Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Bits to Bits, Dust to Dust, Ashes to Ashes



Hi!

On 22.12.2005, 14:43 +0900 Michael Reinsch wrote:

> This of course does not cover data leaks through other means, while the
> computer is running and working with this data...

Sorry for quoting myself, but I think this is also a very interesting
topic, while we're discussing a bit about computer security.

Even if you assume that there are NO security holes in the system you
are using, stealing data is just too easy. You "just" need to get the
user to execute an application you sent him and you have access to most
of his data.

So the user-based security approach is not adequate any more. But what
comes next? 

Ask the user? Can the user really decide which rights to give a piece of
software?

Signed software? Do you trust the signers? Did they really check the
software they signed? And who is going to pay for this checking? And who
decides who is allowed to sign software? (Yes, this is similar to the
pseudo secure/signed web stuff we currently have.) And it somehow
contradicts the open source / free software way of doing things.

All not very ideal solutions...

-- 
  Michael Reinsch <mr@example.com>                      http://mr.uue.org/
------------------------------------------------------------------------

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links