Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:36 ADT
mgraffam@mhv.net
Wed, 17 Jun 1998 04:38:43 -0400 (EDT)
On Wed, 17 Jun 1998, Marcus Watts wrote:
> If you do either of these approaches, you might want to publish
> your results. I don't know of anyone who has done this work yet,
> and suspect there is no such person, because nobody has said anything
> about it on this list. You should also try your approach
> under more than one version of Windows. 3.1, 95, 98, & NT may
> all do things differently, and what may be perfectly safe on one,
> may be bad news on another.
This is a good idea. Such a detailed analysis would be highly valuable.
I suspect that Window's memory locking mechanism isn't up to snuff.
> It is very hard to design a system that has more security or
> trustworthiness than the underlying software.
I'd go further to say that it is impossible.
> You miss my point. I'm not interested in whether you've ever gotten
> a virus. My point is that the sorts of hooks that provide an environment
> where viruses can flourish, is *also* the sort of environment that
> provides enough hooks for malicious software to compromise the
> cryptographic integrity of the machine in question.
While this is true, it is important to note that viruses have yet (in my
opinion) to be established as a threat to privacy and communications
security. This is a key concept: the viruses that get found are mostly
of the prankster/vandal variety. As I am sure most of us here have come to
realize, viruses can potentially be deployed in a much more sinister
manner.
I'm waiting for the virus that spreads to crack 40-bit SSL.
I figure it'll show up eventually.
> A classical example
> of this is the "keyboard sniffer", often found in university labs
> where it is used by computer vandals to steal passwords.
Yeah, these things are a real pain. Life would be easier if I could trust
the networks I need to use. I've just resorted to carrying my notebook
computer with me for doing things like S/key calculation, document signing
and the like. There just isn't enough time in the day to mess around with
the machines looking for keycopy.
> PS. All of my Unix systems have mice and windows.
Heheh. I'm working on a 3-headed beast right now. Fun :)
Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Act only according to that maxim by which you can at the same time will that
it should become a universal law.." - Immanuel Kant "Metaphysics of Morals"
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:36 ADT