Answer:
Never trust any data that you did not generate yourself and are 100%
certain it is bug free.
Meaning:
Don't process it at all ever until you run sanity checks against it.
Trust is an entirely different animal.
Thanks,
Barry
On May 29, 2010, at 4:42 PM, Michael Ash wrote:
On Sat
On Sat, May 29, 2010 at 3:04 PM, Jens Alfke wrote:
> This is rapidly heading off-topic, but:
> On May 29, 2010, at 4:15 AM, Michael Ash wrote:
>
>> Man-in-the-middle: if I execute the attack the first time you talk to
>> a given peer, you have no way of detecting me.
>
> This is avoided using an o
This is rapidly heading off-topic, but:
On May 29, 2010, at 4:15 AM, Michael Ash wrote:
> Man-in-the-middle: if I execute the attack the first time you talk to
> a given peer, you have no way of detecting me.
This is avoided using an out-of-band exchange of a secret over a trusted
channel (dire
On Fri, May 28, 2010 at 10:34 PM, Jens Alfke wrote:
>
> On May 28, 2010, at 6:59 PM, Michael Ash wrote:
>
>> An attacker can execute a man-in-the-middle attack...
>> An attacker can simply impersonate your app...
>> Neither of these can be defended against, even theoretically, when
>> communicati
On May 28, 2010, at 6:59 PM, Michael Ash wrote:
> An attacker can execute a man-in-the-middle attack...
> An attacker can simply impersonate your app...
> Neither of these can be defended against, even theoretically, when
> communicating peer-to-peer.
Not true; if you use SSL or some equivalent