[19839] in cryptography@c2.net mail archive
RE: Unforgeable dialog.
daemon@ATHENA.MIT.EDU (Trei, Peter)
Thu Feb 2 22:03:45 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 2 Feb 2006 18:20:21 -0500
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: "Bowness, Piers" <pbowness@rsasecurity.com>,
"James A. Donald" <jamesd@echeque.com>, <cryptography@metzdowd.com>
Piers Bowness wrote:
> This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, > what prevents them from using the same techniques
and/or code to create a visually > > identical spoof?=20
(Hi Piers!)
I actually dealt with this in a former job, where I wrote a proxy
for Xwindows which did similar decoration for trusted and untrusted
X clients.
The trick is to invert the indicators - your rendering engine (whether
an Xwindows server, browser, or a windowing OS) has final say over=20
the outermost frame of all windows.
You mark the *untrusted* ones in the outer frame - a malicous client can
do whatever it wants inside its windows, but it can't overwrite and hide
the untrusted indicators in the outer frame. (We put a fat black border
around them).
Of course, if you run on an OS where any app can modify any binary,
you're SOL.
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
