Unforgeable dialog.

Trei, Peter ptrei at rsasecurity.com
Thu Feb 2 18:20:21 EST 2006


Piers Bowness wrote:

> This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, > what prevents them from using the same techniques
and/or code to create a visually >  > identical spoof? 

(Hi Piers!)

I actually dealt with this in a former job, where I wrote a proxy
for Xwindows which did similar decoration for trusted and untrusted
X clients.

The trick is to invert the indicators - your rendering engine (whether
an Xwindows server, browser, or a windowing OS) has final say over 
the outermost frame of all windows.

You mark the *untrusted* ones in the outer frame - a malicous client can
do whatever it wants inside its windows, but it can't overwrite and hide
the untrusted indicators in the outer frame. (We put a fat black border
around them).

Of course, if you run on an OS where any app can modify any binary,
you're SOL.

Peter Trei

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list