funsec mailing list archives

Re: idea

From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 2 Jan 2009 11:08:35 -0500

On Thu, Jan 01, 2009 at 05:22:52PM +0000, Mike Preston wrote:

However, you still need to find a way to find the sites in the first
place, find out they are who they say they are and then authenticate the
downloads.

Not impossible, but not trivial either.


Actually, if the system it's being done from is already compromised,
then it *is* impossible, since the new owner of system can cause the
authentication results to return whatever they like.  (For example:
if a vendor signs their software with a particular cryptographic
signature, then the new owner can cause the system to claim that
anything with that signature is malware.)

Once a system is known-compromised, the only way out is (a) wipe to
bare metal and (b) restore from known-clean media.  (And I note that
"wipe to bare metal" has occasionally been insufficient in the case
of malware which finds its way into firmware.)

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: idea Matt Jonkman (Jan 01)
- Re: idea RandallM (Jan 01)
  - Re: idea Mike Preston (Jan 01)
    - Re: idea silky (Jan 01)
    - Re: idea Mike Preston (Jan 01)
    - Re: idea silky (Jan 01)
    - Re: idea Valdis . Kletnieks (Jan 01)
    - Re: idea Rich Kulawiec (Jan 02)
- <Possible follow-ups>
- Re: idea Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 01)
- Re: idea Todd Parker (Jan 01)
- Re: idea Valdis . Kletnieks (Jan 01)
- Re: idea Ben Li (Jan 02)
  - Re: idea Alex Eckelberry (Jan 02)
    - Re: idea Tomas L. Byrnes (Jan 03)
    - Re: idea Paul Ferguson (Jan 03)
    - Re: idea Tomas L. Byrnes (Jan 03)
    - Re: idea Paul Ferguson (Jan 03)
    - Re: idea Tomas L. Byrnes (Jan 03)

(Thread continues...)