Basic HTML version of Foils prepared May 19 99

Foil 11 A PKZIP Anecdote

From Remarks on Internet and Java Security Basic Information Track Computational Science Course CPS616 -- Spring Semester 1999. by Geoffrey Fox, Mehmet Sen


1 In 1995 and 1996, a program called PKZIP30.EXE was placed on many Internet software libraries. This purported to be 3.0 beta release of the well known file compression program PKZIP
2 Unfortunately, downloading this program, caused ones disk to be erased ......
3 This is equivalent to a crook turning up at your door in a fake Niagara Mohawk (or what have you) van. In real world, if we are careful, we ask to see credentials of purported service person.
4 In Web security, one needs digital signatures to establish the credentials of a particular program -- in particular one would expect that PKZIP30.EXE be digitally signed by PKWare the company that created PKZip
5 Certification Authorities supply "Software Publisher's Certificates" from "certification authorities" who presumably verify credentials of the organizations that they are certifying

in Table To:


© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999