Friendly Rootkits? Please Tell Me This is a Joke...

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ZDNet Australia.

[snip]

Secure Socket Layer (SSL) certificates have made e-commerce more secure,
according to VeriSign, but a US security researcher reckons benevolent
rootkits served by the retailer might do a better job.

SSL certificates are issued to merchants by Certificate Authorities to
indicate to the consumer it is a legitimate business. The rootkit which Dan
Geer, VP and chief scientist at security company Verdasys, has proposed
would take over the security function of a customer during a transaction by
placing it within the merchant's trusted environment.

Geer proposes that merchants ask their customers whether they would like an
"extra special secure connection" prior to making a transaction. If a user
says "Yes", the merchant could install the rootkit on a customer's PC to
make the transaction safe.

[snip]

More:
http://www.zdnet.com.au/news/security/soa/-Friendly-rootkits-a-must-for-sec
ure-Web-shopping-/0,130061744,339284109,00.htm

Travesty alert:

"Extra special?" Yeah, well Sony tried that (without asking) and I can
assure you that any effort along these lines will end up the same way --
making consumers more vulnerable.

That is a very, very bad idea. And one that needs to be shot down now.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHTOohq1pz9mNUZTMRAuZHAJ9HuXcj3iu8J4NJx7YdnJpVBapEqgCdFUng
OvT8WpCNa00AyZR1BECRPrk=
=L8yN
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.