Posts by Martin McNulty

Opinion?

You seem to state the contents of this article as fact, but without quoting or referencing so much as one source. (Not even a made-up 'high-level' or 'closely involved' one...). Sounds plausible enough, but also fairly spurious if it's simply a guess. Is this just your opinion or is there some evidence in there somewhere?

re: single IP

"if the IP changes then it could be due to the session being hi-jacked" - the problem here is that in a man-in-the-middle attack, the session is hi-jacked from the beginning. The software installed on the user's machine redirects them to the hackers' website, so they never connect directly to the bank's. This means that the only IP the bank ever sees belongs to the hackers, and is consistent throughout the session. i.e. from the bank's point of view, the IP doesn't change, so this technique is useless against this form of attack. "Think".

Whoa there!

Anonymous writes: "It leaves the impression the writer agrees with bin Laden and company".

Quite simply, no it doesn't.

I have some sympathy for the views in that comment, but I think you're sailing dangerously close to "you're either with us or against us"-type waters...

Allegedly...

It's already being done. There's a company called Praxis High Integrity Systems (http://www.praxis-his.com/) who (I'm told - no, I don't work for them!) create software which needs to be completely reliable (think air-traffic control systems) by applying the kinds of theoretical techniques taught in formal programming courses but rarely applied in the real world due to the extra work involved.

As far as I remember, they use a language called SPARK-ADA which is a subset of ADA, but with annotations for pre and post conditions on various blocks of code. There's then a tool which checks that the code ensures the post-condition holds if the pre-condition held when the code was run, etc.

Rather them than me, but still, nice to know someone's trying!