Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Results, Not Resolutions
Bruce Schneier and Adam Shostack , SecurityFocus 2002-01-24

A guide to judging Microsoft's security progress.

Comments Mode:
Results, not Resolutions 2002-01-24
Anonymous
Results, not Resolutions 2002-01-24
Gary McGraw
Results, Not Resolutions 2002-01-24
David Litchfield (2 replies)
Results, Not Resolutions 2002-01-24
davep (at) pitt (dot) edu [email concealed] (1 replies)
Results, Not Resolutions 2002-01-25
Nicholas Harring
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-24
Anonymous (1 replies)
Results, Not Resolutions 2002-01-24
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous (6 replies)
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
Your Homework! 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-26
Anonymous
Well, to conclude: Use Java, M$ 2002-01-25
Anonymous (1 replies)
Well, to conclude: Use Java, M$ 2002-01-25
Trithemius (1 replies)
Well, to conclude: Use Java, M$ 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
BMaximus
SOAP Recommendation is Silly 2002-01-25
Anonymous (1 replies)
SOAP Rec is correct 2002-01-26
Anonymous
Almost right on the compensation 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Chris
Regarding macros in documents... 2002-01-25
Anonymous
SOAP Comment misunderstood it seems... 2002-01-25
Anonymous
They used it as an example of an IMPLEMNTATION problem. SOAP per se is nto bad I hearthem say jsut as they did not say scripts were bad. What they said very celarly, early on, was "separate control from data". SOAP is poorly implemented because it uses a HTTP (a data channel) to send RPC (Control information) effectively by passing the control-oriented security whcih is different an tighter and going through the data-oriented security whcih doesn't scan for procedure integrity. An analogy would be letting some airline passengers skip the security checks at the gate and let them go through the employee gate to board a plane. Surest way we know to get hijacked or bombed. Same with software and why M$ products leak like a sieve.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/315/10154#10154
Things getting out of hand here? 2002-01-26
Toni Heinonen
Microkernel smog 2002-01-27
Grumpf
If SOAP should go then so should CGI! 2002-01-28
TerryC
Inaccuracies and crazy talk 2002-01-28
Anonymous
Results, Not Resolutions 2002-01-28
Anonymous
Microsoft's Recommend Development Process 2002-01-28
Anonymous







 

Privacy Statement
Copyright 2008, SecurityFocus