W3C home > Mailing lists > Public > public-html-media@w3.org > June 2016

Re: Creating effective RansomWare with EME

From: David Singer <singer@apple.com>
Date: Tue, 21 Jun 2016 04:52:30 -0700
Cc: public-html-media@w3.org
Message-id: <72C6C897-C55E-49E7-B609-A2B549E1AA05@apple.com>
To: Aaron Zauner <azet@azet.org>

> On Jun 20, 2016, at 22:50 , Aaron Zauner <azet@azet.org> wrote:
> 
> 
>> On 20 Jun 2016, at 23:10, David Singer <singer@apple.com> wrote:
>> 
>> Isn’t the essence of RansomWare that it relies on installing something?  Is there an installation step in EME, or is it, as defined, an API to a pre-existing module on the client-side?
> 
> I think the essence is that it encrypts data valuable to the user and only offers a decryption key once the user pays a ransom.


Not quite; it executes unwanted code on the host machine to take ownership (‘steal’) data that is not owned by the author of said code and then demands money before it will return said data.

I’m still not seeing how EME can play a part in this.


David Singer
Manager, Software Standards, Apple Inc.
Received on Tuesday, 21 June 2016 11:52:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 21 June 2016 11:52:53 UTC