[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- To: "'dvd-discuss(at)cyber.law.harvard.edu'" <dvd-discuss(at)cyber.law.harvard.edu>
- Subject: RE: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
- From: Richard Hartman <hartman(at)onetouch.com>
- Date: Mon, 15 Oct 2001 09:09:30 -0700
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
> -----Original Message-----
> From: D. C. Sessions [mailto:dcs@lumbercartel.com]
> Sent: Sunday, October 14, 2001 9:21 PM
> To: dvd-discuss@eon.law.harvard.edu
> Subject: Re: [dvd-discuss] Fwd: Bush taps Clarke as CyberdefenseChief
>
>
> On Sunday 14 October 2001 20:25, you wrote:
> > > > After a bit of further research, it seems that it's
> stored encrypted
> > > > but passed through the APIs in clear.
> > > >
> > >
> > > That is a more believable screw-up on their part. (And
> > > still a HUGE security hole...)
> > >
> > If you think about it, it shouldn't be too big of a
> security hole as long
> > as memory protection is used, and only the "root" account can read
> > it. BUT... then again, 98 and ME don't have memory
> protection, and most
> > peopl eusing NT or 2000 are always logged in as admin.
>
> The NT flavors aren't all that picky about protecting processes from
> accessing each other's memory anyway. The theory seems to be
> based on the single-user computer, with software being trusted.
>
> Then again, I'm not all that current on NT internals.
>
Since just about every Windows API is implemented in a DLL
I would be more worried about the API being hooked, so that
you end up calling a bogus security API which in turn calls
the real security code (so the actions are performed so the
user does not get suspicious) but also logs all of the information
that passes through the API.
--
-Richard M. Hartman
hartman@onetouch.com
186,000 mi./sec ... not just a good idea, it's the LAW!