[40] in WWW Security List Archive
Re: GSS API...
daemon@ATHENA.MIT.EDU (Rik Farrow 602 282 0242 MST)
Tue Aug 16 23:52:57 1994
Reply-To: crow!rik@uunet.uu.net
Date: Tue, 16 Aug 94 15:58:42 MST
From: crow!rik@uunet.uu.net (Rik Farrow 602 282 0242 MST)
To: uworld!uunet!ns1.rutgers.edu!www-security@uunet.uu.net
Two items. I raised the spector of DLL's being PC-centric. Most businesses
talking about HTTP servers are not talking about PC platforms, but UNIX,VMS,
and only once that I heard of NT.
Like Bernhardt of Physik.TU-Muenchen.DE mentioned, I am very concerned
about the security of DLL, or shared library-like tools. These have been
a big problem, especially on Sun systems, where an attack might take the
form of placing a doctored shared library ahead of the appropriate shared
library. It would hardly do to create an security mechanism with inherent
security problems.
Finally, on copyright protection, Roger Masse mentioned watermarks. I
had been thinking of a similar idea. Material you did not want copied
would be delivered as bitmaps with some depth (for example 256 colors,
8 bits). The receipient's name would be encoded in very small changes in
the bitmap--changes which would be indetectable to the eye, or software, as
they would appear to just a shade of difference in color a locations known
only to the sender.
This doesn't prevent copying, but makes it possible (perhaps) to discover
the source of the copies. Of course, someone could make more changes,
randomly, which could destroy the watermark. Just an idea.
Rik Farrow
