funsec mailing list archives
Re: idea
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 2 Jan 2009 11:08:35 -0500
On Thu, Jan 01, 2009 at 05:22:52PM +0000, Mike Preston wrote:
However, you still need to find a way to find the sites in the first place, find out they are who they say they are and then authenticate the downloads. Not impossible, but not trivial either.
Actually, if the system it's being done from is already compromised, then it *is* impossible, since the new owner of system can cause the authentication results to return whatever they like. (For example: if a vendor signs their software with a particular cryptographic signature, then the new owner can cause the system to claim that anything with that signature is malware.) Once a system is known-compromised, the only way out is (a) wipe to bare metal and (b) restore from known-clean media. (And I note that "wipe to bare metal" has occasionally been insufficient in the case of malware which finds its way into firmware.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: idea Matt Jonkman (Jan 01)