Is that really you?

It’s difficult to know who is who anymore. And I don’t mean the age old issue of changing personalities after major life events (marriage, breakup, big promotion). A recent talk by Christopher Abad at cansecwest/06 outlined this type of issue. How can we trust anything that is said online? How are we to know that the person who said it is the person who claims to have said it? In a recent blog post praising Abad’s talk here we see a comment purported to be from Dave Aitel. I’ve met Dave before and although I’m sure we wouldn’t list each other as beneficiaries on each others wills we are acquainted. I haven’t had time to ask him directly but my own gut says this comment isn’t Dave. It just doesn’t sound like something he would say or “how” he would say it. Word choice is as unique a fingerprint as say handwriting can be. But the “posted by:” says Dave and it does point to his company at Immunity.

As TK points out in the reply “without a proper digital signature on this posting, it would be Abad himself authoring it. (it is not but I am just trying to make the point)”. Abad could infact be the author of this post. Just because you read something on this blog doesn’t mean that it came from me. Someone could just as easily figure out a way into my blog and make a post in my name. A few minutes of searching on Daily Dave (Aitel’s mailing list) turns up this post from Dave stating it was not him who made the comments. In it Dave states,
“Just for the record, neither of these postings is from me. Sorry, tk, but I’m currently helping Nico and Bas with a heap overflow and can’t
figure out how to get a “TypeKey” identity, let alone have time to
post on the ncircle weblog. would have told you I can’t talk
like that anyways. :>”

Now that sounds like Dave.

slides from the cansecwest/06 talk

Post a Comment

You must be logged in to post a comment.