[3463] in cryptography@c2.net mail archive
Re: "It's a Hardware Problem..." (fwd)
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Oct 14 11:00:40 1998
To: "Arnold G. Reinhold" <reinhold@world.std.com>
cc: decius@ninja.techwood.org, cryptography@c2.net
Date: Wed, 14 Oct 1998 10:22:04 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <v03130301b24a14bb6317@[24.128.118.53]>, "Arnold G. Reinhold" writes
:
>
>I think Sandia is missing something, namely an understanding of what kind
>of vulnerabilities hackers exploit. The problem is not the quality of
>locks, but how they are used.
>
>File Sandia's nanolock under solutions looking for a problem.
>
Oh, Sandia has the problem that that solves; it's called a Permissive Action
Link -- the lock on a nuclear weapon....
But you're certainly right that that's not the primary vulnerability in
most general-purpose computer systems. What is? Hint: of the 12 CERT
advisories this year, 9 describe buffer overflows. And next month is the
10th anniversary of the Internet Worm. Sigh.
