[Cryptography] In the latest unexpected ransomware twist ...

[Nabil Alsharif]

On 6/10/21 7:31 PM, Viktor Dukhovni wrote:
> On Thu, Jun 10, 2021 at 05:36:22PM -0400, Phillip Hallam-Baker wrote:
>
> It isn't email that's the problem, and certainly not lack of sender
> authentication.  Social engineering does not rely on impersonating a
> known sender precisely enough for authentication to matter.
>
> The real issue is the ease of installation of executables (or documents
> with an embedded scripting language) that can perform unrestricted
> actions as the user who opened the document.  We need operating systems
> where access control is partitioned by application, and (enterprise)
> users cannot raise the access level of an application above a rather low
> ceiling that mostly just lets the application play in its own sanbox.
>
> Such an OS would be closer to what Apple delivers with iOS than
> Microsoft with Windows or RedHat, et. al. with Linux, but much more work
> is required to make this work at enterprise scale.

I could not agree more that this is _one_ of the gaping security holes
in our current system design. There is no reason my email client (or
anything other than my ssh client) should have access to my ssh keys
unless I explicitly authorize that access.

I can't say much about the design of Mac OS or iOS because I don't know
much about them . However, I do see Android as a strong candidate in
this case as well. I am hoping that the AOSP will provide the base for
an Open Source end-user focused desktop system in the near future.

As mentioned may times in this mailing list, cryptography is a tool and
not a magic wand and sometimes you need other tools to secure things. I
believe ransomware is one of those problems that can't be solved with
more encryption, but _could_ be solved with better system design.

Thanks,
Nabil.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210612/ee6ad0f8/attachment.htm>