Re: Understanding response protocols


Keith Moore wrote:

But there's another wrinkle in that the ability to redirect replies is
arguably a security risk.[*]  Say an attacker forges a message from 
someone's boss that tells its recipient to do something costly and
irreversible.[...]


Alerts are little more than a band-aid -- the real issue is the
need for authentication, avoiding the forgery in the first place.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Understanding response protocols, (continued) Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, D. J. Bernstein Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Charles Lindsey Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Charles Lindsey Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Charles Lindsey Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Bruce Lilly Re: Understanding response protocols, Bruce Lilly <= Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Philip Hazel Re: Understanding response protocols, Bruce Lilly Re: SPAM-3 Re: Understanding response protocols, Charles Lindsey Re: Understanding response protocols, D. J. Bernstein Re: Understanding response protocols, Bruce Lilly Re: Understanding response protocols, D. J. Bernstein Re: Understanding response protocols, Bruce Lilly Re: Understanding response protocols, Keith Moore Re: Understanding response protocols, Bruce Lilly