-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
__/ [Peter Jensen] on Friday 16 September 2005 14:38 \__
> Roy Schestowitz wrote:
>
>> Speaking of which...
>>
>> http://www.eweek.com/article2/0,1759,1859751,00.asp
>
> | Using vulnerable encryption algorithms could expose sensitive data in
> | Microsoft systems. But attacks on those algorithms are still unlikely,
> | given other, easier to exploit holes in the software, Schneier said.
> |
> | "There's just so much that's worse," he said of the other security
> | holes.
>
> Yeah, that just about sums up my opinion of this move by MS. Focus on
> the theoretical vulnerabilities *after* you fix the fundamental and very
> real vulnerabilities!
That's a good point, which I failed to notice beforehand. They at least show
that they try hard, e.g. by catching up with encryption algorithms that
have been used in PGP for quite some time.
Authentication in Windows has been dodgy for a variety of other reasons, the
main one being that you rarely need to authenticate successfully in the
first place. Look at all of these machine that get hijacked...
Roy
- --
Roy S. Schestowitz | "In hell, treason is the work of angels"
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
2:40pm up 22 days 2:54, 3 users, load average: 0.77, 0.56, 0.36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFDKszkU4xAY3RXLo4RAkHWAKCVSyyapCuhoQZRndJQgPeoUDrBqgCfS7yb
HFc5d+rzZAEXiXTOc75Ango=
=aHor
-----END PGP SIGNATURE-----
|
|
