WYTM - "but what if it was true?"
Dan Kaminsky
dan at doxpara.com
Fri Jun 24 14:03:20 EDT 2005
Dan--
I had something much more complicated, but it comes down to.
You trust Internet Explorer.
Spyware considers Internet Explorer crunchy, and good with ketchup.
Any questions?
A little less snarkily, Spyware can trivially use what MS refers to
as a Browser Helper Object (BHO) to alter all traffic on any web page.
Inserting a 1x1 iframe in the corner of whatever, that does nothing but
transmit upstream data via HTTP image GETs, is trivial. And if HTTP is
a bit too protected -- there's *always* DNS ;). gethostbyname indeed.
--Dan
P.S. Imagine for a moment it was profitable to give people cancer. No,
not just a pesky side effect, but kind of the idea. Angiostatin
wouldn't stand a chance.
dan at geer.org wrote:
>What do you tell people to do?
>
><commercial_message>
>
>Defense in depth, as always. As an officer at
>Verdasys, data-offload is something we block
>by simply installing rules like "Only these
>two trusted applications can initiate outbound
>HTTP" where the word "trusted" means checksummed
>and the choice of HTTP represents the most common
>mechanism for spyware, say, to do the offload
>of purloined information. Put differently,
>if there 5,000 diseases but only two symptoms,
>then symptomatic relief is the more cost-effective
>approach rather than cure. In this case, why do
>I care if I have spyware if it can't talk to its
>distant master? (Why do I care if I have a tumor
>if angiostatin keeps it forever smaller than 1mm
>in diameter?) Of course, there are details, and,
>of course, I am willing to discuss them at far
>greater length.
>
></commercial_message>
>
>
>--dan
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list