4 posts • joined 5 Mar 2008
TLS Session tikets invalidate Perfect Forward Security (PFS)
This looks like classical case in security: Solving problem A by moving it to B, with identical consequences and challenges.
It is obvious session tickets decryption keys must cached (long) term and shared between servers! In fine this means that some short of Master key (or its derivatives) must be kept long term.
Then master key (or derivatives) can be used then to decrypt old tickets, therefore breaking PFS benefits.
Unless more about the session tickets is disclosed Google cannot boast any real security benefit on this change!
When people will get this: UAC is not for admin accounts!!!
UAC is for running as a normal user and been properly prompted to "Sudo" whenever an admin-permission requiring operation is executed.
This article is misleading!!!
You don't need an antivirus if you do not run as admin!!!
AND THE MORAL HAZARD IS: And if you run as admin, an anti-virus is always too late when a truly efficient worm emerges!
But the constant marketing message is that Antivirus == total protection!
I fully agree!
And not only on web sites, but also for all these security management applications (typically wi-fi) where it is often the case the user is copying a hard password from a piece of paper!. How many of us felt stupid missing it again and again!
Moreover, this may have a secondary benefit as users will interiorize better the fact that passwords are not secret to the computer where they are typing it, and they may pay higher attention to the need to protect themselves from key-loggers et al.
To THE REGISTER: Please start by unmasking the password for posting comments!!!!
Reduce attack surface!
This is a yet another symptom of functionality creep.
Most laptops have connections that we never use... but we keep them enabled just in case...
So time ago I bios-disabled all connectors I never use: COMs LPTS, Modems... etc.... and not only this increases security (by simply applying the "reduce the attack surface" principle) but it actually it can increase performance by precluding drivers from loading...
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- China in MONOPOLY PROBE into Microsoft: Do not pass GO, do not collect 200 yuan