Vulnerability Development mailing list archives
Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days
From: solareclipse () SOFTHOME NET (Solar Eclipse)
Date: Tue, 18 Jan 2000 18:17:50 -0600
On Tue, 18 Jan 2000 14:29:28 -0800 Brian Kifiak <bk () localhost ca> wrote:
Day 3. r00t the web server. Clean the logs, install a backdoor, have fun.This is the security problem. Not ICQ.
Well, I think that the security problem is not _just_ the rooting of the server. It's the users who trust the software that they download. It's possible to use public key cryptography to sign all the executable content, so the users are sure that they are getting the real version of the program. Unfortunately the public key technology exists, but is rarely used. Except for some open source software, I can't think of any software companies cryptographically signing their software. Microsoft's Authenticode system is a step in the right direction, but it's still far
from perfection.
Solar Eclipse solareclipse () phreedom org key ID: 4096D/3B98D2E9 (DSS) user ID: Solar Eclipse <solareclipse () phreedom org> fingerprint: E0FA 3B25 BDE5 9CC1 E67A 1E1D CEF6 9808 3B98 D2E9
Current thread:
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 18)