[18438] in cryptography@c2.net mail archive
Re: Is there any future for smartcards?
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Tue Sep 13 11:22:19 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 13 Sep 2005 15:57:16 +0200
From: Eugen Leitl <eugen@leitl.org>
To: "James A. Donald" <jamesd@echeque.com>, cryptography@metzdowd.com
In-Reply-To: <43254FDB.32320.A17E9C9@localhost>
--tUhcEp9PHg1fOHnB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 12, 2005 at 09:52:27AM -0700, James A. Donald wrote:
> Typical worm installation goes like this:
>=20
> : : Receive message via bluetooth from unnamed=20
> : : device? Y/N
> : :
> : : Installation Security warning: Unable to=20
> : : verify supplier. Continue anyway? Y/N
It's just a networked computer that happens to look
like a mobile phone. Not particularly security-oriented.
It also doesn't matter what current malware does on the current
platform. FWIW, it's still in primitive shenanigan stage.=20
It's a question what future malware on future mobile platforms
will do. It's a machine for young social primates. Not suitable
for a payment system, unless equipped with dedicated, hardened
cryptographic compartment with dedicated display and PIN/biometrics.=20
http://www.f-secure.com/weblog/archives/archive-052005.html
Yesterday we received information on Commwarrior.B sightings on two new cou=
ntries: Greece and South Africa.
So it seems that the rate in which Commwarrior is spotted is quite a lot fa=
ster than with Cabir. But then again, high discovery rate might be result o=
f increased public awareness.
Also as Commwarrior is in the wild here in Finland, we have had an opportun=
ity to follow how the worm spreads and interviewed people who have been inf=
ected with it. And it seems that we have found at least partial answer to t=
he question why people install Symbian worms on their phones.
The most common reason why people have installed Commwarrior from MMS messa=
ge is the trust that they have on the sender. People are wary of messages t=
hat they receive from unknown sources, but quite willing to install whateve=
r has been sent from a friends mobile. This is a phenomenon that we have al=
so seen with E-Mail worms, people just are unwilling to mistrust something =
coming from a friend.
Current count of countries with Commwarrior sightings:
1.Ireland
2.India
3.Oman
4.Italy
5.Philippines
6.Finland
7.Greece
8.South Africa
> Seems to me that the phone designers have done a better=20
> job with virus, worm, and malware resistance than=20
> Microsoft or Linux. Teenagers are pretty sophisticated.=20
Are we talking even about the same species? About
the same teenagers which already own malware-infested=20
PCs, and swap whatever ringtones, logos and games en vogue
with their FOAFs?
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--tUhcEp9PHg1fOHnB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDJtq8dbAkQ4sp9r4RAtLhAJ44Pacs+XPp+bldLxdzGlM+MXDhKwCfVDUi
l1MOYGpIDc7rOeFtEQU3Q+c=
=1jVf
-----END PGP SIGNATURE-----
--tUhcEp9PHg1fOHnB--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
