Full Disclosure mailing list archives

Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing'

From: nabiy <nathan.aguirre () gmail com>
Date: Thu, 17 Nov 2005 17:50:12 -0800

On 11/17/05, Dinis Cruz <dinis () ddplus net> wrote:


*From*: "James Tucker" <jftucker () gmail com>
You are talking about user APIs, I am talking about what is happening
under the hood.

Yes developer's APIs have been simplified, but that creates an environment
where nobody really knows what is happening and how things work. A lot of
security vulnerabilities occur when you glue together two secure objects in
ways never predicted by the original developers...



isn't creating an environment where you don't need to know what's going on
'under the hood' a good thing? It reflects good class design and is what
blackboxing and encapsulation is all about. Not only does this help simplify
the api's but it also helps prevent your security problem. With well defined
methods to limit the interaction one has with a 'secure object' it shouldn't
matter how u use it, it should stay secure. - nabiy
--
http://nabiy.sdf1.org . http://sdf.lonestar.org
The Super Dimension Fortress Public Access Unix System

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Dinis Cruz (Nov 17)
- <Possible follow-ups>
- RE: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Dinis Cruz (Nov 17)
  - Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Matthew Murphy (Nov 17)
  - Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' nabiy (Nov 17)