Rootkit
Rick Stevens
rstevens at internap.com
Tue Oct 23 17:26:11 UTC 2007
On Tue, 2007-10-23 at 09:17 +0200, Manuel Arostegui Ramirez wrote:
> On Tuesday 23 October 2007 08:19:30 bob.smith at kolumbus.fi wrote:
> >
> > The idea was to create sort of(in some way) "encrypted and protected"
> > executables. This to be able to verify that an executable is what it
> > is(located on machine X, and compiled on machine x). Further, the
> > executable would be made so that it could not run on a system on which it
> > was not allowed to run. That was the basis of the idea. Purely theoretical.
> > How this could be achieved in reality is beyond my current knowledgebase,
> > but I am sure that someone else with more knowledge in encryption and
> > protection than me, could maybe analyse this further.
> >
>
> A small approach to this, I mean to be sure that the executable is the one you
> installed firstly, could be getting the filehash of all the binaries
> installed from the beggining storing all the values in a database (outside
> from that box) and then if you think you could be hacked, just run again the
> filehash and compare it with the original one you got...
>
> Again, this is an small approach, just an idea.
That's what tripwire does.
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer rstevens at internap.com -
- CDN Systems, Internap, Inc. http://www.internap.com -
- -
- Errors have occurred. We won't tell you where or why. We have -
- lazy programmers. -
----------------------------------------------------------------------
More information about the users
mailing list