decoration decoration
Stories

GROKLAW
When you want to know more... 		decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.

You won't find me on Facebook

Donate

Donate Paypal

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Par for the course... conflicting priorities | 73 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Par for the course... conflicting priorities
Authored by: Anonymous on Monday, June 04 2012 @ 04:44 PM EDT

On the one hand MS has:

    Implement proper security!
On the other hand MS has:
    Implement more customer lockin.
    Implement more EULA enforcement.
    Implement more anti-competition.
When proper security prevents you from being able to properly implement (to the level wanted) the rest.... guess which direction MS always leans.

Consider as a test case MS' implementation of Kerberos security.... was there really a security reason to change it? Or was that more just to make the MS implementation less compatible and therefore try and push others to MS' implementation? And when all was said and done, was it less, equal to, or more secure then the industry standard that was in use for a couple decades?

Under such conflicting priorities, we can always expect MS to implement any security method poorly. At least until the Corporate mentality surrounding business practices changes.

RAS

[ Reply to This | Parent | # ]

The problems with signed certificates
Authored by: Anonymous on Monday, June 04 2012 @ 11:26 PM EDT
Not just a Microsoft problem - this dates right back to netscape designing SSL
and whether the current PKI setup is sensible. This is pretty much the only way
anyone "verifies" identities online and yes, it's not particularly
secure. Wouldn't you be able to Basically we need a better system, but who
knows what that will look like yet.

Not sure I'd be too concerned about brute force attacks though without a major
mathematical advance.

[ Reply to This | Parent | # ]
Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details ) 		Site layout based on Woodlands theme by Bryan Bell.
Groklaw logo by John Crowley.
News Picks logo by Ted Thompson.
Powered By GeekLog
Created this page in 0.03 seconds