![]() People tend to forget that if you have an application on your system and if an attacker can get even quite limited access to the system communications –say via MITM– then the attacker can in both theory and practice replace the application with a vulnerable version. If the system has network access through the OS then the entire system and all that’s on it is still vulnerable, as you can “end run” any security measures at or below the OS level. “if the system doesn’t have network access.” And it won’t need “security” updates if it doesn’t have network access.” “A night mode program doesn’t need network access. We need better, but we’ve been encoraged not to think how to go about it… And more recently the string of “supply chain” attacks have not helped improve confidence, in fact the very opposite. Then there is that near a third probably illegal profit they make as well…īut as was seen with the FTD USB to Serial chip driver update, many can have their working systems bricked by other people via auto-updates. To then “code signing” saves them billions and makes billions as well because now they can just get you to “download” not just apps but patches, as well as effectively pushing auto-upgrades that many find undesirable (the recent Win 11 fail being just the latest). If we as an industry had actually thought about things in the last decade and a half, maybe we would have come up with a better solution.īut the mega corps of silicone valley actually do not want a better solution. ![]() At every stage I found vulnerabilities and most but by no means all have since been used.Īs far as I’m aware my conversations on why “code signing” was a bad idea with are as far as I’m aware still up on this site, so you can go back and check.Īppart from over zellous corporate profits, walled gardrns off the developer nothing and the user not much more. ![]() ![]() Now back a long time ago when “code signing” was newish I’d thought through how I would go about attacking it. “And something Apple says they do for everything in their app store.”Ģ, Apple repeatedly fail to detect malware in that walled garden of theirs. Re : You can not stop what you do not see. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |