS. For example, viruses are almost totally a Microsoft game, simply because most other systems aren't that vulnerable. While part of the security problems

The Right Touch

2003-09-26 Thread R. A. Hettinga
http://www.forbes.com/forbes/2003/1013/050_print.html Forbes OutFront The Right Touch Elizabeth Corcoran, 10.13.03 We're spending billions for new voting machines that may not be any better than punch cards Three weeks before California was set to vote on Governor Gray Davis' recall, a

efficiency?? vs security with symmetric crypto? (Re: Tinc's response to Linux's answer to MS-PPTP)

2003-09-26 Thread Adam Back
What conceivable trade-offs could you have to make to get acceptable performance out of symmetric crypto encrypted+authenticated tunnel? All ciphers you should be using are like 50MB/sec on a 1Ghz machine!! If you look at eg cebolla (more anonymity than VPN, but it's a nested forward-secret VPN

Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread Bill Frantz
At 6:47 AM -0700 9/26/03, [EMAIL PROTECTED] wrote: While part of the security problems in Windows are Microsoft specific, in my view a large part is inherited from earlier graphiscal desktop designs, and is almost universal in this space. Specifically, when a user clicks (or double-clicks) on an

Re: Tinc's response to Linux's answer to MS-PPTP

2003-09-26 Thread Joseph Ashwood
And a response. I have taken the liberty of copying the various portions of the contents of the webpage to this email for response. I apologize for the formatting confusion which may mistake Peter Gutmann's comments with those of the semi-anonymous misinformed person under scrutiny. I would have

Re: A different Business Model for PKI (was two other subjects related to the demise of Baltimore)

2003-09-26 Thread Peter Gutmann
Ed Reed [EMAIL PROTECTED] writes: 2) PKI vendors looked at that and must have said - gee, if we can get $100-$150/yr/user for managing identity around PKI certificates, why shouldn't we? Actually it's even better than that, the companies using the managed service are still expected to act as

Dan Geer Fired (was re: Technology Firm With Ties to Microsoft Fires Executive Over Criticism)

2003-09-26 Thread R. A. Hettinga
http://info.mgnetwork.com/printthispage.cgi?url=http%3A//ap.tbo.com/ap/breaking/MGASNQR81LD.htmloaspagename=www.tbo.com/ap/story.htmimage=tbologo80x60.jpg Sep 25, 2003 Technology Firm With Ties to Microsoft Fires Executive Over Criticism By Ted Bridis The Associated Press WASHINGTON (AP) - The