Well, no. The wrapper will be unsigned. I'm not saying that this is terribly practical, because dumb users tend to run whatever can be run, signed or not. I was merely commenting on
> I don't see any way to protect against this .. Alex > -----Original Message----- > From: p2p-hackers-boun...@lists.zooko.com [mailto:p2p-hackers- > boun...@lists.zooko.com] On Behalf Of David Barrett > Sent: May 25, 2009 5:09 PM > To: theory and practice of decentralized computer networks > Subject: Re: [p2p-hackers] DNS hijacking? > > But if the proxy transparently wrapped the EXE with a rootkit installer > that just copied the embedded installer to a temp directory and ran it, > all the digital signatures would be fine. > > -david > > Alex Pankratov wrote: > > Digitally singing .exe files before publishing and not executing > > unsigned binaries on the client end would be one option. > > > > Alex > > > >> I don't see any way to protect against this aside from suggestions > to > >> use DNSSEC or SSL (or only use otherwise secured or switched > networks.) > >> In practice the attack might be complicated by the client. It's > >> entirely possible the victim's resolver will get the 2nd response > and > >> cache that -- who knows. > >> > >>> But wow, I'm amazed this doesn't happen more. It seems like this > >> would be the most obvious way to spread a virus. Indeed, I could > >> imagine creating a proxy that auto-infects every executable file > that > >> comes through it (just add a silent rootkit installer that runs > before > >> the real installer). > > > > _______________________________________________ > > p2p-hackers mailing list > > p2p-hackers@lists.zooko.com > > http://lists.zooko.com/mailman/listinfo/p2p-hackers > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers