I've been trying to figure out whether the following attack will be feasible in a Pd system, and what would have to be incorporated to prevent against it. Alice runs "trusted" application T on her computer. This is some sort of media application, which acts on encoded data streamed over the internet. Mallory persuades Alice to stream data which causes a buffer overrun in T. The malicious code, running with all of T's privileges: - abducts choice valuable data protected by T (e.g. individual book keys for ebooks) - builds its own vault with its own key - installs a modified version of T, V, in that vault with access to the valuable data - trashes T's vault The viral application V is then in an interesting position. Alice has two choices: - nuke V and lose all her data (possibly including all backups, depending on how backup of vaults works) - allow V to act freely I haven't seen enough detail yet to be able to flesh this out, but it does highlight some areas of concern: - how do users back up vaults? - there really needs to be a master override to deal with misbehaving trusted apps. Pete -- Peter Clay | Campaign for _ _| .__ | Digital / / | | | Rights! \_ \_| | | http://uk.eurorights.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com