Who's afraid of Mallory Wolf?

Ian Grigg iang at systemics.com
Tue Mar 25 00:17:22 EST 2003 

On Monday 24 March 2003 19:26, bear wrote:
> On Mon, 24 Mar 2003, Peter Clay wrote:
> 
> >On Sun, 23 Mar 2003, Ian Grigg wrote:
> >
> >> Consider this simple fact:  There has been no
> >> MITM attack, in the lifetime of the Internet,
> >> that has recorded or documented the acquisition
> >> and fraudulent use of a credit card (CC).
> >>
> >> (Over any Internet medium.)
> 
> There have, however, been numerous MITM attacks for stealing
> or eavesdropping on email.  A semi-famous case I'm thinking
> of involves a rabid baptist minister named fred phelps and
> a topeka city councilwoman who had the audacity to vote against
> him running roughshod over the law.  He set up routing tables
> to fool DNS into thinking his machine was the shortest distance
> from the courthouse where she worked to her home ISP and
> eavesdropped on her mail.  Sent a message to every fax machine
> in town calling her a "Jezebellian whore" after getting the
> skinny on the aftermath of an affair that she was discussing
> with her husband.

I love it!  Then, I'm wrong on that point, we
do in fact have some aggressive MITMs
occuring in some mediums over the net.
Steve Bellovin pointed one out, this is
another.

Which gets us to the next stage of the
analysis (what did they cost!).

> And as for theft of credit card numbers, the lack of MITM
> attacks directly on them is just a sign that other areas of
> security around them are so loose no crooks have yet had to
> go to that much trouble.  Weakest link, remember?  No need
> to mount a MITM attack if you're able to just bribe the data
> entry clerk.

I'd say, SSL with the cert protection is the
strongest link in the chain.  In fact, it's
ludicrously strong.  It's like a Chubb vault
lock on a screen door.  If we were getting
physical here, the door wouldn't be strong
enough to hold up the lock.

So, cut to the chase:  if we "mandate" that
from now on, all commerce servers use
ADH, just hypothetically, for the sake of
argument, do you think that the connection
would then become anything other than the
strongest link in the chain?

(I think it would remain the strongest link,
by far.  In fact, even if it was unencrypted,
I think it would be one of the stronger links,
c.f., David Wagner's devilish advocacy.

But, nobody would suggest we throw away
the current cert infrastructure, just that we
back off a little and accept the intermediate
path of ADH / self-signed certs.)

> Just because most companies' security is so
> poor that it's not worth the crook's time and effort doesn't
> mean we should throw anyone who takes security seriously
> enough that a MITM vulnerability might be the weakest link
> to the wolves.

Nobody's saying that we should.  I'm
saying that the server and browser
should offer the choice to deploy
and use more convenient levels of
security.  The message should
congratulate the user for moving up
to a more secure channel than HTTP,
not annoy them with imponderables
about how self-signed certs might be
insecure under a certain hard-to-measure
threat model... as is the case now.

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list