[19838] in cryptography@c2.net mail archive
Re: Unforgeable dialog.
daemon@ATHENA.MIT.EDU (James A. Donald)
Thu Feb 2 17:44:20 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 02 Feb 2006 15:26:30 -0600
From: "James A. Donald" <jamesd@echeque.com>
To: "Bowness, Piers" <pbowness@rsasecurity.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE297072391A7@rsana-ex-hq1.NA.RSA.NET>
--
Bowness, Piers wrote:
> Once the attacker sees the "secure" dialog, what prevents them from
> using the same techniques and/or code to create a visually identical
> spoof? There have been several OS-level designs to create
> hardware-supported secure dialogs. Needless to say, these schemes
> became exceedingly complex and had a variety of implementation
> issues (i.e. special graphics hardware, drivers, TCMs, etc.)
>
> I don't see your proposals as providing 'secure' data viewing or
> data entry solutions. IMHO, the best bet is currently provided by
> layered security software where each component monitors and reports
> on the others. Even this approach is temporary at best as we're now
> seeing with malware that attacks by first disabling the currently
> available protection layers (e.g., anti-virus, firewalls).
My computer does not get malware. It regularly gets phishing and
legitimate emails that are very difficult to tell apart.
The techniques I discuss would make them very easy to tell apart.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
1JOeu/66DKl9KMzOvnF83U6mD6SUSbLgXtgqAEz1
4swvP0Ni9aalk9b1QtRcmLZWW2OeWw0Z77uFyH3Pj
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
