An attack on paypal --> secure UI for browsers
Rich Salz
rsalz at datapower.com
Tue Jun 10 06:42:57 PDT 2003
> For example, a proposal I saw recently which
> would have the OS decorate the borders of "trusted" windows with facts or
> images that an attacker wouldn't be able to predict: the name of your
> dog, or whatever.
But if the system is rooted, then the attacker merely has to find the
"today's secret word" entry in the registry and do the same thing.
Unless Windows is planning on getting real kernel-level kinds of protection.
> It was none other than Microsoft's NGSCB, nee Palladium. See
> http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:
See previous sentence. :)
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the cypherpunks-legacy
mailing list