Dailydave mailing list archives
Re: NSRL status check
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Tue, 12 Dec 2006 13:37:40 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dan () geer org wrote:
The National Software Reference Library has or had a listing of the hash values for known good software, known good in the sense of what is on installation media or what otherwise still has its integrity intact. I say "has or had" as on first glance it appears that this listing is stationary since sometime in 2004. Would someone here know the history and fate of this list? On the face of it such a list seems useful in forensic situations at least.
Instead of white-listing all the good executables (which is of course much better then listing all the bad ones, but scales very poor as well) it would be much better, IMO, to require that all vendors sign their executables with a certificate. That could be even a self-signed certificate - the point is that we could then list all the certificates that we trust. In other words we would have a list of all the software vendors we trust together with fingerprints for the certificates they use for signing their programs. Yes, I know that all the paranoid people would say: "software vendors can not be trusted!". But that's actually what it is - a paranoia ;) And it's better to trust software vendors that your A/V vendors ;) Sorry to all A/V vendors - it's nothing personal - I just don't believe in blacklisting :/ joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFFfqKTORdkotfEW84RAlnyAKD6Dxdz2Sgq3lnFmWtOoYsFr9lA3gCgif7B LWE1Rt4y+oU/ciS/Oky1fdw= =E3pZ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- NSRL status check dan (Dec 11)
- Re: NSRL status check Gadi Evron (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)
- Re: NSRL status check Kevin Stadmeyer (Dec 12)
- <Possible follow-ups>
- Re: NSRL status check Holt Sorenson (Dec 12)
- Re: NSRL status check Lance Spitzner (Dec 12)
- Re: NSRL status check Joanna Rutkowska (Dec 12)