Firewall Wizards mailing list archives
Re: signing applets a solution? Never!
From: Darren Reed <darrenr () cyber com au>
Date: Tue, 9 Dec 1997 10:44:18 +1100 (EST)
In some mail I received from Marcus J. Ranum, sie wrote
There are proposals (W3) incorporating some thing like the web of trust for an applet so you can at least see if the author is thought reliable by someone you trust to say so.Applets are a subset of the whole problem of trusting the source of any application. Why should people be more worried about running an applet than a browser plugin? Or a word processor you bought at a store? Or Windows? One of the things that scares me is that sooner or later someone will hack the planet by getting a job working for some big software vendor...
To add to the "scariness", in a local magazine article on hackers, one hacker was quoted as his goal being to break in and get access to source code so they could insert backdoors which only they know about. This wasn't your average hacker who read CERT bullitins or bugtraq just to try discover new holes and get into as many sites as possible, this type seem to have purpose. It would be stupid to assume that this goal of getting access to source code is never realised. Among some of the other interesting bits and pieces, according to the article, the seasoned hacker prefers breaking into and staying inside a reasonably secure site as they tend to be free of the "foot soldier" hackers and are more reliable to use as a base of some sort. Staying relatively invisible doesn't seem to hard for them, it seems... Darren
Current thread:
- signing applets a solution? Never! Hal (Dec 03)
- Re: signing applets a solution? Never! Marcus J. Ranum (Dec 08)
- Re: signing applets a solution? Never! David C Niemi (Dec 08)
- Re: signing applets a solution? Never! Darren Reed (Dec 08)
- Re: signing applets a solution? Never! chuck yerkes (Dec 09)
- Re: signing applets a solution? Never! Jyri Kaljundi (Dec 11)
- <Possible follow-ups>
- Re: signing applets a solution? Never! Pauline van Winsen - Uniq Professional Services (Dec 11)
- RE: signing applets a solution? Never! Hal (Dec 12)
- Re: signing applets a solution? Never! Bennett Todd (Dec 17)
- Re: signing applets a solution? Never! Marcus J. Ranum (Dec 08)