Unforgeable dialog.
Trei, Peter
ptrei at rsasecurity.com
Thu Feb 2 18:20:21 EST 2006
Piers Bowness wrote:
> This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, > what prevents them from using the same techniques
and/or code to create a visually > > identical spoof?
(Hi Piers!)
I actually dealt with this in a former job, where I wrote a proxy
for Xwindows which did similar decoration for trusted and untrusted
X clients.
The trick is to invert the indicators - your rendering engine (whether
an Xwindows server, browser, or a windowing OS) has final say over
the outermost frame of all windows.
You mark the *untrusted* ones in the outer frame - a malicous client can
do whatever it wants inside its windows, but it can't overwrite and hide
the untrusted indicators in the outer frame. (We put a fat black border
around them).
Of course, if you run on an OS where any app can modify any binary,
you're SOL.
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list