Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] RE: [ISN] How To Save The Internet

from [Marchand, Tom] Network Security [Permanent Link]
Subject: [Full-disclosure] RE: [ISN] How To Save The Internet
Date: Tue, 22 Mar 2005 15:56:27 -0500 
Plus, the same code could possibly be considered legitimate for one owner and 
non-legitimate for another.


-----Original Message-----
From:   David Gillett [mailto:gillettdavid@fhda.edu]
Sent:   Tue 3/22/2005 11:45 AM
To:     jasonc@science.org; jericho@attrition.org
Cc:     isn@c4i.org; sberinato@cio.com; full-disclosure@lists.grok.org.uk; 
bugtraq@securityfocus.com
Subject:        RE: [ISN] How To Save The Internet

Jason Coombs [mailto:jasonc@science.org] writes:

<snip>

... the core problem with computer 
security is that our CPUs make no effort to restrict the execution of 
machine code to that very small subset of all possible machine code 
which constitutes the code that the owner of the CPU desires 
it to run.


<snip> 


If anyone really cared about solving this core security problem with 
computing today, it would be solved in just a few months. 


  Just one of the myriad of security issues that we're grappling with 
are the various rights of the owner of the CPU, the *operator* of the
CPU, and the owner of the *data*, each of whom may have a more or less
legitimate say in what code actually gets executed.  Far too many folks 
have already "solved" this problem incorrectly for me to believe that 
the "just a few months" solution you envisage will actually be correct.

David Gillett








Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate 
companies are not responsible for errors or omissions in this e-mail message. 
Any personal comments made in this e-mail do not reflect the views of Blue 
Cross Blue Shield of Florida, Inc.  The information contained in this document 
may be confidential and intended solely for the use of the individual or entity 
to whom it is addressed.  This document may contain material that is privileged 
or protected from disclosure under applicable law.  If you are not the intended 
recipient or the individual responsible for delivering to the intended 
recipient, please (1) be advised that any use, dissemination, forwarding, or 
copying of this document IS STRICTLY PROHIBITED; and (2) notify sender 
immediately by telephone and destroy the document. THANK YOU.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  osCommerce File Manager Directory Traversal Vulnerability, Megasky
Next by Date:  Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
Previous by Thread:  [Full-disclosure] Re: [ISN] How To Save The Internet, Scott Berinato
Next by Thread:  [Full-disclosure] Re: [ISN] How To Save The Internet, Jason Coombs
Indexes:  [Date] [Thread] [Top] [All Lists]