funsec mailing list archives
Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups)
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 19 Oct 2009 17:12:30 -0400
On Mon, Oct 19, 2009 at 01:07:16PM -0700, chris () blask org wrote:
As far as dealing with pre-infected machines, a strong-auth that required the user to do something (like swipe a finger) prior to using email could stamp a message as being highly likely as having come from a human and therefore of higher priority than something that could have been produced by a robot.
What's to stop the new owner of that system from stashing the results of the swipe and using them at will? Or more conveniently, just disabling the strong auth code? There's no reason to expect a compromised system to run ANY code that's placed on it. You can't defeat this as long as the OS that's running isn't under your control any more. Incidentally, one of the things that I expect to see Real Soon Now, given all the progress in virtualization, is malware that sandboxes the former owner of the system into a nice, clean, virtual system and goes through some trouble to run AV code that ensures that environment is infection-free. The user will of course be told "your system is infected", will duly run whatever AV program they have, get back the "system is clean" output...and that's when the real fun starts. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups), (continued)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Larry Seltzer (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) G. D. Fuego (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Valdis . Kletnieks (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Nick FitzGerald (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene(was Comcastpop-ups) Rich Kulawiec (Oct 20)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Nick FitzGerald (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) chris (Oct 19)
- Re: Public Policy and Consumer ISP Hygiene (was Comcastpop-ups) Rich Kulawiec (Oct 17)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Michael Collins (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Rich Kulawiec (Oct 13)
- Re: Public Policy and Consumer ISP Hygiene (was Comcast pop-ups) Michael Collins (Oct 13)
- Re: dumb. Comcast pop-ups Toralv_Dirro (Oct 10)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 10)
- Re: dumb. Comcast pop-ups Michael Collins (Oct 10)