[cap-talk] How many of these absurdities would caps fix?

Norman Hardy norm at cap-lore.com
Tue Jun 20 12:12:04 EDT 2006 

Just a few comments.

The article speaks of social engineering such as in clicking on an IM  
attachment.
That's not social engineering; that is the kernel giving all the  
user's authority to the program in the attachment.

They speak of identity theft.
30 years after RSA is publicized we still prove our identity  
repeatedly by giving our information to many others.
The information we give them lets them to pretend to be us.
There must be 10,000 people with "legitimate" access to information  
necessary to prove that they are me.
We don't use RSA, in part, because there is no safe and convenient  
place to keep the private key.

They speak of Spyware and Pop-ups. (By the way these are two  
different things: Spys, by definition keep a low profile.)
I don't have to say anything about these on this list.

They speak of phishing. A decent cap-OS could remind you that you had  
made an explicit arrangement  some
organization in the past and there has now arrived a missive from  
that very organization.

Spam is for DSR, I think.

In summary just about all of the solutions are out there and await a  
sound platform on which to run.

On Jun 19, 2006, at 2:56 PM, Mark Miller wrote:

> <http://www.securityabsurdity.com/failure.php> is
> "Security Absurdity: The Complete, Unquestionable, And Total Failure
> of Information Security."
>
> It seems to be getting a lot of attention. I've only skimmed it, but
> it looks good to me so far.
> How many of the problems that he enumerates are POLA violations?
> Ignoring legacy-compatibility issues, how many of these problems would
> caps fix? Without ignoring legacy issues, how many of these issues
> could still be effectively addressed by combining caps with approaches
> like Polaris and/or authority-limited virtual machines?
>
> -- 
> Text by me above is hereby placed in the public domain
>
>     Cheers,
>     --MarkM
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list