4 posts • joined Wednesday 5th March 2008 08:15 GMT
TLS Session tikets invalidate Perfect Forward Security (PFS)
This looks like classical case in security: Solving problem A by moving it to B, with identical consequences and challenges.
It is obvious session tickets decryption keys must cached (long) term and shared between servers! In fine this means that some short of Master key (or its derivatives) must be kept long term.
Then master key (or derivatives) can be used then to decrypt old tickets, therefore breaking PFS benefits.
Unless more about the session tickets is disclosed Google cannot boast any real security benefit on this change!
When people will get this: UAC is not for admin accounts!!!
UAC is for running as a normal user and been properly prompted to "Sudo" whenever an admin-permission requiring operation is executed.
This article is misleading!!!
You don't need an antivirus if you do not run as admin!!!
AND THE MORAL HAZARD IS: And if you run as admin, an anti-virus is always too late when a truly efficient worm emerges!
But the constant marketing message is that Antivirus == total protection!
I fully agree!
And not only on web sites, but also for all these security management applications (typically wi-fi) where it is often the case the user is copying a hard password from a piece of paper!. How many of us felt stupid missing it again and again!
Moreover, this may have a secondary benefit as users will interiorize better the fact that passwords are not secret to the computer where they are typing it, and they may pay higher attention to the need to protect themselves from key-loggers et al.
To THE REGISTER: Please start by unmasking the password for posting comments!!!!
Reduce attack surface!
This is a yet another symptom of functionality creep.
Most laptops have connections that we never use... but we keep them enabled just in case...
So time ago I bios-disabled all connectors I never use: COMs LPTS, Modems... etc.... and not only this increases security (by simply applying the "reduce the attack surface" principle) but it actually it can increase performance by precluding drivers from loading...
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Three offers free US roaming, confirms stealth 4G rollout