[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Virus attacks on PGP
On Fri, 24 Nov 1995, Laszlo Vecsey wrote:
> > > Where can one get PGP burnt into cdrom? Or the equiptment to do it
> > If you can wait a while, TERENA (UKERNA, SURFnet, etc) are producing a PGP CD
> > at the start of next year ...
> Would PGP on CD-ROM truely gaurantee a corrupt/virus free executable? A
> virus already running in memory could tamper with what it's doing,
> perhaps extracting the necessary keys and dumping them to a log file.
> This would be especially dangerous on a UNIX system where many people
> might be using PGP, thinking it is secure.
> I think the only way to be safe is to actually boot up off of the CD-ROM,
> and hope that the hardware in your computer physically hasn't been
> tampered with :)
My original post mentioned two things, the other was to cross-compile the
sources. Maybe do it on 3 different systems (e.g. Sun, HP and DEC), and
compare the binaries, then burn a CD. A virus would have to be very
versatile to infect multiple platforms and insert code for another.
It would also be silly for a virus to just dump keys when PGP runs, it
would be far easier to look for any occurance of secring.pgp, and mail
it, and/or monitor when it was opened and record keystrokes. And log files
must go somewhere.
I don't know if I mentioned, but I keep PGP and my keys on pcmcia memory
cards that aren't in the system at the same time as a network or modem
card. Moreover I can also simply use the DOS version (I use linux to
communicate) - It would require quite an effort to create a virus that
would work and pass data across the required OS problems and not break
with the twice a week kernel-level changes :).
ViaCrypt also has a PCMCIA implementation of pgp, and it should be fairly
easy to implement in an ASIC, or small embedded micro. That would be
much harder to compromise. Of course anything so useful commercially
woudl be the subject of our legal system.
It takes quite an effort to create a complex virus to do this. It
reminds me of the Glomar Challenger that was used to recover the remains
of a russian sub (my memory is somewhat faulty). Such a virus would
require a great investment in time and money. What target would be worth it?
Many otherwise feasible things aren't economically pracitcal.
[email protected] -or- 2015509 on MCI Mail
finger [email protected] for PGP key