Jeff Weinstein wrote:
Paul A Gauthier wrote:
Patrick Horgan wrote:
From: "K. M. Ellis" <kelli@zeus.towson.edu>
I'd love to see something in there about most commercial sites being behind firewalls without nfs access across the firewall. This greatly reduces the
It might also be worth noting that people accessing the net via an ISP from home do not typically use NFS either.
They don't often have the skill/knowledge/concern to verify a PGP checksum to ensure someone didn't patch their browser, either.
I don't believe that my posting of PGP signed checksums last night is a final solution that will make the world safe for all end users. I'm rather insulted that you imply that I do.
That's not what I was saying. The implication of the comments I was responding to was that "firewalls and ISP users w/o NFS make this whole issue a non-problem". And I think we all know that's not true. Presumably if you have a firewall, sure, you have a sysadmin who will check the integrity of the executable when it is installed behind it. But ISP users w/o NFS are exactly the unparanoid unwashed masses who would be perfectly targetted for this type of attack, and even worse would be the least likely to do checksumming to protect themsevles. That is the only point I was trying to make.
your disk, then you may be in trouble. The point is that you and a few reporters are running around yelling at the top of your lungs that internet commerce is totally doomed because it is possible for users to infect their systems with viruses.
In our post I don't believe there was any yelling, or any serious doom and gloom. Mainly we just were trying to prod people to internalize that these old protocols we're all still using are soon going to come under heavy attack now that there is financial incentive to do it.
Perhaps you have a solution to offer to this whole problem?
So I am actually quite fond the idea of a company becoming a well-known distributor of checksums. Users could either subscribe to a quarterly bootable CD-ROM which checks out their system. Or a bootable read-only floppy which causes their modem to call "1-900-CHEKSUM" and download the needed checksums on demand. This would be low-cost thing for the user, doing it once every few months it would be pretty low hassle. Spoofing the phone line is a risk that I can live with, as can I live with the risk of someone spoofing these CD-ROMs that are mailed out 4 times a year. And please, cypherpunks, don't start talking about "oh, but your CMOS could have a trojan in it", and "do you really trust your boot code in your SCSI". Because, yes, I sure do trust those things. And I think it's entirely reasonable to trust them for the purposes we're discussing. There are of course ways to minimize these attacks through crypto. If you do have the correct CD-ROM/bood disk it can easily authenticate the party on the other side of the phone. No phone spoofing. To minimize the chances of getting a spoofed copy of the disk in the mail, inclose a magic cookie inside the box. The magic cookie must appear on the mailing label of the next box otherwise the user is suspicious. Some other random sugar and now the user can tell if they are getting legit disks as long as their first disk was legit, and someone isn't opening their mail in a specific attempt to attack them. Paul