It's funny, your signature actually brought up a way to break it. Can
you capture the data in transit? Is it encrypted to the plug-in? If so, do
you have access to that algorythm and can you break it? Client side security
is typically very weak because you have to give the algorythm to the client.
Just my $.02

On Mon, 14 Jan 2002, Andersen, Thomas Bjoern wrote:

| Date: Mon, 14 Jan 2002 12:40:17 +0100
| From: "Andersen, Thomas Bjoern" <TBAndersenkpmg.dk>
| To: "'pen-testsecurityfocus.com'" <pen-testsecurityfocus.com>,
| "'webappsecsecurityfocus.com'" <webappsecsecurityfocus.com>
| Subject: Clever Content?
|
| Hi all,
|
| I recently came across Clever Content from Alchemedia
| (http://www.alchemedia.com) which is an image protecting system for
| webbrowsers. Basically, it works by installing a plugin that patches
| Windows/Mac OS and disallows any access to the screen memory, as well as
| controlling how you may use the image on a webpage. The system appears to
| be clever enough to work out when it's running on VNC, VMware or VirtualPC,
| so you can't grab screenshot by using any of those products. There is also
| an "encryption" plug-in that needs to be installed on the webserver serving
| the images.
|
| Has anyone come across this product before? Any comments on the client
| and/or server side security?
|
| Thomas Bjørn Andersen
| e-mail : tbandersenkpmg.com
|
|
|
| ________________________________________________________________________________
|
| In KPMG's opinion, non-encrypted communication via the Internet is not to be considered secure.
| For that reason, it is KPMG's policy that uninvited use of the Internet concerning exchange of confidential information with our clients must not take place. When exchanging information, the client is held liable.
| This e-mail may contain confidential information and is intended solely for the addressee, and any disclosure of this information is strictly prohibited and may be unlawful. If you have received this e-mail by mistake, please notify us immediately and delete this mail.
| This footnote also confirms that this e-mail message has been swept by MIMEsweeper for the presence of computer viruses.
|

RRrRRRr. | RSnake at shocking dot com 0x7A69
RR' `RR | EHAP Founder / WebFringe.com Founder
RR | He who made kittens put snakes in the grass.
RR | DSS:5923 76D7 0EC2 4553 7195 442B 8596 4849 2AA6 1F64

The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to
this email by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]