Firewall Wizards mailing list archives
Re: signing applets a solution? Never!
From: David C Niemi <niemi () tux org>
Date: Mon, 8 Dec 1997 20:46:25 -0500 (EST)
On Sun, 7 Dec 1997, Marcus J. Ranum wrote:
Applets are a subset of the whole problem of trusting the source of any application. Why should people be more worried about running an applet than a browser plugin? Or a word processor you bought at a store? Or Windows? One of the things that scares me is that sooner or later someone will hack the planet by getting a job working for some big software vendor...
Gosh, some might almost say this has already happened, given some of the
security holes in IE 4.0, for example. How many tens of millions of people
downloaded and installed it thanks to Microsoft's generous prodding, and
how many dozens actually loaded the hot fixes in the right order?
Sometimes the most diabolical malice is no match for a little old fashioned
negligence. Which I suppose makes your point even stronger.
And forging of applet signatures would also be a nice way to give your
victims some peace of mind as they install your trojan horse.
David
Niemi () tux org 703-810-5538 Reston, Virginia, USA
"Down that path lies madness. On the other hand, the road to
hell is paved with melting snowballs." -- Larry Wall, 1992
Current thread:
- signing applets a solution? Never! Hal (Dec 03)
- Re: signing applets a solution? Never! Marcus J. Ranum (Dec 08)
- Re: signing applets a solution? Never! David C Niemi (Dec 08)
- Re: signing applets a solution? Never! Darren Reed (Dec 08)
- Re: signing applets a solution? Never! chuck yerkes (Dec 09)
- Re: signing applets a solution? Never! Jyri Kaljundi (Dec 11)
- <Possible follow-ups>
- Re: signing applets a solution? Never! Pauline van Winsen - Uniq Professional Services (Dec 11)
- RE: signing applets a solution? Never! Hal (Dec 12)
- Re: signing applets a solution? Never! Bennett Todd (Dec 17)
- Re: signing applets a solution? Never! Marcus J. Ranum (Dec 08)