Re: DCPP
- From: Frank Slootweg <this@xxxxxxxxxxxxxxxxx>
- Date: 26 Jan 2007 16:18:44 GMT
Sebastian Gottschalk <seppi@xxxxxxxxx> wrote:
Frank Slootweg wrote:
And *which* FM might that be? The FM which says how to disable
hibernation?
F.e. TrueCrypt and PGP.
*Why* would the user (want to) read *that*?
Because you simply can't use a highly complex program without at least
knowing the basics? Sorry, but if the users lacks intent to read the FM,
this is clearly his fault. As he deserves the resulting problems.
Yes, we are all quite well aware of your unrealistic expectations of
and opinions on users of commercial software.
Anyway, a product like DCPP is surely also, and probably mainly,
targeted for the laptop market, which is very likely to use the
hibernation feature. So blaming the user for using an essential feature
is rather silly.
And now you're even talking nonsense. If the user doesn't intentionally
goes to hibernate at the key creation *before* the hard drive gets
initially encrypted, it's clearly his fault. After encryption, the
hibernate file is placed inside the crypto container.
And the swap file *isn't* placed inside the crypto container?
For the swap case the PEBKAC, because the user allowed physical access
or/and Administrator rights,
Even more bull***. Swapping is done by the operating system as part of the
normal modus operandi, and intentionally invoking is was just for the
purpose of demonstration.
You missed the point. I'm not talking about your demonstration of the
exploit, but about the fact that a culprit has physical or programmatic
it access to the swap file, yet you don't blame the user for that.
but you don't say "PEBKAC", but instead blame the DCPP supplier.
Of course, because it's something that's normally avoided by technical
measures. And because it's not done by the user, but by the operating
system following normal operation.
And well, every competent cryptographic software programmer knows that, yet
this super-big company fails to get even this simple thing right.
But for the hibernate case, you *do* say the PEBKAC. Why? Because you
can't see a way to blame the DCPP supplier? Other?
I should blame you for wasting my time discussing with someone who doesn't
even have a fu^W clue about the technological aspect he's discussing.
Yes, we are all aware of your superiority complex. It's becoming
rather a drag that you are always blaming others, but silently snip or
remain silent when people point out your misconceptions.
.
- References:
