Tuesday, May 19, 2009

WORA? WOOE.

WORA? WOOE. An interesting bit by Julien Tinnes on the calendar deserialization bug, Java applet security in general and Apple taking a long time to fix it on OSX.

Landon Fuller has a Proof of Concept implementation to demonstrate the problem.

Monday, May 11, 2009

Apologies to Mr. Schneier

On November 29, 2007 Bruce Schneier wrote:
Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.

On Saturday, May 10, 2008 Sami Koivu wrote:
Security is hard.

When you're trying to build something secure, you have to consider everything.

When you're breaking the security, you just have to think of one thing that the other guy didn't think of. Not to mention the person creating security is normally vastly outnumbered.
I can't remember having read Bruce's essay. But the wording is uncomfortably similar. Given the dates, my writing seems like cheap rip-off, of Bruce's. My bad. It's possible I've read something by someone else that was inspired by what Bruce had written. Or it could be coincidence. In any case: imitation, flattery, and so on...