Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Malware added in transit
From: Stephen Blass <Stephen.Blass () asu edu>
Date: Thu, 18 Mar 2004 11:50:16 -0700

Yes, software can be modified in transit. See the 1995 paper
 
http://www.cs.berkeley.edu/~daw/papers/endpoint-security.html
 
 
" These work because the trusted path to executables is really not trustworthy in most environments. Although we use 
on-the-wire patching to compromise executables, the client binaries can also be compromised during download, by 
on-the-wire patching of FTP or HTTP transfers. "
 
-
Steve Blass
sblass () asu edu

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Paul
Sent: Thursday, March 18, 2004 7:47 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Malware added in transit


Thanks for the clarification, Curt.



one step at a time...




  _____  

Find local movie times and trailers on  <http://au.rd.yahoo.com/mail/tagline/*http://au.movies.yahoo.com> Yahoo! Movies.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault