[Dailydave] time for my lil opinion poll
dan at geer.org
dan at geer.org
Thu Apr 26 01:24:43 EDT 2007
On 4/25/07, Arun Koshy <arunkoshy at gmail.com> wrote:
-+-------------------------------------------------
| A friend from the vuln research arena ( sorry .. no names etc ) told
| me in a convo a few hours ago that this does not work :
|
| http://en.wikipedia.org/wiki/Information_Leak_Prevention
Disclaimer: I work for Verdasys, one of the firms listed on
http://en.wikipedia.org/wiki/Information_Leak_Prevention
"Does not work" is a little like "Bad dog" -- could you
be a little more specific?
Content inspection? Crap, in my view, as it only works
when the opponent does not know or care that you are watching
(Pig Latin is enough crypto to defeat).
Specific blocks of this and that, e.g., the electronic
equivalent of sealing the USB port with a glue gun?
Well, sure, but how many ways to steal data are there...
What we (Verdasys) sell is, in blunt terms, a commercial
version of the Orange Book "Reference Monitor" implemented
as a data-surveillance rootkit. Compared to the others,
ours is an Oxy-Acetylene torch to their paper match.
Before I go on, do we really want to have the full tilt
debate?
--dan, exhausted and on lousy wireless in a cheap motel
More information about the Dailydave
mailing list