[Info-vax] Variable declarations, was: Re: improving EDT
David Froble
davef at tsoft-inc.com
Tue Nov 22 16:04:55 EST 2016
Scott Dorsey wrote:
> <johnwallace4 at yahoo.co.uk> wrote:
>> Quite a few people and organisations would say they cared
>> about security. They especially say this after they've been
>> publically breached.
>>
>> Fewer people and organisations actually consider (let alone
>> invest in) real security upfront.
>
> Indeed, and few of them even consider or invest in it after the fact.
>
>> For certain specific applications, ARM's TrustZone seems to
>> have some applicability:
>> https://www.arm.com/products/security-on-arm/trustzone
>>
>> Intel have been trying to achieve something similar on=20
>> specific x86-based systems, with little visible effect to
>> date:
>> https://software.intel.com/en-us/sgx
>> https://en.wikipedia.org/wiki/Software_Guard_Extensions
>>
>> And back in the day, didn't Intel have a capability-based
>> chip? The ill-fated iAPX 432?
>> https://en.wikipedia.org/wiki/Intel_iAPX_432
>
> Yes, the iAPX 432 was a very slow machine but one with a lot of real security
> features. Although it died a horrible death of bloat, many of the useful
> features in the 432 appeared in the i960 which was an ingenious and well
> thought-out architecture that Intel seemed to be totally unable to sell in
> spite of excellent performance and well-designed security.
>
>> If people actually wanted security, we wouldn't be reading
>> about obvious exploit after obvious exploit on the latest
>> devices from the Interweb of Trash. Or something.
>
> Precisely.
> --scott
I've had two experiences that caused me to throw in the towel and do whatever
people wanted.
1) I mentioned to a customer that storing credit card data and checking account
data with no protection on an IIS server wasn't a good idea. The response: "why
not, everyone does it".
2) While discussing security with another customer I was told "my boss doesn't
care about security".
More information about the Info-vax
mailing list