| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060327233537.5914.0@argo.troja.mff.cuni.cz> Date: Mon Mar 27 22:56:36 2006 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Subject: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code On Mon, 27 Mar 2006, Brian Eaton wrote: > I wasn't sure if Windows actually supported mandatory access controls, > so I poked around on Microsoft's web site a bit. Yes, Windows > supports MAC. MS Windows does not support MAC. Its future version (i.e. Vista) might support some half-baked (*) pseudo-MAC. (*) Where's the *-property? Everything I see is the ss-property. Any idiot can implement a lame wannabe pseudo-MAC lacking the *-property but such a thing cannot be the true mandatory access control, it'd be mere DAC on steroids! > In his original note, Dinis raised a good point: even a restricted > browser has access to all kinds of sensitive personal information, > such as passwords to web sites. MAC would not prevent an exploit from > stealing that kind of data. Nonsense. MAC was invented by soldiers and spooks to protect confidentiality. (The use of MAC to protect integrity is, in fact, an afterthought.) Properly implemented and configured MAC can prevent the leakage of confidential (i.e. sensitive personal) information to (unauthorized) web sites. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Powered by blists - more mailing lists