Security Concern: Unsigned Windows Executable
Robert J. Hansen
rjh at sixdemonbag.org
Sun Jun 7 01:52:32 CEST 2009
> I'm curious. Not counting DOS (which can always be done
> by cuting your outside wires,if nothing else), isn't there
> *any* way to get some things done despite competent MitM?
Yes. Dodge the MitM.
> Like exchange public keys in person then go home and use
> those to communicate? (Note, this is just MitM in question,
> not attack on your host, etc.)
Crypto aficionados like to talk about MitM as if good crypto can defend
against it. To an extent it can, but _only if you assume your PC cannot
be hijacked._ If the attacker knows the endpoint and is controlling
your data traffic, then it is folly to assume the MitM will not or
cannot attempt to jack your endpoint. If you're going to assume the
MitM is going to play nice and not use the best tools in his toolbox,
then while we are talking fantasies I would like it to be assumed I'm
wealthy and am married to Claudia Schiffer.
Dan Geer posted to this list a while ago his estimate that around 30% of
all PC desktops were already hijacked. Vint Cerf's numbers are in the
same neighborhood. One think tank in Australia believes the number if
over 50%. The numbers are genuinely scary. And keep in mind, these are
not numbers which suppose dedicated attackers who want to subvert your
machine: these are numbers which represent drive-by attacks sprayed at
If you're going to assume the existence of an active MitM who will
deliver you trojaned binaries and will play games with SHA1 sums -- as
the original poster specified -- then you have to assume you are dealing
with someone who is going to attempt to jack your box. The odds are
quite good that they will succeed. Once your box is jacked, the game is
over and you cannot win.
OpenPGP is a great standard. It's very useful. It's a good tool in the
toolbox. But it is not magic fairy dust and it cannot work miracles.
More information about the Gnupg-users