Security Research (Was: Scarfo "keylogger", PGP )
Carl Ellison
cme at acm.org
Wed Oct 17 08:24:06 EDT 2001
At 08:52 PM 10/16/2001 -0400, Steven M. Bellovin wrote:
>In message <3BCC7231.2F3CA52D at algroup.co.uk>, Ben Laurie writes:
>>"Trei, Peter" wrote:
>>> Windows XP at least checks for drivers not signed by MS, but
>>> whose security this promotes is an open question.
>>
>>Errr ... surely this promotes MS's bottom line and no-one's
>>security? It is also a major pain if you happen to want to write a
>>device driver, of course.
>>
>
>Microsoft? See their view of how to deal with security at
>http://www.newsbytes.com/news/01/171173.html -- I wonder if they
>think it should apply to crypto research, too?
>From that link:
"It's high time the security community stopped providing blueprints
for building these weapons," he said.
===
Remember after the OK City bombing, there were calls to remove
instructions on bomb making from the Internet? That failed when
people pointed out the USDA and public library sources, although some
went on to claim they should be removed from there, too. Free
speech, anyone?
With bug reports, there are none coming from USDA or to be found in
public libraries, so it looks like we're a lot more vulnerable. When
will the Internet be so ingrained in American life that it's no
longer vulnerable like this?
+------------------------------------------------------------------+
|Carl M. Ellison cme at acm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list