Unforgeable dialog.
James A. Donald
jamesd at echeque.com
Thu Feb 2 16:26:30 EST 2006
--
Bowness, Piers wrote:
> Once the attacker sees the "secure" dialog, what prevents them from
> using the same techniques and/or code to create a visually identical
> spoof? There have been several OS-level designs to create
> hardware-supported secure dialogs. Needless to say, these schemes
> became exceedingly complex and had a variety of implementation
> issues (i.e. special graphics hardware, drivers, TCMs, etc.)
>
> I don't see your proposals as providing 'secure' data viewing or
> data entry solutions. IMHO, the best bet is currently provided by
> layered security software where each component monitors and reports
> on the others. Even this approach is temporary at best as we're now
> seeing with malware that attacks by first disabling the currently
> available protection layers (e.g., anti-virus, firewalls).
My computer does not get malware. It regularly gets phishing and
legitimate emails that are very difficult to tell apart.
The techniques I discuss would make them very easy to tell apart.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
1JOeu/66DKl9KMzOvnF83U6mD6SUSbLgXtgqAEz1
4swvP0Ni9aalk9b1QtRcmLZWW2OeWw0Z77uFyH3Pj
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list