Friendly Rootkits? Please Tell Me This is a Joke...
Liam Tung writes on ZDNet Australia:
Secure Socket Layer (SSL) certificates have made e-commerce more secure, according to VeriSign, but a US security researcher reckons benevolent rootkits served by the retailer might do a better job.More here.
SSL certificates are issued to merchants by Certificate Authorities to indicate to the consumer it is a legitimate business. The rootkit which Dan Geer, VP and chief scientist at security company Verdasys, has proposed would take over the security function of a customer during a transaction by placing it within the merchant's trusted environment.
Geer proposes that merchants ask their customers whether they would like an "extra special secure connection" prior to making a transaction. If a user says "Yes", the merchant could install the rootkit on a customer's PC to make the transaction safe.
Note: "Extra special?" Yeah, well Sony tried that (without asking) and I can assure you that any effort along these lines will end up the same way -- making consumers more vulnerable.
That is a very, very bad idea. -ferg
0 Comments:
Post a Comment
<< Home