Too much time on their hands up in the North Woods

[InfoSec News <isn () c4i org>]

Forwarded by: "Jay D. Dyson" <jdyson () treachery net>


-----BEGIN PGP SIGNED MESSAGE-----

Courtesy of Cryptography List.

Hmmm!

- ---------- Forwarded message ----------
Date: Fri, 3 Aug 2001 07:19:33 -0400
From: "R. A. Hettinga" <rah () shipwright com>
To: Digital Bearer Settlement List <dbs () philodox com>, dcsb () ai mit edu,
    cryptography () wasabisystems com
Subject: Too much time on their hands up in the North Woods


- --- begin forwarded text


Date: Thu, 02 Aug 2001 23:15:54 -0700
From: Paul Harrison <pth () ibuc com>
Subject: Too much time on their hands up in the North Woods
To: rah () ibuc com
Reply-to: pth () ibuc com

The boyz at Dartmouth's PKI Lab have been playing with JavaScript. The
results are troubling in an "E-Qold" kind of way.

http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf

By painting over the location and status bars of typical wintel browsers,
and using javascript's pop-up window capability they are able to spoof an
SSL session, without even duping Verisign into giving them a bogus cert.
The effort is painstaking but the results apparently slick. Picks up from
Felton's seminal work (since deprecated).

I like this for Verified by Visa 3-D Secure applications: "Hello, this is
the FleetBankBoston VISA Verifier popup. Please type your password in this
secure window now.....Thank you, and remember, NEVER share your password.
Have a nice day!"

Not discussed, but important to the discerning bad-guy's tool kit is the
"proxy-spoof." This is a webserver which has a home page which looks like,
say, Amazon.com but isn't. For every click you make it runs off to Amazon,
gets the page, replaces all the Amazon links with spoofed links to itself,
then forwards the page on to you. In this fashion, you get theAmazon
experience right on through until you click "Buy" and whip out your credit
card. The attacker has been in charge of your connection for the entire
site visit, but only then does it get smart and start rendering ersatz
images.

- --- end forwarded text


- -- 
- -----------------
R. A. Hettinga <mailto: rah () ibuc com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



- ---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo () wasabisystems com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO2rxSrlDRyqRQ2a9AQFYMgP+OGig00W5GZOOqYgSkPGngt16p5nWAzEw
7jgeWWoxnIn0napsUMiwGHr0TfY1bWt8d1gFNSHRgzxoEnzzjoE+Udaci9+OXiWB
I7AwEbCqrTKjCeyzgHfgaw+Wg4P385lUY7EJ+zCAF1H5SmPPhNJCVzuyh2tLhiht
KbGYwHNeE2w=
=XZkK
-----END PGP SIGNATURE-----



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.