[Cryptography] practical verifiable systems -- forensic and otherwise, cheap and otherwise
Bill Frantz
frantz at pwpconsult.com
Thu Mar 5 13:21:07 EST 2015
On 3/5/15 at 6:35 AM, leichter at lrw.com (Jerry Leichter) wrote:
>Side note: You might think, hey, maybe there's a market here
>for a browser designed for industrial, not consumer,
>applications. Support just the bare minimum needed; throw out
>all the cruft needed for consumer movie sites and such.
>Unfortunately, there's no hope in that direction: While the
>Intel examples in that presentation show pretty basic Web
>pages, the management pages presented by many other devices are
>full of the latest fancy gimmicks.
If you're into tilting at windmills: I have run my browser with
flash turned off for years. I read the rate of serious security
bugs in flash, and it is worse that IE in a bad month. The
result is that until utube went to HTML5, I couldn't see any of
the videos people linked in their emails. Oh well. I don't
generally go to movies either. YMMV
I could see an organization being hard nosed about the
situation. Put up a browser which only supports a limited suite
of protocols, based on a security analysis. Use it on the
internal network, with no access to an external network (via
firewall perhaps) so your operators can't upgrade it to run
things like flash. (And fire them if they try.) (If they want to
watch movies, let them use their phones.) Specify in your RFPs
for equipment that the management interfaces for that equipment
must run with a browser that only supports the listed protocols.
Even a failed attempt, if well publicized, might push the
industry in the right direction.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | "The only thing we have to | Periwinkle
(408)356-8506 | fear is fear itself." - FDR | 16345
Englewood Ave
www.pwpconsult.com | Inaugural address, 3/4/1933 | Los Gatos,
CA 95032
More information about the cryptography
mailing list