Re: Plain text password for Microsoft (icwip.dun)

• Previous message: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• In reply to: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Next in thread: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Reply: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 09 Jul 2002 16:57:33 EDT, hellNbak said:

> Palladium isn't going to solve security issues like cleartext passwords.

Correct.

> Palladium is simply going to prevent copyright abuse and take the control
> of your own systems away from you.

It will prevent copyright abuse until broken.  How long does the average
anti-piracy scheme last?  And remember - you deploy this one, you're STUCK
with it because there's hardware involved.

>                                    The security issues are still going to
> exist, they are just going to be difficult to exploit from Palladium
> compliant boxen...........

All it takes is one good buffer overflow.  Like we haven't seen security bugs
in trusted, signed ActiveX controls and the like before.  I've seen almost
nothing that says that *exploits* will be any more difficult to carry out.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

• application/pgp-signature attachment: stored

• Next message: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Previous message: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• In reply to: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Next in thread: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Reply: hellNbak: "Re: Plain text password for Microsoft (icwip.dun)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 15:38:54 PDT