WYTM - "but what if it was true?"

Dan Kaminsky dan at doxpara.com
Fri Jun 24 14:03:20 EDT 2005


Dan--

    I had something much more complicated, but it comes down to.

    You trust Internet Explorer.
    Spyware considers Internet Explorer crunchy, and good with ketchup.
    Any questions?

    A little less snarkily, Spyware can trivially use what MS refers to
as a Browser Helper Object (BHO) to alter all traffic on any web page. 
Inserting a 1x1 iframe in the corner of whatever, that does nothing but
transmit upstream data via HTTP image GETs, is trivial.  And if HTTP is
a bit too protected -- there's *always* DNS ;).  gethostbyname indeed.

--Dan

P.S.  Imagine for a moment it was profitable to give people cancer.  No,
not just a pesky side effect, but kind of the idea.  Angiostatin
wouldn't stand a chance.

dan at geer.org wrote:

>What do you tell people to do?
>
><commercial_message>
>
>Defense in depth, as always.  As an officer at
>Verdasys, data-offload is something we block
>by simply installing rules like "Only these
>two trusted applications can initiate outbound
>HTTP" where the word "trusted" means checksummed
>and the choice of HTTP represents the most common
>mechanism for spyware, say, to do the offload
>of purloined information.  Put differently, 
>if there 5,000 diseases but only two symptoms,
>then symptomatic relief is the more cost-effective
>approach rather than cure.  In this case, why do
>I care if I have spyware if it can't talk to its
>distant master?  (Why do I care if I have a tumor
>if angiostatin keeps it forever smaller than 1mm
>in diameter?)  Of course, there are details, and,
>of course, I am willing to discuss them at far
>greater length.
>
></commercial_message>
>
>
>--dan
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>  
>


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list