1996-02-01 - Re: C’mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
Header Data
From: Jeff Weinstein <jsw@netscape.com>
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Message Hash: d3c78939dc61ed00b8372685bce7258a953938d674879acd665dad14ce95e461
Message ID: <31108BA5.30BB@netscape.com>
Reply To: <310E0EBE.30FD3BCC@netscape.com>
UTC Datetime: 1996-02-01 14:36:17 UTC
Raw Date: Thu, 1 Feb 1996 22:36:17 +0800
Raw message
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 1 Feb 1996 22:36:17 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: C'mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification)
In-Reply-To: <310E0EBE.30FD3BCC@netscape.com>
Message-ID: <31108BA5.30BB@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Nathaniel Borenstein wrote:
>
> Excerpts from mail.cypherpunks: 30-Jan-96 Re: Apology and clarification
> Jamie Zawinski@netscape. (4170*)
>
> > Nathaniel Borenstein wrote:
> > >
> > > What we at FV have done is to demonstrate how easy it is to develop an
> > > FULLY AUTOMATED attack that undermines the security of all
> > > software-based credit card commerce schemes.
>
> > You have done no such thing. You have written *one component* of that
> > attack, and the easiest part of it at that.
>
> > Combine it with a virus, or self-replicating worm, and demonstrate that
> > it is immune to all known virus checkers, and *then* you will have
> > spoken the truth when you say you have "demonstrated" anything.
>
> This is a particularly fascinating reaction, Jamie. As I see it, we
> have implemented every part of the attack that we can implement without
> doing anything that is either unethical or illegal. Is it your position
> that no systematic flaw in your security is real until someone has
> actually broken it?
>
> Actually, that position would in fact be quite consistent with your
> company's earlier implicit assertion that 40-bit encryption was
> sufficient (for international consumers) until somebody actually broke
> it, even though everyone who understood cryptography already knew
> otherwise.
Actually that position would in fact be quite inconsistent with our
more recent actions. For example we have implemented blinding code to
protect against Paul Kocher's timing attack, even though it has
not been demonstrated against any real world system. I think that you
are misinterpreting the intent of Jamie's posting, but I will let
him defend himself. I just wanted to say that the company takes
security problems very seriously, even if there has not been an
active exploit.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Thread
- Return to January 1996
Return to February 1996
- Return to “Jamie Zawinski <jwz@netscape.com>”
- Return to “Jeff Weinstein <jsw@netscape.com>”
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
- 1996-01-31 (Wed, 31 Jan 1996 23:50:43 +0800) - Apology and clarification - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-30 (Wed, 31 Jan 1996 04:12:16 +0800) - Re: Apology and clarification - Jamie Zawinski <jwz@netscape.com>
- 1996-02-01 (Thu, 1 Feb 1996 19:38:09 +0800) - Re: C’mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) - Jamie Zawinski <jwz@netscape.com>
- 1996-02-01 (Thu, 1 Feb 1996 22:36:17 +0800) - Re: C’mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) - Jeff Weinstein <jsw@netscape.com>
- 1996-02-03 (Sun, 4 Feb 1996 05:11:38 +0800) - Re: C’mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-02-02 (Fri, 2 Feb 1996 12:45:36 +0800) - C’mon, How Hard is it to Write a Virus or Trojan Horse? (was Re: Apology and clarification) - Nathaniel Borenstein <nsb@nsb.fv.com>
- 1996-01-30 (Wed, 31 Jan 1996 04:12:16 +0800) - Re: Apology and clarification - Jamie Zawinski <jwz@netscape.com>