On Mon, Apr 6, 2009 at 3:03 PM, Daniel Stenberg <daniel@haxx.se> wrote: > On Mon, 6 Apr 2009, Adam Barth wrote: >> Here the situation is reversed. Diversity leads to increased security >> risk because mismatches in sniffing create cracks that attackers can >> exploit. > > No, that's the exact same situation as in biology. If there's a single > master race with no quirks, it will conquer them all. But if that master has > a flaw, everyone gets hit. > > Alas, if the one and only method is found to have a flaw at a future date, > *all* browsers will have that flaw (assuming all would manage to and want to > adhere to the same spec). Letting everyone do it there own way of course > make the risk of them all having the exact same flaw less likely. I understand your perspective, but in this case the security issues caused by mismatched sniffing algorithms are much more common. For example, a single byte difference in the content sniffing algorithm between the server and the client can lead to vulnerabilities. For a concrete example we found in Wikipedia's content sniffer, see Section 2.5: http://www.adambarth.com/papers/2009/barth-caballero-song.pdf AdamReceived on Monday, 6 April 2009 22:56:38 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC