Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Plain text password for Microsoft (icwip.dun)

From: Valdis.Kletnieks () vt edu
Date: Tue, 09 Jul 2002 17:56:43 -0400
On Tue, 09 Jul 2002 16:57:33 EDT, hellNbak said:


Palladium isn't going to solve security issues like cleartext passwords.


Correct.


Palladium is simply going to prevent copyright abuse and take the control
of your own systems away from you.


It will prevent copyright abuse until broken.  How long does the average
anti-piracy scheme last?  And remember - you deploy this one, you're STUCK
with it because there's hardware involved.


                                   The security issues are still going to
exist, they are just going to be difficult to exploit from Palladium
compliant boxen...........


All it takes is one good buffer overflow.  Like we haven't seen security bugs
in trusted, signed ActiveX controls and the like before.  I've seen almost
nothing that says that *exploits* will be any more difficult to carry out.
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: