[9653] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Scarfo "keylogger", PGP

daemon@ATHENA.MIT.EDU (Derek Atkins)
Tue Oct 16 15:37:55 2001

To: "Trei, Peter" <ptrei@rsasecurity.com>
Cc: cryptography@wasabisystems.com, schneier@counterpane.com,
	"'Peter Fairbrother'" <peter.fairbrother@ntlworld.com>
From: Derek Atkins <warlord@MIT.EDU>
Date: 16 Oct 2001 14:28:08 -0400
In-Reply-To: "Trei, Peter"'s message of "Tue, 16 Oct 2001 10:43:52 -0400"
Message-ID: <sjm3d4j30ef.fsf@rcn.ihtfp.org>

The same is true of, say, libX11.so, or worse, libpam.so, on Unix
systems.

-derek

"Trei, Peter" <ptrei@rsasecurity.com> writes:

> One of my continual gripes about Windows security has to do with the GUI
> DLLs. An attacker could silently replace a component with one which has
> the old version number and the same API as the normal one, but which 
> does something extra - for example, the component which handles the
> textbox for entering passwords could check the system table to see if
> the active program was PGP, and if so log the text entered. The user 
> would be none the wiser, and even re-installing PGP would not restore
> security.
> 
> A secure system would use crytographically signed components,
> and an application would check the signatures before loading a 
> dynamic library. An attacker would then need to get the trojaned
> components signed, which raises the bar.
> 
> Windows XP at least checks for drivers not signed by MS, but 
> whose security this promotes is an open question.
> 
> Peter Trei
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
home help back first fref pref prev next nref lref last post