It occurs to me, that the crucial part is the signature of the update package for the keyboard. The article states, that "the keyboard was signed with Samsung's private signing key". How can the attackers fake the signature of the update? Isn't the signature checked?
Unless I've been out of the loop, form-mail scripts require the destination e-mail address to be put in a type=hidden element. Why won't a spammer harvest that address?
At least this is preventible: You don't have to name your email adress in the html code, but let the script which forms your email add the from-header.
What is bothering me more is your last argument. Is there a way to detain a bot of misusing one's mail form?
I can't believe that checking millions of mails will help. Terrorists who were able to plan and execute such a terrible strike and execute it in such a precision are most likely able to take precautions against mail-sniffing. After all even a fool can use encryption tools like PGP/GPG.
Slashdot Mirror
It occurs to me, that the crucial part is the signature of the update package for the keyboard. The article states, that "the keyboard was signed with Samsung's private signing key". How can the attackers fake the signature of the update? Isn't the signature checked?
Unless I've been out of the loop, form-mail scripts require the destination e-mail address to be put in a type=hidden element. Why won't a spammer harvest that address?
At least this is preventible: You don't have to name your email adress in the html code, but let the script which forms your email add the from-header.
What is bothering me more is your last argument. Is there a way to detain a bot of misusing one's mail form?
I can't believe that checking millions of mails will help. Terrorists who were able to plan and execute such a terrible strike and execute it in such a precision are most likely able to take precautions against mail-sniffing. After all even a fool can use encryption tools like PGP/GPG.