<<< Date Index >>>     <<< Thread Index >>>

Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer



>> Depends.  Does it include the tools necessary to sign my own code?
>> If not, yes, I will disable it, to the point of running a different
>> OS if necessary.
> So you will disable a function that provides you with a trusted,
> secure, computing base because you cannot sign things yourself ?

Yes.

I'm primarily a software author, Darren.  Take away my abilitiy to
write and run my own programs and having a computer becomes almost
totally pointless to me.

> Are you really trying to run a secure environment or one that you
> think you can control yourself ?

I am most certainly not going to try for security at the expense of the
whole reason I play with computers in the first place.

> Do you see what I consider to be the obvious flaw in your statement
> here and that is you would prefer to use a less secure system because
> you seem to think that you are trustworthy.

Yes.  I trust myself not to write malicious code.

> How does anyone know that you're not a virus/worm writer ?

Anyone?  Well, _I_ do.

Anyone else?  The same way they know that of anyone: look at my record.
The code I've written, the things I've said.  If you're really
paranoid, you look at the code I've written in detail (you've got the
source, after all; I don't distribute software any other way) - that
won't, strictly, assure you I'm not a malware author, but it will,
given enough diligence to convince yourself you've not missed anything,
assure you that the code you're contemplating isn't malware.

> Sooner or later, arguments that "I must do be in complete control and
> be able to do everything myself" are going to be considered
> laughable.

Perhaps.  I will be perfectly willing to be laughed at by anyone
espousing such a point of view.  The whole point of having computers,
to me, is to tinker with their software.  If what I write can help
anyone else, so much the better.

_Someone_ has to be trusted to write non-malware.  Why should it be any
less me than anyone else?

> Let me give you a hypothetical situation...

> Some time from now, all major commercial OS's come with signed
> binaries, libraries, etc and there's a major virus outbreak.

> How does the virus manage to get executed everywhere?  Well, it's not
> a trusted application, for starters.  (If it were then the signature
> would provide the start of an audit trail for someone to blame.)

Yeah, right.  Pull the other one - it's got bells on it.

If you think such signatures would be any more worth trusting than SSL
certs are today, I think you're deluding yourself.  Anyone who bothers
to cobble up something letterhead-like and fax it can get an SSL cert
in practically any name desired - or so I'm given to understand; I've
never tried it myself.  I don't for a moment believe these signatures
will be significantly better.

Not to mention that you started out talking about "major commercial
OSes", which by their record are significantly _less_ trustworthy than
the major open-source OSes.  I think open-source OSes are past
GandhiCon 2 and in some respects up to 3; I expect them to keep going.

> One reaction might be that government says you are not allowed to
> network, either directly or indirectly, computers that allow unsigned
> applications to run on them.

Completely unenforceable.  Practically all the network links, all the
way from the peering points on down, are privately owned, and the
exceptions are generally not accessible to the public for transport
between third parties; you are postulating "government" telling private
entities that they may not permit their own infrastructure to be used
by whomever they may choose.  I predict most of those entities will not
take kindly to such dicta.

> Now what are you going to do ?

Positing what you describe, implausible as I find it - I don't know.  I
might take a civil-disobedience stance, though if it got to the point
where such a thing were enacted, the society would perforce have
changed to enough of a dictatorship that such a stance would probably
not be tolerated at all.  Most likely, I just leave, or do not enter,
the country in question.  There are lots of other countries, and they
will not all be that tyrannical.

Potentially, layer a new network atop the then-existing one.  If there
remains any programmability at all, it will be extremely hard to
prevent that - and if there doesn't, a whole lot of common and useful
things will be rendered impossible.

At the very worst, stop using computers, or at least stop using
networked computers.

> And that of course begs the question, why should the rest of the
> world be expected to trust you ?

My record, of course, same as anyone else "the rest of the world" is
"expected to trust".

> It's been rumoured that the successor to XP will be incompatible in a
> significant way such that old applications will not run.  What if
> this kind of platform was part of it and the Microsoft idea of
> solving the virus problem is to disallow execution of untrusted
> applications, by default, without so much as a prompt to ask a user
> yes or no, rendering all prior applications incompatible ?

We can wish.  Most of the Windows folk probably wouldn't mind; software
hackers like me are, by and large, perfectly content doing their stuff
under non-Microsoft OSes - indeed, many of them strongly prefer it.

Of course, putting it into the hardware would defeat that, though I
daresay it could be gotten around - and if not, I simply would have no
use for such a machine.  Unless you want to get back to positing severe
dictatorial controls over what computers people use, there isn't much
that can be done to stop this; the computers I have will still do what
they always did, until they break - which, when they're taken good care
of, seems to be pretty seldom.

> - by building up a proper TCB we eliminate execution of worms whilst
>   letting people continue to do what they want.

Only for values of "people" not including programmers, even programmers
to the extent of scripting applications.  The line between programming
and non-programming is tough to draw; as an extreme example, it
wouldn't surprise me if a decent hacker could build a Turing machine in
a spreadsheet, given a reason to bother.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse@xxxxxxxxxxxxxxxxxxxxxx
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B