WYTM - "but what if it was true?"
dan at geer.org
dan at geer.org
Fri Jun 24 17:25:10 EDT 2005
Dan Kaminsky writes:
| Dan--
|
| I had something much more complicated, but it comes down to.
|
| You trust Internet Explorer.
| Spyware considers Internet Explorer crunchy, and good with ketchup.
| Any questions?
|
| A little less snarkily, Spyware can trivially use what MS refers to
| as a Browser Helper Object (BHO) to alter all traffic on any web page.
| Inserting a 1x1 iframe in the corner of whatever, that does nothing but
| transmit upstream data via HTTP image GETs, is trivial. And if HTTP is
| a bit too protected -- there's *always* DNS ;). gethostbyname indeed.
|
| P.S. Imagine for a moment it was profitable to give people cancer. No,
| not just a pesky side effect, but kind of the idea. Angiostatin
| wouldn't stand a chance.
|
If you are insisting that there is always
a way and that, therefore, the situation is
permanently hopeless such that the smart
ones are getting the hell out of the
Internet, I can go with that, but then
we (you and I) would both be guilty of
letting the best be the enemy of the good.
<commercial>
However, I/we routinely disable all use of
BHOs, prevent mod of any entity as chosen
by filename extension, checksum, or filesystem
location, and whitelist applications, to name
a _few_. For the genuinely paranoid, regular
(like every few hours) reboot to a new VM is
also enforceable and recommended, especially
if you care about attacks that are purely
in-memory and which do not leave behind any
payload such as to aid an attacker on his/her
proposed second visit. If you indeed are an
"I don't need no stinkin' payload" sort of
guy, like the folks who eschew carrying matches
because you can always light a fire rubbing
two sticks together, make me a suggestion;
I love free consulting.
</commercial>
--dan
=================
"Internet Explorer is the most dangerous program ever written."
-- Rik Farrow to Scott Charney during the audience grilling stage of
http://www.usenix.org/events/usenix04/tech/sigs.html#mono_debate
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list