Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] RE: [ISN] How To Save The Internet

from [David Gillett] Network Security [Permanent Link]
Subject: [Full-disclosure] RE: [ISN] How To Save The Internet
Date: Tue, 22 Mar 2005 08:45:49 -0800 
Jason Coombs [mailto:jasonc@science.org] writes:

<snip>

... the core problem with computer 
security is that our CPUs make no effort to restrict the execution of 
machine code to that very small subset of all possible machine code 
which constitutes the code that the owner of the CPU desires 
it to run.


<snip> 


If anyone really cared about solving this core security problem with 
computing today, it would be solved in just a few months. 


  Just one of the myriad of security issues that we're grappling with 
are the various rights of the owner of the CPU, the *operator* of the
CPU, and the owner of the *data*, each of whom may have a more or less
legitimate say in what code actually gets executed.  Far too many folks 
have already "solved" this problem incorrectly for me to believe that 
the "just a few months" solution you envisage will actually be correct.

David Gillett


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Thoughts and a possible solution on homograph attacks, Nick FitzGerald
Next by Date:  MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities, Mandrakelinux Security Team
Previous by Thread:  Re: [Full-disclosure] Re: CISSP Test, Andre Ludwig
Next by Thread:  [Full-disclosure] Re: [ISN] How To Save The Internet, Ben Vaisvil
Indexes:  [Date] [Thread] [Top] [All Lists]