Marcos el Ruptor wrote:
I've just looked at the virus.
Just curious -- where were you able to download the virus from?
-James
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL
On 12 Jun 2008, at 03:05, James Muir wrote:
Just curious -- where were you able to download the virus from?
www.offensivecomputing.net
Just be careful. Do not run it. It does not spread itself, but it
will encrypt all the sensitive files on all the drives and then self-
destruct. If you
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the computerworld.com article:
Kaspersky has the public key in
Allen [EMAIL PROTECTED] wrote:
Agreed, but..., well there is the small matter of figuring out /who/ is
doing it and that just might require some small bit of technology.
Certainly, it is not mutual exclusive. However factor an RSA key
hardly can help with that.
At least two defects in this
| The key size would imply PKI; that being true, then the ransom may
| be for a session key (specific per machine) rather than the master
| key it is unwrapped with.
|
| Per the computerworld.com article:
|
|Kaspersky has the public key in hand ? it is included in the
|Trojan's code ?
On Wed, Jun 11, 2008 at 11:53:54AM -0400, Leichter, Jerry wrote:
Returning to the point of the earlier question - why doesn't someone
pay the ransom once and then use the key to decrypt everyone's files:
Assuming, as seems reasonable, that there is a session key created
per machine and then
The Fungi wrote:
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the computerworld.com article:
Kaspersky has
Dave Howe wrote on 11 June 2008 19:13:
The Fungi wrote:
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the
| Why are we wasting time even considering trying to break the public key?
|
| If this thing generates only a single session key (rather, a host key)
| per machine, then why is it not trivial to break? The actual encryption
| algorithm used is RC4, so if they're using a constant key without
Leichter, Jerry wrote on 11 June 2008 20:04:
Why are we wasting time even considering trying to break the public
key?
If this thing generates only a single session key (rather, a host
key) per machine, then why is it not trivial to break? The actual
encryption algorithm used is RC4,
On 11 Jun 2008, at 20:13, Dave Howe wrote:
This would seem to imply they already verified the public key was
constant in the trojan and didn't differ between machines (or that
I'm giving Kaspersky's team too much credit with my assumptions).
I've just looked at the virus. Upon invocation, it
- Original Message -
From: Jerry Leichter [EMAIL PROTECTED]
To: Dave Korn [EMAIL PROTECTED]
Cc: Email List - Cryptography cryptography@metzdowd.com
Sent: Wednesday, June 11, 2008 12:04:21 PM (GMT-0800) America/Los_Angeles
Subject: RE: Ransomware
| Why are we wasting time even
Leichter, Jerry [EMAIL PROTECTED] writes:
Speculation about this kind of attack has made the rounds for years. It
appears the speculations have now become reality.
It's not speculation, encryption virii have been around for at least ten
years, although the encryption used was pretty crude and
Leichter, Jerry [EMAIL PROTECTED] wrote:
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818
on a call from Kaspersky Labs for help breaking encryption used by some
ransomeware: Code that infects a system, uses a public key
On Mon, 9 Jun 2008, Leichter, Jerry wrote:
Even worse, targeted malwared could attack your backups. If it
encrypted the data on the way to the backup device, it could survive
silently for months, by which time encrypting the live data and
demanding the ransom would be a very credible threat.
Jim Youll wrote:
If there's just one key, then Kaspersky could get maximum press by
paying the ransom and publishing it. If there are many keys, then Kaspersky
still has reached its press-coverage quota, just not as dramatically.
The key size would imply PKI; that being true, then the ransom
Leichter, Jerry wrote:
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818
This is no different than suffering a disk crash. That's what backups
are for.
/ji
PS: Oh, backups you say.
On Jun 9, 2008, at 11:54 AM, Leichter, Jerry wrote:
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818
[...]
Apparently earlier versions of this ransomware were broken because
of a
faulty implementation of the encryption. This
On Mon, 9 Jun 2008, John Ioannidis wrote:
| Date: Mon, 09 Jun 2008 15:08:03 -0400
| From: John Ioannidis [EMAIL PROTECTED]
| To: Leichter, Jerry [EMAIL PROTECTED]
| Cc: cryptography@metzdowd.com
| Subject: Re: Ransomware
|
| Leichter, Jerry wrote:
| Computerworld reports:
|
|
http
John Ioannidis wrote:
This is no different than suffering a disk crash. That's what backups
are for.
At Jim Gray's tribute on the 31st, Bruce Lindsay gave a talk about Jim's
formalization of transaction processing enabled online transactions ... i.e.
needed trust in the integrity of
20 matches
Mail list logo
