SSL weakness affecting links from pa
Bill Stewart
stewarts at ix.netcom.com
Sun Apr 13 14:00:08 PDT 1997
At 12:41 AM 4/13/97 -0700, Rich Graves wrote:
>Or blame it on the client. Microsoft handled the utter absence of security
>in their WFW/Win95 SMB implementation by claiming, falsely, that Samba was
>sending "illegal commands." After a thorough public thrashing, the Win95
>product manager eventually changed that to "specific networking commands,"
>with no retraction and no indication that the document had changed.
Heh. Sending illegal or unexpected commands to a program is _the_
standard way to break security; if they can't defend against that, they're
hosed.
I'd reserve the phrase "utter absence of security" for systems that
let you ignore the permissions by just asking nicely :-)
><URL:http://www.research.microsoft.com/research/os/main.htm>
Interesting paper. I was surprised it didn't explicitly mention Plan 9
when it was discussing other operating systems, though mentioning Inferno
does include that indirectly. It also didn't mention security -
it talked about the kind of world where you can just buy a computer,
turn it on, plug it in, and it'll find whatever resources it wants
in the One Big Operating System.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
More information about the cypherpunks-legacy
mailing list