Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text password for Microsoft (icwip.dun)

From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Wed, 10 Jul 2002 12:46:51 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 07:19 AM 7/10/2002, Juan M. Courcoul wrote:


A closed, proprietary system or one with a restricted distribution scheme 
and not subject to peer review will be particularly vulnerable and, well, 
we all know Microsoft's track record.



Palladium will be shared source and open for review.  AFA peer review, the 
TCPA body is extensive with over 180 member companies.

To me, the main concern here is that the companies implementing their 
individual TCPA systems will have to recoup their development dollars, 
which will be substantial.
Since this will be done by seizing new market share, or maintaining market 
share in the face of new competition and technologies, one has to wonder to 
what extent a company would go to stay alive.   TCPA developers may not all 
be viewing the technology as a means to force customers to stay customers 
now, but when the time comes, they will most certainly do whatever they 
feel they must do, or more importantly *can* do, in order to "eat the 
competition's lunch."

I'm not worried about back doors and such yet- it is the front door that 
has potential to be abused in this case.

AD




-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPSyPK4hsmyD15h5gEQJzPwCfUm/XEqHacbM3OZXDp0GJuVEIYcEAoMjL
m7lVSU4Vc+s6fNXZZa/8HvW9
=yXLi
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: