From: norm@netcom.com (Norman Hardy)
To: Thomas E Zerucha <master@internexus.net>
Message Hash: 29ed9d5771d5ed7a4943124ffdc0b1006503e7bec0b77d25ebf3fe142b27ef72
Message ID: <acdc55c10202100472f8@DialupEudora>
Reply To: N/A
UTC Datetime: 1995-11-25 06:18:47 UTC
Raw Date: Sat, 25 Nov 1995 14:18:47 +0800
From: norm@netcom.com (Norman Hardy)
Date: Sat, 25 Nov 1995 14:18:47 +0800
To: Thomas E Zerucha <master@internexus.net>
Subject: Re: Virus attacks on PGP
Message-ID: <acdc55c10202100472f8@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain
At 2:46 PM 11/24/95, Thomas E Zerucha wrote:
....
>I don't know if I mentioned, but I keep PGP and my keys on pcmcia memory
>cards that aren't in the system at the same time as a network or modem
>card. Moreover I can also simply use the DOS version (I use linux to
>communicate) - It would require quite an effort to create a virus that
>would work and pass data across the required OS problems and not break
>with the twice a week kernel-level changes :).
....
Yes it would be hard. When you choose your own protection as above an
opponent would have to mount a significant effort just to get your stuff.
....
>It takes quite an effort to create a complex virus to do this. It
>reminds me of the Glomar Challenger that was used to recover the remains
>of a russian sub (my memory is somewhat faulty). Such a virus would
>require a great investment in time and money. What target would be worth it?
>Many otherwise feasible things aren't economically pracitcal.
Yes, but if your particular habits became widespread, an intelligence
agency could amortize the virus effort across many victims.
Here is just one such complicated virus:
Sit in the OS watching for PGP to be launched. Patch PGP on the way in. The
patch writes to disk the location and password for the secure key ring.
Concurrently the virus watches for there to be IP service and sends the
disk information as a UDP.
Alternatively the virus waits for idle time, (screen saver time) and dials
an 800 number having turned off the modem speaker. But don't send the same
data twice!
There is a significant hazard for the virus producer here if someone finds
the code and learns the 800 number. I am sure that the Telco would help
locate the physical phone to which the 800 number led. UDP provides more
ways to pigeon drop the secret so as to protect the reader of that data.
Perhaps you can send the UDP to the NY-Times (or to your favorite enemy)
over a line that you are tapping. The NYT will discard it and no one is the
wiser. The virus is then anonymous.
Return to November 1995
Return to “Thomas E Zerucha <zerucha@shell.portal.com>”