Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
David_Biggins at usermgmt.com
Thu Aug 12 18:56:15 BST 2010
> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Tony Naggs
> Sent: 11 August 2010 23:29
> To: UK Cryptography Policy Discussion Group
> Subject: Re: Being safe on the internet (was Re: Here we go again -
> DPI, but is it interception?)
> All that apart, I think the discussions of software security are
> for getting so hung-up on discussons of buffer overflows.
Indeed, such was not my intention, and I apologise for dragging it on so
long, though it did seem to cause some interest.
You are right that there are many other classes, though I would contend
that the conventional stack attack has been one of the most common.
My original intention was merely to consider the way that three
disconnected decisions by three separate bodies had come together to
create a serious hole, which in hindsight seems obvious and while not
perhaps avoidable, probably capable of significant mitigation without
those decisions, but which clearly escaped everybody at the time.
More information about the ukcrypto