From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 30 Nov 1995 06:01:10 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: Re: break microsoft!!!
In-Reply-To: <199511291949.LAA04349@netcom13.netcom.com>
Message-ID: <Pine.ULT.3.91.951129132555.17268F-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


Be careful not to sound too gleeful, lest you play into the evil nasty 
hacker stereotype. Keep the focus on the fact that real encryption is 
both possible and highly desired; the bad guys are lazy programmers and 
the US Government.

I have sent a pointer to the sci.crypt article to the win95netbugs list, 
which currently has eight Microsoft employees and nine major computer 
magazines on it. I might mention it to Microsoft's "technical people" 
when they drop by next week to address our networking concerns.

The answer, for anyone desiring one, is to turn off Win95's "multiple 
user profiles" features, turn off "encrypted password caching," and 
advertise the fact that Win95 is a totally insecure single-user OS, and 
will continue to be so as long as it uses the 1970's-vintage FAT file 
system. If real security is not available, the goal should be to 
eliminate the false sense of security that encourages people to leave 
sensitive files out in the open.

-rich