[Cryptography] phishing attack again - $300m in losses?

Phillip Hallam-Baker phill at hallambaker.com
Tue Feb 17 08:41:13 EST 2015


On Mon, Feb 16, 2015 at 9:09 PM, Bill Frantz <frantz at pwpconsult.com> wrote:

> On 2/16/15 at 5:45 PM, phill at hallambaker.com (Phillip Hallam-Baker) wrote:
>
>  Another part though would be to change the way applications are installed.
>> The default should be that an application runs in a separate partition and
>> does not see the shared file system or the general network. Least
>> privilege
>> is your friend.
>>
>
> We have plash and Polaris as worked examples for IX systems and Windows.
> In one case, a development version of Polaris was installed on a user's
> system and he didn't even notice until informed somewhat later.
>
>
>  What we need is a Steve Jobs who cares about security. It is quite
>> possible
>> to implement secure systems that have Apple quality look and feel.
>>
>
> Polaris used a power box pattern that looked and behaved identically to
> the Windows file chooser. The magic is below the user interface if you
> assume that when a user designates a file, she also intends to grant access
> to that file. There are many ways to implement such a system.
>


I think it would be very easy to set up a scheme for program installation
where all code has to be signed to run. The permissions are granted to the
signer. The first time code runs, the user is asked what set of permissions
it should run with. 'Game' would be a standard minimum priv setting that
causes the program to run in a sandbox.

Any attempt at privilege escalation is reported and goes to the signer's
reputation.


This approach would make for a better development environment, everything
would automatically run in a custom sandbox.


The US is currently working up to spending tens of billions in
'cyber-defense' that does not include any defense at all. A fire department
has to know how buildings burn but that does not mean they have to devote
99% of their budget to training arsonists. Burning down buildings in Russia
and China is not going to make our buildings any more fireproof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150217/b55e1c39/attachment.html>


More information about the cryptography mailing list