| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <102401420511171750j3eb400f8xc8ffd46fbd8b65ee@mail.gmail.com> Date: Fri Nov 18 01:50:21 2005 From: nathan.aguirre at gmail.com (nabiy) Subject: Comment on Microsoft's leaked memos, and the unofficial end of Microsoft 'Trustworthy Computing' On 11/17/05, Dinis Cruz <dinis@...lus.net> wrote: > > *From*: "James Tucker" <jftucker@...il.com> > You are talking about user APIs, I am talking about what is happening > under the hood. > > Yes developer's APIs have been simplified, but that creates an environment > where nobody really knows what is happening and how things work. A lot of > security vulnerabilities occur when you glue together two secure objects in > ways never predicted by the original developers... isn't creating an environment where you don't need to know what's going on 'under the hood' a good thing? It reflects good class design and is what blackboxing and encapsulation is all about. Not only does this help simplify the api's but it also helps prevent your security problem. With well defined methods to limit the interaction one has with a 'secure object' it shouldn't matter how u use it, it should stay secure. - nabiy -- http://nabiy.sdf1.org . http://sdf.lonestar.org The Super Dimension Fortress Public Access Unix System -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051117/30c69394/attachment.html
Powered by blists - more mailing lists