On Thu, Jan 01, 2009 at 05:22:52PM +0000, Mike Preston wrote: > However, you still need to find a way to find the sites in the first > place, find out they are who they say they are and then authenticate the > downloads. > > Not impossible, but not trivial either.
Actually, if the system it's being done from is already compromised, then it *is* impossible, since the new owner of system can cause the authentication results to return whatever they like. (For example: if a vendor signs their software with a particular cryptographic signature, then the new owner can cause the system to claim that anything with that signature is malware.) Once a system is known-compromised, the only way out is (a) wipe to bare metal and (b) restore from known-clean media. (And I note that "wipe to bare metal" has occasionally been insufficient in the case of malware which finds its way into firmware.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
