Full Disclosure mailing list archives
Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing'
From: nabiy <nathan.aguirre () gmail com>
Date: Thu, 17 Nov 2005 17:50:12 -0800
On 11/17/05, Dinis Cruz <dinis () ddplus net> wrote:
*From*: "James Tucker" <jftucker () gmail com> You are talking about user APIs, I am talking about what is happening under the hood. Yes developer's APIs have been simplified, but that creates an environment where nobody really knows what is happening and how things work. A lot of security vulnerabilities occur when you glue together two secure objects in ways never predicted by the original developers...
isn't creating an environment where you don't need to know what's going on 'under the hood' a good thing? It reflects good class design and is what blackboxing and encapsulation is all about. Not only does this help simplify the api's but it also helps prevent your security problem. With well defined methods to limit the interaction one has with a 'secure object' it shouldn't matter how u use it, it should stay secure. - nabiy -- http://nabiy.sdf1.org . http://sdf.lonestar.org The Super Dimension Fortress Public Access Unix System
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Dinis Cruz (Nov 17)
- <Possible follow-ups>
- RE: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Dinis Cruz (Nov 17)
- Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' Matthew Murphy (Nov 17)
- Re: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' nabiy (Nov 17)