On Thu, Oct 15, 2009 at 8:51 AM, Charles Srstka
wrote:
> On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote:
>
>> The malicious code could just move the entire original bundle wholesale.
>> Code signature check still sees the original bundle.
>>
>> Sent from my iPhone
>
> Presumably, this would
On Oct 15, 2009, at 8:51 AM, Charles Srstka wrote:
Presumably, this would be more noticeable to the user than simply
copying a binary file inside an opaque app bundle that most users
never look inside.
The malicious code could also break the code sign checking APIs to
always return 'true
On Oct 15, 2009, at 9:57 AM, Clark S. Cox III wrote:
The malicious code could just move the entire original bundle
wholesale. Code signature check still sees the original bundle.
Sent from my iPhone
Presumably, this would be more noticeable to the user than simply
copying a binary file i
The malicious code could just move the entire original bundle
wholesale. Code signature check still sees the original bundle.
Sent from my iPhone
On Oct 14, 2009, at 21:42, Charles Srstka
wrote:
On Oct 14, 2009, at 11:40 PM, Jeff Laing wrote:
Actually, heck, you wouldn't even need that
On Wed, Oct 14, 2009 at 9:35 PM, Charles Srstka
wrote:
> Unless, of course, the app checked its code signature.
Put malicious library in temp dir. Set DYLD_LIBRARY_PATH. Game over.
--Kyle Sluder
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
On Oct 14, 2009, at 11:40 PM, Jeff Laing wrote:
Actually, heck, you wouldn't even need that. All a virus would have
to
do would be to move the binary somewhere else and put a binary in its
place that does something malicious and then launches the real
binary,
and the user would never tell t
> Actually, heck, you wouldn't even need that. All a virus would have to
> do would be to move the binary somewhere else and put a binary in its
> place that does something malicious and then launches the real binary,
> and the user would never tell the difference.
>
> Unless, of course, the app c
On Oct 14, 2009, at 10:50 AM, Clark Cox wrote:
You say that as if "getting infected by" and "being specifically
targeted by" a virus are different things. Either a virus has targeted
your application, and as such knows enough about it to modify it's
code (and therefore replace/defeat any signatu
On Wed, Oct 14, 2009 at 12:37 AM, Charles Srstka
wrote:
> On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
>
>> This code sample seems to be designed to verify the binary that it's
>> compiled into. That's sort of useless for security purposes, like yelling
>> downstairs "are you a burglar?" If you
On Oct 13, 2009, at 10:41 AM, Jens Alfke wrote:
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like
yelling downstairs "are you a burglar?" If your own code's already
been modified, it's easy enough for the h
On 13 Oct 2009, at 19:28, Jens Alfke wrote:
On Oct 13, 2009, at 9:25 AM, jonat...@mugginsoft.com wrote:
But it's not useless in the sense that it provides feedback that
the code IS signed.
The code merely allows me to detect if I have screwed up my build
settings and managed to break the
On Oct 13, 2009, at 9:25 AM, jonat...@mugginsoft.com wrote:
But it's not useless in the sense that it provides feedback that the
code IS signed.
The code merely allows me to detect if I have screwed up my build
settings and managed to break the code signing.
Sure, it's useful for that. Bu
On 13 Oct 2009, at 16:41, Jens Alfke wrote:
That's sort of useless for security purposes, like yelling
downstairs "are you a burglar?"
But it's not useless in the sense that it provides feedback that the
code IS signed.
The code merely allows me to detect if I have screwed up my build
se
This code sample seems to be designed to verify the binary that it's
compiled into. That's sort of useless for security purposes, like
yelling downstairs "are you a burglar?" If your own code's already
been modified, it's easy enough for the hacker to disable the code
that does the checking
On 13 Oct 2009, at 08:34, Jakub Bednar wrote:
Hi list,
I have read CodeSigningGuide and CodeSigningRef from Apple. In the
CodeSigningRef every method has a note, that it is available in 10.6
and later. So I just want to make sure.
On Leopard, there is now Cocoa or other API for verifying
15 matches
Mail list logo
