On Tue, 10 Feb 2004, der Mouse wrote: > Depends. Does it include the tools necessary to sign my own code? > > If so, what's to stop a malware creator from using those same tools to > sign the attack vector? How does the malware author get the private half of a public key you trust for software installations? -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ jhardin@impsec.org pgpk -a jhardin@impsec.org key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never does quite what I want. I wish Christopher Robin was here." -- Peter da Silva in a.s.r ----------------------------------------------------------------------- 53 days until the Slovakian Presidential Election
