Re: Critique of CyberInsecurity report
Yup, and also don't forget all the security holes in IE that would allow even more enjoyable fun stuff... things that are(were?) exploited by scumware sites such as Xupiter that installed themselves into IE and allowed pop-up ads from hell. [Sorry about the previous message, had lots of typos in there... should have proofread it before sending. :) ] --Kaos-Keraunos-Kybernetos--- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ --*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD.\|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net On Sat, 27 Sep 2003, James A. Donald wrote: -- On 26 Sep 2003 at 17:30, Sunder wrote: Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, only it works over the web. A user just goes to a web page, and a user at the other end can take over their machine because IE allows such software to run! Ok, at least WebX is a commercial product designed to provide tech support, and asks if it's ok to allow it, but if it's technically possible to do it for legitimate reasons, it's technically feasable to do it for rogue reasons too. IE first checks that the software is digitally signed, and then asks the user do you want to run this software signed by so and so. Then IE allows it to run. You do not just go to the web page. You go to the web page and IE asks if this is OK. Of course there are lots and lots of web pages that say Hey, click here to view me naked -- just click yes to all the stupid dialogs that come up --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7 4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio
Re: Critique of CyberInsecurity report
-- On 26 Sep 2003 at 17:30, Sunder wrote: Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, only it works over the web. A user just goes to a web page, and a user at the other end can take over their machine because IE allows such software to run! Ok, at least WebX is a commercial product designed to provide tech support, and asks if it's ok to allow it, but if it's technically possible to do it for legitimate reasons, it's technically feasable to do it for rogue reasons too. IE first checks that the software is digitally signed, and then asks the user do you want to run this software signed by so and so. Then IE allows it to run. You do not just go to the web page. You go to the web page and IE asks if this is OK. Of course there are lots and lots of web pages that say Hey, click here to view me naked -- just click yes to all the stupid dialogs that come up --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7 4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio
Re: DC Security Geeks Talk: Analysis of an Electronic Voting System
Grisham might be better - it's the legal wrangling that would tie up people's imagination, more than the technical. Major Variola (ret) [EMAIL PROTECTED] 9/25/2003 12:46:13 PM At 02:48 PM 9/24/03 -0400, R. A. Hettinga wrote: http://www.cryptonomicon.net/modules.php?name=Newsfile=printsid=463 Cryptonomicon.Net - Talk: Analysis of an Electronic Voting System Someone needs to inject a story about e-voting fraud into the popular imagination. Is Tom Clancy available? Maybe an anonymous, detailed, plausible, (but secretly fictional) blog describing how someone did this in their podunk county... then leak this to a news reporter.. Failure to be *able* to assure that this *didn't* happen in that podunk county would make an important point. On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question. -- Charles Babbage - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
