OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Solar Eclipse's Guide To Stealing 100000

Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days

Subject: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days
From: Solar Eclipse (solareclipseSOFTHOME.NET)
Date: Tue Jan 18 2000 - 18:17:50 CST

On Tue, 18 Jan 2000 14:29:28 -0800
Brian Kifiak <bklocalhost.ca> wrote:

> > Day 3. r00t the web server. Clean the logs, install a backdoor, have
> > fun.
>
> This is the security problem. Not ICQ.

Well, I think that the security problem is not _just_ the rooting of the
server. It's the users who trust the software that they download. It's
possible to use public key cryptography to sign all the executable
content, so the users are sure that they are getting the real version of
the program.

Unfortunately the public key technology exists, but is rarely used.
Except for some open source software, I can't think of any software
companies cryptographically signing their software. Microsoft's
Authenticode system is a step in the right direction, but it's still far
>from perfection.

Solar Eclipse
solareclipsephreedom.org

key ID: 4096D/3B98D2E9 (DSS) user ID: Solar Eclipse <solareclipsephreedom.org>
fingerprint: E0FA 3B25 BDE5 9CC1 E67A 1E1D CEF6 9808 3B98 D2E9

This archive was generated by hypermail 2b27 : Wed Jan 19 2000 - 01:57:10 CST