1997-04-13 - Re: SSL weakness affecting links from pa

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: Rich Graves <llurch@stanford.edu>
Message Hash: 1785275380d395868570627706217d34716dd793b4f216904a49f767a6473796
Message ID: <3.0.1.32.19970413134238.00655f48@popd.ix.netcom.com>
Reply To: <3.0.1.32.19970412224402.009d66d0@mail.teleport.com>
UTC Datetime: 1997-04-13 21:00:08 UTC
Raw Date: Sun, 13 Apr 1997 14:00:08 -0700 (PDT)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sun, 13 Apr 1997 14:00:08 -0700 (PDT)
To: Rich Graves <llurch@stanford.edu>
Subject: Re: SSL weakness affecting links from pa
In-Reply-To: <3.0.1.32.19970412224402.009d66d0@mail.teleport.com>
Message-ID: <3.0.1.32.19970413134238.00655f48@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:41 AM 4/13/97 -0700, Rich Graves wrote:
>Or blame it on the client. Microsoft handled the utter absence of security
>in their WFW/Win95 SMB implementation by claiming, falsely, that Samba was
>sending "illegal commands." After a thorough public thrashing, the Win95
>product manager eventually changed that to "specific networking commands,"
>with no retraction and no indication that the document had changed.

Heh.  Sending illegal or unexpected commands to a program is _the_
standard way to break security; if they can't defend against that, they're
hosed.
I'd reserve the phrase "utter absence of security" for systems that
let you ignore the permissions by just asking nicely :-)

><URL:http://www.research.microsoft.com/research/os/main.htm>

Interesting paper.  I was surprised it didn't explicitly mention Plan 9
when it was discussing other operating systems, though mentioning Inferno 
does include that indirectly.  It also didn't mention security -
it talked about the kind of world where you can just buy a computer,
turn it on, plug it in, and it'll find whatever resources it wants
in the One Big Operating System.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)






Thread