“We must break one fundamental assumption that [the malware creator] relies on: Malware uses replay attacks. In cryptography a replay attack is the re-use of a message to fool an encryption system. No one, today, would forget to add time stamps to their messages; otherwise, an attacker could simpler resend a message and defeat their security…[the malware creator] relies on this very type of attack everyday. If [he or she] has malware code capable of getting control of one machine, then it will also be able to get control of millions of other machines. This is a replay attack on a grand scale. …In order to stop replay attacks, I propose that we change the hardware so they are impossible.”
“Instead of running your websites through the gauntlet, risking downtime from intrusive scans, only to discover you have vulnerabilities just like everyone else — how about making the vendor eat their own dog food. Ask the sales rep for a trial license and permission to scan THEIR production commerce website(s).”
This entry was posted on Monday, March 1st, 2010 at 00:02 and is filed under Communications security, Random bits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Name
Mail (will not be published)
Website
Notify me of follow-up comments via email.
Send me site updates
Why Poissonian traffic models matter more now than ever, part 1 2 3 4 5 6
Common data sets and the illusion of scientific security testing
A minimal periodic coloring theorem part 1 2 3
Dynamical bias in the dice roll
The fundamental law of statistical physics
Jaynes and the Gibbs paradox
A graded lexicographic index, part 1 2 3
Solution of second-order matrix difference equations
Birds on a wire and the Ising model
The chimera of cyberdeterrence
Martingales from finite Markov processes, part 1
Initial software release
[All Equilibrium-related posts]
[All commentary]
[Nonrandom bits]
