[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Malware added in transit

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Malware added in transit
From: Stephen Blass <Stephen.Blass@xxxxxxx>
Date: Thu, 18 Mar 2004 11:50:16 -0700

Yes, software can be modified in transit. See the 1995 paper
 
http://www.cs.berkeley.edu/~daw/papers/endpoint-security.html
 
 
" These work because the trusted path to executables is really not trustworthy 
in most environments. Although we use on-the-wire patching to compromise 
executables, the client binaries can also be compromised during download, by 
on-the-wire patching of FTP or HTTP transfers. "
 
-
Steve Blass
sblass@xxxxxxx

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Paul
Sent: Thursday, March 18, 2004 7:47 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Malware added in transit


Thanks for the clarification, Curt.



one step at a time...




  _____  

Find local movie times and trailers on  
<http://au.rd.yahoo.com/mail/tagline/*http://au.movies.yahoo.com> Yahoo! Movies.

Prev by Date: Re: [Full-Disclosure] Ancient Trivia: +++ath0
Next by Date: Re: [Full-Disclosure] Is this a paypal scam?
Previous by thread: [Full-Disclosure] Malware added in transit
Next by thread: [Full-Disclosure] Malware added in transit
Index(es):
- Date
- Thread