[17567] in cryptography@c2.net mail archive
Re: WYTM - "but what if it was true?"
daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Fri Jun 24 14:18:30 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 24 Jun 2005 11:03:20 -0700
From: Dan Kaminsky <dan@doxpara.com>
To: dan@geer.org
Cc: cryptography@metzdowd.com
In-Reply-To: <20050624144741.71E1C1BF96D@absinthe.tinho.net>
Dan--
I had something much more complicated, but it comes down to.
You trust Internet Explorer.
Spyware considers Internet Explorer crunchy, and good with ketchup.
Any questions?
A little less snarkily, Spyware can trivially use what MS refers to
as a Browser Helper Object (BHO) to alter all traffic on any web page.
Inserting a 1x1 iframe in the corner of whatever, that does nothing but
transmit upstream data via HTTP image GETs, is trivial. And if HTTP is
a bit too protected -- there's *always* DNS ;). gethostbyname indeed.
--Dan
P.S. Imagine for a moment it was profitable to give people cancer. No,
not just a pesky side effect, but kind of the idea. Angiostatin
wouldn't stand a chance.
dan@geer.org wrote:
>What do you tell people to do?
>
><commercial_message>
>
>Defense in depth, as always. As an officer at
>Verdasys, data-offload is something we block
>by simply installing rules like "Only these
>two trusted applications can initiate outbound
>HTTP" where the word "trusted" means checksummed
>and the choice of HTTP represents the most common
>mechanism for spyware, say, to do the offload
>of purloined information. Put differently,
>if there 5,000 diseases but only two symptoms,
>then symptomatic relief is the more cost-effective
>approach rather than cure. In this case, why do
>I care if I have spyware if it can't talk to its
>distant master? (Why do I care if I have a tumor
>if angiostatin keeps it forever smaller than 1mm
>in diameter?) Of course, there are details, and,
>of course, I am willing to discuss them at far
>greater length.
>
></commercial_message>
>
>
>--dan
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
