On Mon, 27 Mar 2006, Brian Eaton wrote:
> I wasn't sure if Windows actually supported mandatory access controls,
> so I poked around on Microsoft's web site a bit. Yes, Windows
> supports MAC.
MS Windows does not support MAC. Its future version (i.e. Vista) might
support some half-baked (*) pseudo-MAC.
(*) Where's the *-property? Everything I see is the ss-property. Any
idiot can implement a lame wannabe pseudo-MAC lacking the *-property
but such a thing cannot be the true mandatory access control, it'd be
mere DAC on steroids!
> In his original note, Dinis raised a good point: even a restricted
> browser has access to all kinds of sensitive personal information,
> such as passwords to web sites. MAC would not prevent an exploit from
> stealing that kind of data.
Nonsense. MAC was invented by soldiers and spooks to protect
confidentiality. (The use of MAC to protect integrity is, in fact, an
afterthought.)
Properly implemented and configured MAC can prevent the leakage of
confidential (i.e. sensitive personal) information to (unauthorized) web
sites.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Mar 27 2006
Intro
