Detecting the Software Switcheroo

Subject: Detecting the Software Switcheroo
From: Gary Stoneburner <stoneburner@nist.gov>
Date: Mon, 07 Jan 2002 21:43:45 -0500
Content-Type: multipart/alternative; boundary="=====================_1336278==_.ALT"

re: http://securityfocus.com/columnists/48

"What makes this different from typical Trojan horse attacks is that there is no unsolicited transfer of data: here, the end-user requests a file, and receives a file. Furthermore, this file will perform as expected and merely have an unnoticed additional feature, such as sending passwords to an anonymous email account ..."

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * MAJ Gary Stoneburner * US Army Land Information Warfare Activity (LIWA) * Ft. Belvoir, VA * NIST contact points are still valid: * Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov **************************************************************************

Prev by Date: A Safe Dialect of C Next by Date: The root of the problem: Bad software Prev by thread: The root of the problem: Bad software Next by thread: A Safe Dialect of C Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov