Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] SealedMedia secured content?
From: Security Related <b_c_w_g () HOTMAIL COM>
Date: Mon, 6 Nov 2000 08:45:46 CST

"Well, yeah, you cant get around that, even if you disallow execution of any
other application on the clients side, the user could just take
pictures of the screen."
I am in no way what I would consider 'knowledgeable' on the subject, but
offer some ideas...I'm not sure how this would work, restricting "execution
of any other application on the clients side", presumably you mean
initiating any NEW application / commands? I mean you couldn't very easily
shut down all the running apps, as you don't ness know what apps SHOULD be
running...if that's true, what about 3rd party screen capture? say, have
PCAnywhere running on Machine A, view 'secure' material on machine A, have
connection open on machine B which shows machine A screen and do your screen
captures on B? You wouldn't need to press any keys on A except those needed
to cycle through the desired content.

It would seem difficult to know what every drive, app, and service running
is and determine if it's 'safe'...although I'm sure it can be done, trying
to make the controls more trouble to circumvent than simply getting the
content ligitimately, seems very hard since there are always SOME people
who's time is significantly less valuable than the people implementing said
controls (students for one)...and all those controls cost money, eventually
there is no profit left in that secure content...

I think it's an inherantly futile battle to give someone something 'on
screen' and try and restrict what they do with it, UNTIL some new technology
comes along to revolutionalize the methodologies involved. I'm not saying
not to try, and I'm not promoteing 'free' imformation for all, I'm all for
secureing your data, and profiting from it, I just mean it's not a job I
would want ;)

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]