lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Jun 2013 14:17:06 -0400
From: Jeffrey Walton <noloader@...il.com>
To: security@...ossecurity.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Outlook Vulnerability: S/MIMELossof
	Integrity

On Mon, Jun 17, 2013 at 11:19 AM, ACROS Security Lists <lists@...os.si> wrote:
> Valdis,
>
>> No, that's how to do it *hardline*.  There's many in the
>> security industry that will explain to you that it's also
>> doing it *wrong*.  Hint - the first time that HR sends out a
>> posting about a 3-day window next week to change your
>> insurance plan without penalty, signs it with something that
>> doesn't match the From:, and the help desk is deluged by
>> phone calls from employees who can't read the mail, the guy
>> who put "You shall not pass" in place will be starting a job hunt.
>
> If there was an industry standard specifying the you-shall-not-pass for all web
> browsers, it wouldn't be the guy (developer) who put this roadblock in place that
> would start a job hunt but someone within the company whose job was to avoid the
> roadblock by making sure the cert that HR is using was okay. That would happen a
> couple of times, and then not any more, as people have great capacity for learning.
>
> ....
> ... If I get an encrypted
> message that was mistakenly not encrypted with my key, it would be very productive to
> have a "Just decrypt anyway" button but we obviously don't have that. ...
A lot of folks would like to have that button ;)

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ