Keylogers
Mike Acker
Mike_Acker at charter.net
Wed Apr 27 18:56:19 CEST 2011
On 04/27/2011 09:10, Robert J. Hansen wrote:
>> yep. Phil Zimmerman noted that in his original essay on PGP. If you
>> > have a malware infection you can no longer speak to what your computer
>> > is or is not doing.
> In fact, it's quite a bit worse than that. Your traffic is secure only so long as both endpoints are secure. Depending on who does the numbers, 15%-30% of all desktops are pwn3d. Even if your desktop is safe, the odds aren't good the other end will be, too.
>
> There are many reasons why I feel OpenPGP is more or less irrelevant in the world today, outside of some very special case scenarios. This is one of the big ones: OpenPGP's necessary precondition -- that our endpoints are both securable and secured -- is not met.
>
>
*That would be 100% correct.*
This is why we need the Software Audit Tool I've discussed at times on
various boards. The Software Audit Tool will need to be on a separate,
read-only, bootable media such as a DVD. On boot-up it would mount the
C: drive of the target system and then pull a software inventory. When
complete this inventory would be audited, checking the data-time stamp
and CRC of every executable software in the inventory. This would be
checked against OEM specifications and system owner's noted. System
Owners Notes should specify: what packages are supposed to be on this
system.
this is the only way to certify a system: a running system cannot be
used to certify itself. for those who don't understand this an old and
common malware trick is to replace the directory list program. when the
system owner types dir c:\windows\*.* the modified dir list program
simply fails to report the presence of the malware programs, instead
adding the space taken by the malware back into the reported
free-space. the original dir program is hidden someplace on the c:
drive and then reported on the dir list with its orignal directory
info. if you dump the program out you get this back-up copy; but when
you run it -- the bad copy runs. the system-- has had a bug purposely
installed,-- one with produces INCOROUT (incorrect output) ,-- it has
been "pwn3d".
Wolfgang Stiller (Stiller Research ) did an inventory program as I've
described -- for DOS. We need one for Win/7. when we get it we can
begin certifying systems and once that is underway we can begin
identifying failure points which still need corrections.
--
/MIKE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110427/24c141b5/attachment-0001.htm>
More information about the Gnupg-users
mailing list