From: Blake Coverett <blake@bcdev.com>
To: “‘Cypherpunks’” <cypherpunks@toad.com>
Message Hash: 8e4b7a74f09ef23bee45670329f4506efb5fb2ef0e6bbdda00ecc0968a02c877
Message ID: <01BBEB92.ADD153B0@bcdev.com>
Reply To: N/A
UTC Datetime: 1996-12-17 01:52:48 UTC
Raw Date: Mon, 16 Dec 1996 17:52:48 -0800 (PST)
From: Blake Coverett <blake@bcdev.com>
Date: Mon, 16 Dec 1996 17:52:48 -0800 (PST)
To: "'Cypherpunks'" <cypherpunks@toad.com>
Subject: RE: Securing ActiveX.
Message-ID: <01BBEB92.ADD153B0@bcdev.com>
MIME-Version: 1.0
Content-Type: text/plain
Jim McCoy wrote:
> The other problem is that the proposed Authenticode system and other "signed
> applet" systems only provide accountability after the fact. This is little
> help when your hard drive is toast and the only proof you had was a logfile
> which was the first thing erased...
No, it's not really the accountability that's the issue. It's the
ability to choose before the fact that I 'trust' the software's author.
> The illusion that only "trusted software
> puslishers" will be given blanket authorization is a pipe dream: users are
> sheep who will hit that "OK" dialog box as many times as necessary to get the
> tasty treat they are anticipating (and there is actual experimental evidence
> to back this up :)
Yup, point well taken. <story user=clueless>I popped into an empty users
cube last week to borrow the phone. On the monitor was a post-it note from
one of his co-workers that read, 'Please write your password here:' and of
course the helpful fellow had done just that.</story> With real users I
suspect only centrally administered security decisions that they can't override
will be effective. Hmm... wonder what I can retrofit into IE to accomplish that.
> I expect that the first post-Authenticode ActiveX virus
> will be one to modify the signature checking routines or add additional keys
> to the registry which makes the second round of the attack appear to be a
> valid OS update from Microsoft.
Shh... we have enough kool dewds floating around here looking for ideas.
> The state of the art was up to it quite a while ago. Check out KeyKOS and
> other OSes which use capability semantics for access control.
I agree 100%. The intent of my comments was that such security *is*
possible, but it's not available in widely deployed mass-market OS's.
I'd love to hear feedback to the contrary, but it seems to me that it's
extremely difficult to layer that type of security onto an existing system.
-Blake (who's thinking about putting crazy glue into one user's floppy drive)
Return to December 1996
Return to “Blake Coverett <blake@bcdev.com>”