Unforgeable dialog.

Thu Feb 2 16:26:30 EST 2006

     --
Bowness, Piers wrote:
 > Once the attacker sees the "secure" dialog, what prevents them from
 > using the same techniques and/or code to create a visually identical
 > spoof? There have been several OS-level designs to create
 > hardware-supported secure dialogs. Needless to say, these schemes
 > became exceedingly complex and had a variety of implementation
 > issues (i.e. special graphics hardware, drivers, TCMs, etc.)
 >
 > I don't see your proposals as providing 'secure' data viewing or
 > data entry solutions. IMHO, the best bet is currently provided by
 > layered security software where each component monitors and reports
 > on the others. Even this approach is temporary at best as we're now
 > seeing with malware that attacks by first disabling the currently
 > available protection layers (e.g., anti-virus, firewalls).

My computer does not get malware.  It regularly gets phishing and
legitimate emails that are very difficult to tell apart.

The techniques I discuss would make them very easy to tell apart.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      1JOeu/66DKl9KMzOvnF83U6mD6SUSbLgXtgqAEz1
      4swvP0Ni9aalk9b1QtRcmLZWW2OeWw0Z77uFyH3Pj

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com