lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <451B0452.8080609@ftusecurity.com>
Date: Wed, 27 Sep 2006 19:08:02 -0400
From: "Kenneth F. Belva" <ken@...security.com>
To: full-disclosure@...ts.grok.org.uk,  bugtraq@...urityfocus.com
Subject: Security as an Enabler - Virtual Trust: An Open
 Challenge to All InfoSec Professionals

I've been defending Virtual Trust as an enabler for the past three days 
on the full-disclosure list. So far, fairly successfully.

Here's the challenge: How creative are you *for* VT, *against* VT and 
determining the *impact* of VT?

Here's your chance to figure out what works and what doesn't with the 
theory I've proposed.

Naturally, the results may (or may not!) significantly impact our field.

I have set up three pages on my blog for comments. All I ask is the 
following:

1. Keep an open mind
2. Read the main source material before posting
3. Provide a thoughtful reply

I look forward to the ultimate peer review.

Bring it on!

Ken

========================================================
Main Source Material
========================================================

Here is the main paper:
http://www.ftusecurity.com/pub/VT-belva-dekay-final.pdf

Here is a post regarding the distinction between Virtual Trust and the 
current model of information security, the Insurance Model:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049698.html

Information Security is a necessary but not a sufficient condition for 
the creation of electronic assets and electronic business relationships:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049683.html

A independent VT example thought of by Brian Eaton not found in our main 
paper or subsequent posts (pay-per-click advertising):
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049658.html

========================================================
Website Pages
========================================================

Main Page:
http://www.bloginfosec.com

Virtual Trust: Support (FOR)
http://www.bloginfosec.com/?page_id=72

Virtual Trust: Objections (AGAINST)
http://www.bloginfosec.com/?page_id=73

Virtual Trust: Impact (NEW POSSIBILITIES)
http://www.bloginfosec.com/?page_id=74

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ