Point of view regarding LISA 2002
Anthony E. Greene
agreene@pobox.com
Wed Oct 2 15:45:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01-Oct-2002/21:20 +0200, markus_kampkoetter <markus_kampkoetter@t-online.de> wrote:
>
>WHEN RUN! apart from m$outlook, which mua allows attachments to be run
>without asking the user?
[snip]
>nice hack, so we have to take a close look at the key if an executable is
>attached and not run executables until we asked the "original" sender to
>confirm "his" action. seems to be easy to avoid this kind of attack
>(because hardly anybody will run executables that they do not expect in
>advance) - too easy....?
You pointed out the two biggest weaknesses in my hack. The current Linux
population is not a good target for this kind of attack. I just described
one scenario just to point out that encryption and signatures are not
necessarily a cure for worms and viruses. Human factors combined with
current interface limitations can still allow a worm to propagate.
Tony
- --
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>
iD8DBQE9mvhzpCpg3WyUI50RAq3AAKDTscFKpNFu4sJt0ZhNnnx47ENWzgCeNkMW
FPEl5TDilCO2qT4OzbJ65Ac=
=Kn/J
-----END PGP SIGNATURE-----