Threat modeling using windows update as delivery vehicle via virtualization RRS feed

  • Question

  • I am trying to patent a system whereby I can charge revenue to deliver any content I wish or even redirect any datastream including Keylogging as a service.


    The use of Windows update seems like the perfect vehicle.  Are there licensing requirments to violate one's privacy?


    What safeguards are in place to prevent such an attack?  What if this isn't a whimsical fantasy but an actual program using words like Side By Side and Panther. with irrational explanations as to why they exist in the first place and what purpose they serve?


    Really the simultaneous use of two .NET projects?   Or what about real time data being streamed or stored as fonts or unreadable .avi or .mov files.?


    Couldn't messages and national security docs be smuggled easily as say stuffing them in one's sock at the national archives?


    The code could be stored as indexed unused fonts.  Movies that have know characteristics could be used to measure the performance expectations.


    What else?  Oh yeah, the prevention of turning off the network card or using bluetooth without knowledge or Infrared to pass the antennae test.


    USB and PCI already take care of how the drivers can be efficiently written.  I'm brainstorming so tell me when it sounds like a real program.


    Isn't this a good idea?

    Friday, October 28, 2011 1:31 PM


  • Hi,

    Thanks for reaching out to us. Unfortunately, your question is not suited for the Security Development Lifecycle (SDL) Forum.

    If you’re interested in modeling threats to your application development project, we invite you to download the SDL Threat Modeling Tool that makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models.


    The SDL Team

    Friday, October 28, 2011 6:04 PM