[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4095.1278386119@localhost>
Date: Mon, 05 Jul 2010 23:15:19 -0400
From: Valdis.Kletnieks@...edu
To: Mary and Glenn Everhart <Everhart@....com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Full-Disclosure Digest, Vol 65, Issue 7
On Mon, 05 Jul 2010 21:48:53 EDT, Mary and Glenn Everhart said:
> Might I suggest that in addition to discussing how to defend against
> software attacks, that it is also useful to devise methods and protocols
> that will function even where the systems being used to communicate are
> infected with malware?
The consensus in the security world is that, in general, if a system has been
infected with sufficiently virulent malware, it's impossible to do *any*
reliable computing on it. Consider a system with a keystroke logger on it -
anything you type is compromised the instant you hit the key. (And before you
say "how about a mouseable keyboard on the screen", I'll point out that some
banks have tried that, and it's already been pwned). Similar arguments hold for
any other function - if the attacker controls the vertical and horizontal,
you're basically screwed. So there's not been a lot of research on the topic
from the white-hat end. Most likely, you'll find most of the good work in this
area over in the black-hat world, as they're continually trying to find ways to
do reliable computing on a machine owned by the adversary.
There is a slim chance that with hardware assistance such as a smart
card, it may be possible to open up an encrypted communications session from
the smart card *through* the compromised system to an external endpoint.
However, such a card would have very limited ability to introspect the
system unless you expand the scope drastically - and at that point, you're
basically re-inventing the TPM chipset.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists