open secure socket... using certificate
Richard Gaskin
ambassador at fourthworld.com
Mon Feb 1 18:15:41 EST 2021
Tom Glod wrote:
> Richard,
>
> Lets say one of my users is targeted by a hacker and they manage
> to install a malware process on their system that will capture all
> the data flowing between the 2 processes.
> Then they do not need to be sitting in the victim's chair.
> But if the data was encrypted, this wouldn't matter.
True, that one aspect of your program wouldn't matter. But since
everything else on the system is now hosed, does anything matter?
To my ear it sounds like a planning committee meeting for a zoo in which
they're deciding on the steel thickness of armored suits they require
visitors to wear because tigers are running loose, while the whole
facility is on fire. I'm in the back of the room raising my hand asking
if we might just put the tigers back in the cage. After we put out the
fire. :)
In the scenario you described, what prevents the bad guy from reading
the data at rest? Or keylogging? Or replacing either or both of the
executables you delivered? Or anything else they might do once they have
that level of control throughout the system?
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list