Full Disclosure mailing list archives
Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity
From: "ACROS Security Lists" <lists () acros si>
Date: Mon, 17 Jun 2013 17:19:23 +0200
Valdis,
No, that's how to do it *hardline*. There's many in the security industry that will explain to you that it's also doing it *wrong*. Hint - the first time that HR sends out a posting about a 3-day window next week to change your insurance plan without penalty, signs it with something that doesn't match the From:, and the help desk is deluged by phone calls from employees who can't read the mail, the guy who put "You shall not pass" in place will be starting a job hunt.
If there was an industry standard specifying the you-shall-not-pass for all web browsers, it wouldn't be the guy (developer) who put this roadblock in place that would start a job hunt but someone within the company whose job was to avoid the roadblock by making sure the cert that HR is using was okay. That would happen a couple of times, and then not any more, as people have great capacity for learning. But if just one browser vendor replaced warnings with roadblock errors, users would likely migrate to other vendors to achieve - seemingly - the same.
For even more fun, think about the failure modes when an insurance company blows it while sending to Joe Sixpack's GMail account. Who's help desk gets called, and how do they resolve it? Probably the ISP, and the user gets told "You could just turn off that checking...."
That's only because one CAN turn of that checking. But that's silly - if you want to use encrypted email or HTTPS, do it right or don't do it at all.
And that's what will happen to your proposal. Security measures that get in the way of actual work *will* get turned off.
Security is pretty much always in the way of productivity. If I get an encrypted message that was mistakenly not encrypted with my key, it would be very productive to have a "Just decrypt anyway" button but we obviously don't have that. I know this is an extreme example but it illustrates that we only get reliable security where it happens to be hardline. It may seem extreme to not show an email with invalid signature - but if attacker can claim that the signature was invalidated by a mailing list server and that "it's quite okay, don't worry, just trust me," we haven't achieved ANY security there - just wasted a lot of time of a lot of people. But maybe most people don't really want actual security but prefer the theatre. The meaning of "right" and "wrong" in this discussion would largely depend on that. Cheers, Mitja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Defence in Depth (Jun 15)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Daniƫl W . Crompton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIMELossof Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Lossof Integrity ACROS Security Lists (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Valdis . Kletnieks (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Jeffrey Walton (Jun 17)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Darius Jahandarie (Jun 18)
- Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Alex (Jun 18)