Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 65, Issue 7
From: Mary and Glenn Everhart <Everhart () gce com>
Date: Mon, 05 Jul 2010 21:48:53 -0400
Might I suggest that in addition to discussing how to defend against software attacks, that it is also useful to devise methods and protocols that will function even where the systems being used to communicate are infected with malware? I have wondered whether such tricks as oblivious transfer might be used in such connection, but thus far nothing has occurred at least to me. However, it is possible to build systems that are pure software and which can resist a few attacks. Repeated uses can of course enable an attacker to deduce what is going on. However, if the systems may have hardware components, it is possible to do very much better. Bidirectional authentication and transaction signing (which I fear are elements that are all needed) can be achieved. Perhaps others will be able to find resistant systems that might (also) use the human mind as part of the protocols and which might provide the elements for supporting transactions whether the systems used are attacked or not, provided only that the transaction information can get back and forth. (Attacks that simple in effect cut the wire should be noticeable as producing a failed transaction, but cannot very well allow one to succeed whatever one does.) Glenn Everhart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 65, Issue 7 Mary and Glenn Everhart (Jul 05)
- Re: Full-Disclosure Digest, Vol 65, Issue 7 Valdis . Kletnieks (Jul 05)