|
Send Me Email
|
|
All the news that's... whatever.
Welcome
to Random Bytes...
|
|
Tuesday, August 06, 2002
|
|
| |
|
FTC Probes Verisign Marketing - Take II An updated story has been filed by Reuters that sorts out some of the vaguaries concerning the source of the story...Verisign's comments still pretty much confirm the facts that the story lays out, so I'm still saying "hold on to your hats ladies and gents, this is about to get interesting..."
Unfortunately, no original editorial at this point - other than the standard regurgi-fed items... 
10:39:48 PM
|
|
FTC Probes VeriSign Marketing Not much to say about this one other than the obvious which is to note that the FTC web site doesn't have much to say on the subject...
On one hand, Reuters is a very credible source for this story, but on the other, "a source close to the probe" doesn't really make it a "fact" in my mind.
Regardless, my personal conjecture is that this story is spot on (Verisign pretty much confirms it in the article). It will be interesting to see what further commentary develops within industry circles.
If it is true, it will be interesting to see what the findings are and whether or not Verisign re-uses their "government contractor immunity" defence that has served them very well in the past (or whether it would even be relevant as my layman's understanding of the pgMedia case is that it was anti-trust specific...come to think of it...would they qualify for anti-trust immunity now? The Interland reference is also interesting, especially given some of the prior associations that the news media has made. (Hmm...let's hope a lawyer with some insight decides to fire up his or her blog machinery and answer some of these tough questions...:).
There is one thing for certain, there is going to be much to be said on the subject over the coming months...
(Hmm...I suppose that there was a bit to say on this one ;)
10:12:16 PM
|
|
Sorry for the lack of updates over the last few days...I was purposely
out of range of my computer for three straight days. Anyways, nice to be
back....
Slashdot is running an interesting
essay entitled "Exploiting design
flaws in the Win32 API for privilege escalation. Or...Shatter Attacks -
How to break Windows."
As the paper states, "The flaws presented in this paper are, at the time
of writing, unfixable. The only reliable solution to these attacks
requires functionality that is not present in Windows, as well as
efforts on the part of every single Windows software vendor. This
research was sparked by comments made by Microsoft VP Jim Allchin who
stated, under oath, that there were flaws in Windows so great that they
would threaten national security if the Windows source code were to be
disclosed. He mentioned Message Queueing, and immediately regretted it.
However, given the quantity of research currently taking place around
the world after Mr Allchin's comments, it is about time the white hat ?
community saw what is actually possible."
Microsoft's
response?
"...if I understand things correctly, the attack you describe either
requires the user to run an attacker's program on their system or the
attacker needs to have access to the user's system. I would recommend
that you contact the program's owner and let them know of your report.
There may or may not be a vulnerability for them to address, but the
program's owner should determine that."
It makes me wonder whether or not there is any connection between the
publication of this note and Microsoft's recent
move to release their source and API's prior to the formal final
settlement approval or if its just a coincidence. Presumably, issuing
API and source documentation that refutes this protects the "integrity"
of the product...if it's a coincidence and Chris is right, then the
Windows world is in for a whole mess of trouble...
4:52:44 PM
|
|
|
© Copyright
2003
Ross Wm. Rader. The opinions expressed in this weblog are solely those of the respective authors.
Last update:
1/27/2003; 11:35:00 PM.
|
