POV-Ray: Newsgroups: povray.off-topic: Why does this not surprise me?: Re: Why does this not surprise me?

POV-Ray : Newsgroups : povray.off-topic : Why does this not surprise me? : Re: Why does this not surprise me?		Server Time 7 Sep 2024 19:14:33 EDT (-0400)

From: Nicolas Alvarez
Date: 15 May 2008 15:01:52
Message: <482c88a0@news.povray.org>

Doctor John wrote:
> Client-side security doesn’t work.
> You cannot securely exchange encryption keys without a shared piece of
> information.
> Malicious code cannot be 100 percent protected against.
> Any malicious code can be completely morphed to bypass signature
> detection. Firewalls cannot protect you 100 percent from attack.
> Any intrusion detection system can be evaded.
> Secret cryptographic algorithms are not secure.
> If a key isn’t required, you do not have encryption—you have encoding.
> Passwords cannot be securely stored on the client unless there is
> another password to protect them.
> In order for a system to begin to be considered secure, it must undergo
> an independent security audit.
> Security through obscurity does not work.

Don't modify code you don't understand, particularly if it's
security-related?

http://www.debian.org/security/2008/dsa-1571
http://www.links.org/?p=327
http://www.links.org/?p=328

Post a reply to this message