keitai-l@appelsiini.net writes:
>I have no idea why you would be agog,
I "gog" easily....
>since I've *never* seen a piece of
>hardware that's been fully secure given physical access to it.
They shone a light on it. Physical access of a sort, true, hence my
question about the sun - is that sufficient to flip a bit sufficiently
interesting number of cases. Bluntly, could one write an applet have it
downloaded by a sufficiently large number of people, then wait for the sun
to shine and have your malicious code execute in just a few cases... ? If
not the sun, some other radiations source....?
>
>
>And this is certainly not a bug in the java sandbox;
Nowhere did they claim it was.
> if you can
>arbitrarially change the contents of the computers' memory, of course
>you can do anything you want. The sandbox stops programs running it it
>from performing arbitrary actions; it does not stop nearby people from
>phsically modifying the hardware. No software can do that.
.... yes.... The article called it a "security flaw", not a "bug". In this
case "physically modifying the hardware" was simply warming it up with a
lamp. Of course an attack is possible if you have physical access and
enough resources. But this is a TRIVIAL attack - hence my state of "gog".
>
>
>Think of it this way: I have a program that takes the contents of
>locations A and B, adds them, and puts the result into C. If I start
>with 2 in A and 3 in B, run the program, it stores 5 in C, and then I
>change the contents of location C to be 6, is this a bug in the program?
No one has claimed it is, as far as I am aware.....
>
>
>This story is complete sensationalism, and it really annoys me that
>reporters can be such idiots as to write stuff like this.
Judging by your response, I don't think you have read it fully. Which
parts are sensationalist? (Ok, this is a cnet story, it isn't allowed to
be completely non-sensationalist. But the basic points seemed reasonable).
>
sin-nick
>
Received on Thu May 15 14:02:45 2003