open secure socket... using certificate

[Richard Gaskin]

Tom Glod wrote:

 > Richard,
 >
 > Lets say one of my users is targeted by a hacker and they manage
 > to install a malware process on their system that will capture all
 > the data flowing between the 2 processes.
 > Then they do not need to be sitting in the victim's chair.
 > But if the data was encrypted, this wouldn't matter.

True, that one aspect of your program wouldn't matter.  But since 
everything else on the system is now hosed, does anything matter?

To my ear it sounds like a planning committee meeting for a zoo in which 
they're deciding on the steel thickness of armored suits they require 
visitors to wear because tigers are running loose, while the whole 
facility is on fire. I'm in the back of the room raising my hand asking 
if we might just put the tigers back in the cage. After we put out the 
fire. :)

In the scenario you described, what prevents the bad guy from reading 
the data at rest? Or keylogging? Or replacing either or both of the 
executables you delivered? Or anything else they might do once they have 
that level of control throughout the system?

--
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com