387965
submission
+- Dan Geer on Trusting PCs in Botnets-> on Tuesday November 20 2007, @11:41AM walk*bound
Submitted
by
walk*bound
on Tuesday November 20 2007, @11:41AM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal to trust the handshake between e-commerce sites and zombie computers. The suggestion is simple: Assume end users either always say "Yes" or "No" to security dialog boxes, then make the decision two ways: "When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say Yes and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes.""
Link to Original Source
Link to Original Source
If the master dies and the disciple grieves, the lives of both have
been wasted.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Dan Geer on Trusting PCs in Botnets 0 Comments More Login /
Get More Comments