Secure Coding mailing list archives
RE: Origins of Security Problems
From: "Alun Jones" <alun () texis com>
Date: Sun, 20 Jun 2004 08:49:59 +0100
[EMAIL PROTECTED] <> wrote on Thursday, June 17, 2004 10:59 AM:
At 9:52 AM -0700 6/17/04, Blue Boar wrote:Hm? You mean they had to have privs on VMS to allocate alistening port? What does that matter? DECNet doesn't only run on VMS. But the vast majority of current DECnet usage is on VMS.
And ten years ago, the vast majority of TCP/IP usage was on Unix, where you could "rely" on a source port under 1024 meaning that the connection had been sanctioned by an educated administrator who cared about keeping the Internet comfy cosy and safe. If you go back that far, you'll probably find some posts from me complaining that even then, not all Unix systems were administered by professionals, and that the recent arrival of Winsock on the stage meant that such an unreliable assumption was not even remotely going to remain true. If there is not sufficient security in the protocol, and DECnet may have enough security, there is certainly not sufficient security in assuming that your fellow network citizens are clever and kind. Alun. ~~~~
Current thread:
- Origins of Security Problems Mark Rockman (Jun 15)
- RE: Origins of Security Problems Michael S Hines (Jun 16)
- RE: Origins of Security Problems ljknews (Jun 17)
- Message not available
- Re: Origins of Security Problems ljknews (Jun 18)
- RE: Origins of Security Problems Alun Jones (Jun 20)
- RE: Origins of Security Problems ljknews (Jun 20)
- RE: Origins of Security Problems Alun Jones (Jun 21)
- RE: Origins of Security Problems ljknews (Jun 17)
- RE: Origins of Security Problems Michael S Hines (Jun 16)
- <Possible follow-ups>
- Origins of Security Problems Mark Rockman (Jun 17)
- Re: Origins of Security Problems Crispin Cowan (Jun 18)