Re: NYT on Internet Flaws
[stuff deleted]
People seem to miss that the NFS hack was only an _example_ of a powerful way to silently destroy the integrity of an executable. Spoofing the insecure FTP session they used to retrieve it works. Sending them a random trojan horse works. The point was not that NFS is insecure. It was that unless you can authenticate your executables as being trustworthy NOTHING ELSE MATTERS.
No I don't think the community missed the point. While both NFS and FTP are equally weak in the way you point out, I think you should have used FTP as your main example because if we presume that the file server where the binary lives is reasonably trustworthy (like the guys at Netscape haven't inserted a trojan horse into their own binary and placed it up for FTP) then the way the file will propogate throughout the net is FTP and not NFS. Nonwithstanding, the NY Times writer took an otherwise reasonable point and blew it up into a "War of the Worlds" style article. I'd make sure he writes a decent article before quoting me in it. David (wondering whose stock fell because of this page one-er) =========================================================================== David A. Berger Software Engineer/Internet Product Development Enterprise Integration Technologies|800 El Camino Real|Menlo Park, CA 94025 dvberger@eit.com http://www.eit.com/~dvberger/ (415) 617-8792 ===========================================================================
Nonwithstanding, the NY Times writer took an otherwise reasonable point and blew it up into a "War of the Worlds" style article. I'd make sure he writes a decent article before quoting me in it.
Not possible. Reporters don't call you for a quote and then send you a draft of the article for your approval before they publish. They call for a quote, write their article, and publish, not asking for approval. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org
Not possible. Reporters don't call you for a quote and then send you a draft of the article for your approval before they publish. They call for a quote, write their article, and publish, not asking for approval.
Depends how well you train them ! If you can get through to them that it is in their interest to get the facts right, you may find that they get back to you ... I try to get them to send the draft as email or fax, but instead I get it read over the phone to me :-(
Not possible. Reporters don't call you for a quote and then send you a draft of the article for your approval before they publish. They call for a quote, write their article, and publish, not asking for approval.
Depends how well you train them !
Lets train them. Someone post their email addresses so we can send them all the RFCs for their education. :) They need to know what the hell they are talking about. I wonder if the biology lists get this, some wannabe hero posting how billions of people are infected with deadly toxins just because some researcher mentioned a well known fact that an amount of various bacteria and toxins exist in all living mammals. Werd. Mark
participants (4)
-
David Berger -
Mark -
Piete Brooks -
sameer