|
Posted by Nico Kadel-Garcia on June 6, 2006, 7:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> all mail refused wrote:
>>
>>
>>>2) Using some sort of spy ware (and not one you've written just for this
>>>product) can you automatically capture the ssh2 rsa file, username &
>>>password. Then use these to access any network services on the VPN
>>>gateway ?
>>
>>
>> Why the artificial restriction "not one you've written just for this
>> product"?
>> Do you think attackers don't write attacks against specific products?
>>
> Thats a fair point.
>
> I guess I was thinking along the lines of public Internet places (like
> Internet cafes) where the spyware that may be installed is going to be
> more general. Like key-logging software.
>
> Im sure that given a little information about how my software handles
> security it would not be difficult to write a very targeted application
> that could obtain a copy of the security details.
>
> This is an area that I am currently working on improving. My aim is to
> come up with a connection model that mutates every time its used. So even
> if you get a copy of the security details they will be of no use if you
> try and use them again.
Ahh. Security through obscrutityy, *AND* violation of the GPL of the
SmoothWall Express software you're pirating. (And you're blatantly in
violation of the GPL on their software, by your own admission of using it
and your failure to publish your source code along with your downloads.)
And this guy wonders why no one will take it seriously as the "ABSOLUTELY
SECURE VPN" he advertises it as. Sheesh!
| 
XML site map