Unforgeable dialog.

Jaap-Henk Hoepman jhh at cs.ru.nl
Fri Feb 3 04:06:51 EST 2006


That is a nice trick, but that still may not work entirely: if i make sure
my untrusted app always opens in maximized mode, the untrusted decoration (in
your case a big black border which actually _disappears_) may be unnoticed
along the edges of the screen; if my app then simulates the whole desktop
as it was before it started, it can draw a trusted-looking dialog anywhere on
the screen...

Jaap-Henk

On Thu, 2 Feb 2006 18:20:21 -0500 "Trei, Peter" <ptrei at rsasecurity.com> writes:
> Piers Bowness wrote:
>
>> This is concept is surprisingly complex. Once the attacker sees the
> "secure" dialog, > what prevents them from using the same techniques
> and/or code to create a visually >  > identical spoof? 
>
> (Hi Piers!)
>
> I actually dealt with this in a former job, where I wrote a proxy
> for Xwindows which did similar decoration for trusted and untrusted
> X clients.
>
> The trick is to invert the indicators - your rendering engine (whether
> an Xwindows server, browser, or a windowing OS) has final say over 
> the outermost frame of all windows.
>
> You mark the *untrusted* ones in the outer frame - a malicous client can
> do whatever it wants inside its windows, but it can't overwrite and hide
> the untrusted indicators in the outer frame. (We put a fat black border
> around them).
>
> Of course, if you run on an OS where any app can modify any binary,
> you're SOL.
>
> Peter Trei
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
>

-- 
Jaap-Henk Hoepman           |  I've got sunshine in my pockets
Dept. of Computer Science   |  Brought it back to spray the day
Radboud University Nijmegen |        Gry "Rocket"
(w) www.cs.ru.nl/~jhh       |  (m) jhh at cs.ru.nl
(t) +31 24 36 52710/53132   |  (f) +31 24 3653137


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list