[Fwd: BugTraq - how to coverup the security]

[Sean Smith]

> > Are other platforms more secure or do they just receive
> > less scrutiny?  Or is it that Microsoft does not react quickly to
> > found bugs? .....

My point was just that the browser paradigm was not really designed with the
idea of making the security status information always clearly distinguishable
from the content provided by malicious servers.

In our project, we'd looked at popular browser/OS combinations (two years ago),
and found that (with some cleverness) you could produce fairly convincing
impersonations in many scenarios. The barriers were repeatedly permeable. E.g.,
does the browser mark your popup window with a label that spoils the spoof? No
problem: just send an image of the window instead.

As has been mentioned on this list before, we also designed and implemented a
trusted path solution in Mozilla. (But this was complicated by the fact that
each new release of Mozilla seemed to break our code :)

> The question at hand is this:  if secure browsing
> is meant to be secure, but the security is so easy
> to bypass, why are we bothering to secure it?
> 
> Or, if we should bother to secure it, shouldn't
> we mandate the security model as applying to the
> browser as well?

Exactly.

That was the whole point of our Usenix paper last year

E. Ye, S.W. Smith.
``Trusted Paths for Browsers.''
11th Usenix Security Symposium. August 2002 
http://www.cs.dartmouth.edu/~sws/papers/usenix02.pdf

---Sean
-- 
Sean W. Smith, Ph.D.                         sws at cs.dartmouth.edu   
http://www.cs.dartmouth.edu/~sws/       (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com