Security Concern: Unsigned Windows Executable

[Robert J. Hansen]

Daniel Kahn Gillmor wrote:
> I beg to differ.  In today's wireless network, active MitM can be done
> by a moderately-skilled hacker on a lark, or by an unskilled user who
> can follow directions:
> 
>   http://www.ex-parrot.com/~pete/upside-down-ternet.html

There is a big difference between hack-in-a-box stunts like that and
serious attacks by people intent on succeeding.

> Even checking sha1sums from a web page would defeat this basic attack
> though, which is why i think it's reasonable for the OP to ask his question.

You can't have it both ways.  You can't say, "it's really easy to do
active MitM, you just need to follow these basic instructions," and then
say, "but an attacker wouldn't be able to change sha1sums."  No, of
course they'd be able to: if you're assuming the attacker can inject
whatever they like into the data stream, then you have to assume the
attacker will use that capability intelligently.

> The OP wanted to to know how to make a few more checks than zero,
> forcing any possible attacker to be marginally more clever than the
> hypothesized bot above.

And now you're arguing my point for me: there is a big difference
between hack-in-a-box stunts and serious attempts to subvert your system.

> But that's exactly the OPs point: "the box" on windows is a "signed
> executable", whatever that is.  Since gpg is distributed outside of that
> framework, he's concerned that an attacker could exploit it.

You are not understanding the metaphor; that may be my own fault.  "The
box" refers to the popular phrase, "think outside the box."

> let's not overstate their capabilities (the phrase "100% secure" is
> meaningless), but let's offer practical approaches even as we warn of
> their limitations.

I do not see that what you are presenting is practical.  The presence of
a serious attacker who can subvert your traffic in ways of the
attacker's choosing is a massive game-changer.