|
Dailydave
mailing list archives
Re: time for my lil opinion poll
From: dan () geer org
Date: Thu, 26 Apr 2007 01:24:43 -0400
On 4/25/07, Arun Koshy <arunkoshy () gmail com> wrote:
-+-------------------------------------------------
| A friend from the vuln research arena ( sorry .. no names etc ) told
| me in a convo a few hours ago that this does not work :
|
| http://en.wikipedia.org/wiki/Information_Leak_Prevention
Disclaimer: I work for Verdasys, one of the firms listed on
http://en.wikipedia.org/wiki/Information_Leak_Prevention
"Does not work" is a little like "Bad dog" -- could you
be a little more specific?
Content inspection? Crap, in my view, as it only works
when the opponent does not know or care that you are watching
(Pig Latin is enough crypto to defeat).
Specific blocks of this and that, e.g., the electronic
equivalent of sealing the USB port with a glue gun?
Well, sure, but how many ways to steal data are there...
What we (Verdasys) sell is, in blunt terms, a commercial
version of the Orange Book "Reference Monitor" implemented
as a data-surveillance rootkit. Compared to the others,
ours is an Oxy-Acetylene torch to their paper match.
Before I go on, do we really want to have the full tilt
debate?
--dan, exhausted and on lousy wireless in a cheap motel
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
