Detecting the Software Switcheroo

Detecting the Software Switcheroo
Jon Lasser, 2001-12-19

It may be the next big thing in Trojan horse attacks: swapping bad code for good code in transit. Fortunately, there's a defense

Expand all | Post comment

Detecting the Software Switcheroo 2001-12-20
Andy Steingruebl (1 replies)

Detecting the Software Switcheroo 2001-12-21
Anonymous (1 replies)

Detecting the Software Switcheroo 2001-12-24
Anonymous

Detecting the Software Switcheroo 2001-12-20
Anonymous (1 replies)

Detecting the Software Switcheroo 2001-12-22
Anonymous (1 replies)

Detecting the Software Switcheroo 2001-12-28
Anonymous

Detecting the Software Switcheroo 2001-12-20
Anonymous (1 replies)

Detecting the Software Switcheroo 2002-01-03
Anonymous

Detecting the Software Switcheroo 2001-12-21
Anonymous

Detecting the Software Switcheroo 2001-12-24
Excelent analysis of the problem (1 replies)

Detecting the Software Switcheroo 2002-01-05
Anonymous

A HOWTO for Linux Developers 2002-01-13
Anonymous

There's a pretty good HOWTO which describes the process
of using PGP signatures to protect and authenticate
your software. It was written by VAB, the guy who
wrote the new PGP keyserver software. It's a little
hard to read (the guy could use an english class or
two ;), but he seems to know his stuff when it
comes to crypto.

Secure Software Distribution HOWTO:
http://www.cryptnet.net/fdp/crypto/strong_distro.html

He wrote a HOWTO on holding a keysigning party which
Free Software developers need to do allot more often.
The web of trust is a mechinism that can help reduce
the risk in the chiken and the egg problem of key
distribution.

Keysigning Party HOWTO:
http://www.cryptnet.net/fdp/crypto/gpg-party.html

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/48/9844#9844