Thread: Idle fun for net hackers..
View Single Post
  #90   Report Post  
Posted to uk.d-i-y
Rod Speed Rod Speed is offline
external usenet poster
  
Posts: 40,893
Default Idle fun for net hackers..
dennis@home wrote
Rod Speed wrote
dennis@home wrote
Rod Speed wrote

It would be theoretically possible to hide any change if you had the resources and opportunity. For example if
you use hashes to detect changes then someone could alter the hashes.

Not if they arent on that system they cant.

You can't be sure that what you installed wasn't compromised in the first place.

You dont have to install anything on the system being checked.

We are talking about real computer systems that are used to do things.

Sure, but its still perfectly possible to completely protect those.

And you can test whether it can detect changes by making your own changes too.

There are even possible attacks if you compile the C source from scratch. for example..

Yes, but if that system isnt even on the system being protected...

Which system?

The one checking the hashes.

its possible to build a compiler that puts unwanted stuff into programs it compiles.

But they have no control over what compiler you use with a common language.

well you do, but the fact that you don't use that control means you
may well be compromised from the very start and you wouldn't know.

Nope, not with something as simple as using hashes to check what gets changed.

It is possible to hide these from the source code of the compiler by recognising the compiler and adding the code to
do this when the compiler is compiled.

But they have no control over what compiler you use with a common language.

Are you sure it isn't in say the GNU compiler?

Its easy enough to be sure of that.

You can't detect it by reading the source and if you compile the
source with an infect compiler you have an infected compiler.

So you ensure you dont use infected compiler.

Before you say this can't be done, did you use a binary to compile your last program or did you do it by hand to
ensure the above wasn't done?

My last program isnt relevant. What matters is what is used to
compile the system that does the checks. With hashes the code
can be so simple that its quite practical to compile it by hand.

So you don't understand what I said then.

Wrong. There doesnt have to be any compiler involved at all.

You can compile by hand if you are that paranoid.

You can reduce the risk of this happening but it will always be 0.

Nope. Its perfectly possible to have a risk of 0.

You also put a chainsaw through your computer then?

Dont need to do that.


Reply With QuoteReply With Quote