Patrick Horgan wrote:
From: "K. M. Ellis" <kelli@zeus.towson.edu>
I'd love to see something in there about most commercial sites being behind firewalls without nfs access across the firewall. This greatly reduces the
It might also be worth noting that people accessing the net via an ISP from home do not typically use NFS either.
They don't often have the skill/knowledge/concern to verify a PGP checksum to ensure someone didn't patch their browser, either. People seem to miss that the NFS hack was only an _example_ of a powerful way to silently destroy the integrity of an executable. Spoofing the insecure FTP session they used to retrieve it works. Sending them a random trojan horse works. The point was not that NFS is insecure. It was that unless you can authenticate your executables as being trustworthy NOTHING ELSE MATTERS. SSL, good RNGs for session key selection, etc, are all null and void if you run (any) untrusted software that patches your Netscape executable, for example, or if you got a bum copy to start with. Paul