1995-10-11 - Re: Basic Flaws in Internet Security and Commerce

Header Data

From: Herb Sutter <herbs@interlog.com>
To: cypherpunks@toad.com
Message Hash: 01db2d11cb6e3f1a08e699c38576bb6e773c418f7807df91dc5d30fd4c812930
Message ID: <199510111410.KAA06465@gold.interlog.com>
Reply To: N/A
UTC Datetime: 1995-10-11 14:10:52 UTC
Raw Date: Wed, 11 Oct 95 07:10:52 PDT

Raw message

From: Herb Sutter <herbs@interlog.com>
Date: Wed, 11 Oct 95 07:10:52 PDT
To: cypherpunks@toad.com
Subject: Re: Basic Flaws in Internet Security and Commerce
Message-ID: <199510111410.KAA06465@gold.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 21:33 1995.10.10 -0700, Patrick Horgan wrote:
>Paul said:
>
>> A fine piece of work.  The ideas expressed in this paper should scare
>> the hell out of everyone who uses NFS for any serious applications,
>> which for a fact includes most banks and all investment banks and
>> brokage houses.  In this particular area I KNOW what is at risk.
>> Again, I congratulate the authors on a first-class effort.
>
>I agree, it's a good job of publicizing these holes, but (not to take
>anything away from these guys, I'm sure they know this), these are not
>newly found holes.  These attacks on NFS have been known and exploited
>for years and are well known within the security community.

To repeat a comment I made in sci.crypt... the described hole applies
equally well to a program (virus or other) that sits on a workstation and
intercepts calls to OS file services.  This is particularly pernicious on
platforms like PCs, but are there any platforms that don't have this
potential flaw?  The main question, in my mind, is: How can a user know he
is even running the app he thinks he's running?  Once you have an attacker
who can intercept OS file system calls, it seems to me you can know
-nothing-... checksums are no use, signatures are no use, nothing is any use
at that point -- including keeping your authent software on a floppy,
write-protected or not, since it can simply be patched as it's read in, or
the system may just execute a different program altogether.  In fact, if
it's properly done, there may not be any way to even detect that the system
has in fact been subverted.

So: If you can't trust your path to your own file system, what can you
trust?  (And this is without even talking about things like firmware
upgrades and BIOS patches and all sorts of other potential approaches.)  Can
we do no better than simply assume the local workstation file system can be
trusted?

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter                 2228 Urwin, Suite 102       voice (416) 618-0184
Connected Object Solutions  Oakville ON Canada L6L 2T2    fax (905) 847-6019






Thread