[RC5] Pluggable client modules...

Ryan Malayter rmalayter at bai.org
Mon Dec 6 12:27:07 EST 1999


Lots of possible security problems with this one... a client feature such as this would make d.net the most hacked sites on the internet.

Could you imagine if some hacker got HIS client automatically installed on every d.net machine? Using BackOrifice or a similar tool?

Granted, code-signing could be used to greatly minimize this risk. However, *everything* is hackable... a determined hacker could possibly steal d.net's code-signing private key (even via physical break-in), then sign his "rogue" client, post it, and then take control of 125,000 machines.

I don't run even properly signed ActiveX controls in my web browser because of this inherent flaw in the ActiveX security model.

	-ryan-

-----Original Message-----
From: Duncan Aitken [mailto:aitkend at tcd.ie]
Sent: Sunday, December 05, 1999 3:05 PM
To: rc5 at lists.distributed.net
Cc: rc5 at netsoc.tcd.ie
Subject: [RC5] Pluggable client modules...


Hello all,

I was wondering how difficult it would be to implement a client which
automatically updated itself.
Maybe it could determine whether or not there is a newer version available
(from one of the key servers , or another proxy, using a similar method to
determine when new contests start..?), and if so, switch over to that newer
version. It would make things a lot easier if , say , you had a few hundred
clients installed.

Regards,
D.
---------------------------------------------
Duncan Aitken

http://www.netsoc.tcd.ie/~duncan/index.html

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list