funsec mailing list archives
Friendly Rootkits? Please Tell Me This is a Joke...
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 28 Nov 2007 04:10:09 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via ZDNet Australia. [snip] Secure Socket Layer (SSL) certificates have made e-commerce more secure, according to VeriSign, but a US security researcher reckons benevolent rootkits served by the retailer might do a better job. SSL certificates are issued to merchants by Certificate Authorities to indicate to the consumer it is a legitimate business. The rootkit which Dan Geer, VP and chief scientist at security company Verdasys, has proposed would take over the security function of a customer during a transaction by placing it within the merchant's trusted environment. Geer proposes that merchants ask their customers whether they would like an "extra special secure connection" prior to making a transaction. If a user says "Yes", the merchant could install the rootkit on a customer's PC to make the transaction safe. [snip] More: http://www.zdnet.com.au/news/security/soa/-Friendly-rootkits-a-must-for-sec ure-Web-shopping-/0,130061744,339284109,00.htm Travesty alert: "Extra special?" Yeah, well Sony tried that (without asking) and I can assure you that any effort along these lines will end up the same way -- making consumers more vulnerable. That is a very, very bad idea. And one that needs to be shot down now. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHTOohq1pz9mNUZTMRAuZHAJ9HuXcj3iu8J4NJx7YdnJpVBapEqgCdFUng OvT8WpCNa00AyZR1BECRPrk= =L8yN -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Friendly Rootkits? Please Tell Me This is a Joke... Paul Ferguson (Nov 27)