Re: time for my lil opinion poll

On 4/25/07, Arun Koshy <arunkoshy@xxxxxxxxx> wrote:
-+-------------------------------------------------
 | A friend from the vuln research arena ( sorry .. no names etc ) told
 | me in a convo a few hours ago  that this does not work :
 | 
 | http://en.wikipedia.org/wiki/Information_Leak_Prevention


    Disclaimer: I work for Verdasys, one of the firms listed on
    http://en.wikipedia.org/wiki/Information_Leak_Prevention

"Does not work" is a little like "Bad dog" -- could you
be a little more specific?

Content inspection?  Crap, in my view, as it only works
when the opponent does not know or care that you are watching
(Pig Latin is enough crypto to defeat).

Specific blocks of this and that, e.g., the electronic
equivalent of sealing the USB port with a glue gun?
Well, sure, but how many ways to steal data are there...

What we (Verdasys) sell is, in blunt terms, a commercial
version of the Orange Book "Reference Monitor" implemented
as a data-surveillance rootkit.  Compared to the others, 
ours is an Oxy-Acetylene torch to their paper match.

Before I go on, do we really want to have the full tilt 
debate?

--dan, exhausted and on lousy wireless in a cheap motel