[Pipet Devel] new server up

J.W. Bizzaro bizzaro at bc.edu
Thu Mar 18 20:33:42 EST 1999

Dave Beck wrote:
> Tim has the idea...  I don't quite agree with Carlos's assesment of
> Red Hat's security flaws, but I don't think that matters if /etc/hosts.*
> files were set up properly and only SSH, port 80, and perhaps anonymous
> FTP were allowed from "unknown" hosts.

Okay.  We need someone to volunteer to be our anti-cracker.

Tim?  Carlos?  Dave?  Rahul?

> As far as Paos being on a server
> that could be cracked, granted Carlos knows best of the potential dangers
> of Paos, but it would seem to me that ANY machine is potentialy vulnerable
> especially with man in the middle attacks possible.  If there is potential
> for trojan horses being sent via Paos then Paos needs to deal with that
> (by providing some kind of encryption / tamper proofing on its messages)
> and not the server or operating system.  I don't think it is reasonable
> to expect every locus server that might want to paticipate to ensure that
> its local network and every network between source and destination be
> secure and "tamper proof."  Its more realistic to put a seatbelt in every
> car than it is to expect everyone to be a perfect driver.

I'm sure Carlos was referring to the PAOS source code tree or whatever being
compromised on an insecure server.

But the reality of the Loci communication process being "secure" has not escaped
me.  We cannot guarantee that every Loci client (locus) on the Internet is
legitimate, but we can take measures to keep loci communication in sort of a
"sandbox", to use a Java term.

Another concern is that companies using Loci will want to keep communication
private, so that no one steals their million-dollar discovery.  Maybe someone
into encryption would like to take on that project.

J.W. Bizzaro                  Phone: 617-552-3905
Boston College                mailto:bizzaro at bc.edu
Department of Chemistry       http://www.uml.edu/Dept/Chem/Bizzaro/

More information about the Pipet-Devel mailing list