Slashdot Mirror

It really is surprising that not everyone port their AV-software, as the most important part of package is the scanning engine (plus defs) which should be 100% computation (=portable). A Linux version shouldn't need a memory resident part or anything else highly OS-specific, just a simple command line-program that scans a file.

--

There was already a Word marco virus Caligula that attacked the PGP secret keyring and mails it to codebreakers.org, circa 1998.

You are mainly concerned with your private key ring, since lose or corruption of that would be the most damage. If the public key ring was modified you could alter local trust of a specified key, but it could not sign a public key without the private key.

As others have stated the private key itself is protected by symmetric encryption (e.g. IDEA, TripleDES) and you need the passphrase to unencrypt this encryption. So, a private key protected by a poor passphrase could be brute forced using a fast dictonary search tool, similar to Alex Muffett's crack for Unix passwords.

There are several ways to increase the security without irrating the user, such as using a floppy based key ring, using a smartcard memory card to store your own public/private keys, using a Dallas iButton, a removable PCCard (PCMCIA) storage device, or using a crypto smart card that stores your own private/public key, and does the RSA calculations on the card, designed in a such a manner as the keys cannot be extracted from the card. This gets into Differential Power Analysis (PDA) and tamper resistance attacks.

For a high security application, you could consider a hybrid smartcard and PDA (e.g. Palm), which forms a small trusted computer. Of course most security experts wouldn't call a out of the box Palm and PalmOS a trusted platform, but it's an example of a smartcard with a direct human interface (human input & output), rather than trusting a larger more complicated computer which is also more flexible because it is designed to be general purpose. Some 3G cell phones plan on having similar smartcard interfaces I believe. I think Nokia had a prototype. Of course since there have been some trojan SMS messages already seen in Europe, and with WAP expected to expand its capabilities rather than die, you can expect this to be a more virus friendly platform as cellphones evolve.

While Bruce's Secrets and Lies shows his change of heart from the absolute security through cryptography that he and cypherpunks dreamt of in the early 90's, he now understands that absolute security in a practial system is a myth, and wants readers to think like engineers in weighing of trade-offs, how easy to use verus how secure, and how expensive vs. how secure. It is not a reason to give up on cryptography, but to realise that in designing and working with secure systems you need to look at more than just which neat cryptographic algorithms to use.

For dubious values of exploit. The impression I gathered is that the processor has to be re-patched by the BIOS every time the system starts up. Besides, there're already viruses out that trash your BIOS.

The only thing of significance that I can think of is that if the microcode path is actually stored in the CMOS (hard to tell from the Byte article -- they keep referring to it as "BIOS Data"), then on a system that protects the BIOS from being casually reflashed (via a jumper or what-not) malicious code could hypothetically write data into the CMOS that would prevent the CPU from being able to run after it gets patched.

But, if someone can write to the CMOS, they can do plenty of other nasty things, anyway. And the worst case scenario would involves physically resetting the CMOS, which could just as easily be necessary if a virus were to throw a boot password in there. So the short, medium, and long of the situation is that, from a security standpoint, I believe it's a non-issue.

Even if someone did port the WS Host and Outlook, this would NOT lead to virii of the same destructive force as on ms systems.

Linux, and Unicies in general, have much different setup in place and are designed for multiple users unlike DOS and its derivitive OSes which are still really only single user.

As long as file permissions are correct, and nobody is stupid enough to run Outlook as root, this won't be a large problem. Of course, who really wants to take the chance?

Of course this means that they only can distroy files of a single user. But how many users do YOU have in your Linux box? Most desktop machines are used by single user and therefore all the important files are owned (and writeable) by that user. Executing code from unknown origin is always a huge security risk.

Even if someone did port the WS Host and Outlook, this would NOT lead to virii of the same destructive force as on ms systems.

Linux, and Unicies in general, have much different setup in place and are designed for multiple users unlike DOS and its derivitive OSes which are still really only single user.

As long as file permissions are correct, and nobody is stupid enough to run Outlook as root, this won't be a large problem. Of course, who really wants to take the chance?

Of course this means that they only can distroy files of a single user. But how many users do YOU have in your Linux box? Most desktop machines are used by single user and therefore all the important files are owned (and writeable) by that user. Executing code from unknown origin is always a huge security risk.

Both born here.

SSH Tatu Ylönen
F-Secure Half of my friends work there (suckah's ;)

It's not the end of the list but those are some cool things born here. As for cool geek stuff from Finland, you might want to check out Oulu as well - would 'IRC' ring a bell?

As someone already mentioned this is not a variant of the ILOVEYOU case but an older worm called Freelinks, see http://www.F-Secure.com/v-descs/freeli nk.htm for analysis.

The hoax part could be pretty simple like this: cross-reference with the 5 best sites listing and explaining hoaxes, then add to the first lines of the mail (this could be shared as a joke too) that this is a hoax and not to be takes seriously and few links to sites explaining the hoax. It would require some intelligence to detect variations of a theme. Since we have language barriers it's next to impossible start judging the senders intentions so it's not good to just delete the mail outright.

Few sites:

• http://www.urbanlegends.com/ (exellent)
• http://www.Europe.F-Secure.com/viru s-info/hoax/ (focuses on viruses, very good/exellent)
• http://www.scambusters.com/ (good)
• http://www.urbanmyths.com/ (worth checking)
• http://www.nonprofit.net/hoax/ (usable)
• http://urbanlegends.about.com/ c ulture/urbanlegends/ (not so good)

Spam doesn't have the language problem (it's mainly english anyways) but it is certainly hard to recognize without some kind of AI (spammers will surely come around any simple script).

It would be good if this could be implemented as some kind of plugin/API so that any mailserver could use with as little variation as possible.

This would be ultra cool and nail the goddam spammers for good, it would also significantly reduce damage from hoaxes and even (hopefully) educate the masses of hoaxes (by telling what they are).

I did of course mean ExploreZip, and not Melissa... :P

--