Well, no. The wrapper will be unsigned.
I'm not saying that this is terribly practical, because dumb
users tend to run whatever can be run, signed or not. I was
merely commenting on
> I don't see any way to protect against this ..
Alex
> -----Original Message-----
> From: p2p-hackers-boun...@lists.zooko.com [mailto:p2p-hackers-
> boun...@lists.zooko.com] On Behalf Of David Barrett
> Sent: May 25, 2009 5:09 PM
> To: theory and practice of decentralized computer networks
> Subject: Re: [p2p-hackers] DNS hijacking?
>
> But if the proxy transparently wrapped the EXE with a rootkit installer
> that just copied the embedded installer to a temp directory and ran it,
> all the digital signatures would be fine.
>
> -david
>
> Alex Pankratov wrote:
> > Digitally singing .exe files before publishing and not executing
> > unsigned binaries on the client end would be one option.
> >
> > Alex
> >
> >> I don't see any way to protect against this aside from suggestions
> to
> >> use DNSSEC or SSL (or only use otherwise secured or switched
> networks.)
> >> In practice the attack might be complicated by the client. It's
> >> entirely possible the victim's resolver will get the 2nd response
> and
> >> cache that -- who knows.
> >>
> >>> But wow, I'm amazed this doesn't happen more. It seems like this
> >> would be the most obvious way to spread a virus. Indeed, I could
> >> imagine creating a proxy that auto-infects every executable file
> that
> >> comes through it (just add a silent rootkit installer that runs
> before
> >> the real installer).
> >
> > _______________________________________________
> > p2p-hackers mailing list
> > p2p-hackers@lists.zooko.com
> > http://lists.zooko.com/mailman/listinfo/p2p-hackers
>
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers@lists.zooko.com
> http://lists.zooko.com/mailman/listinfo/p2p-hackers
_______________________________________________
p2p-hackers mailing list
p2p-hackers@lists.zooko.com
http://lists.zooko.com/mailman/listinfo/p2p-hackers
