Random bits

“We must break one fundamental assumption that [the malware creator] relies on: Malware uses replay attacks. In cryptography a replay attack is the re-use of a message to fool an encryption system. No one, today, would forget to add time stamps to their messages; otherwise, an attacker could simpler resend a message and defeat their security…[the malware creator] relies on this very type of attack everyday. If [he or she] has malware code capable of getting control of one machine, then it will also be able to get control of millions of other machines. This is a replay attack on a grand scale. …In order to stop replay attacks, I propose that we change the hardware so they are impossible.”

“Instead of running your websites through the gauntlet, risking downtime from intrusive scans, only to discover you have vulnerabilities just like everyone else — how about making the vendor eat their own dog food. Ask the sales rep for a trial license and permission to scan THEIR production commerce website(s).”

This entry was posted on Monday, March 1st, 2010 at 00:02 and is filed under Communications security, Random bits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.