On `SSL considered harmful`, correct use of condoms and SSL abuse

Amir Herzberg herzbea at macs.biu.ac.il
Sun Jul 18 04:19:43 EDT 2004 

Ian Grigg called attention to the fact that the use (as by pgp.com) of a 
lock in the FavIcon position (in the location bar) can be abused in site 
spoofing/phishing attacks, to fool users to think that a page is SSL 
protected, when it's not. In fact, this is part of Ian's `SSL considered 
harmful` page (at http://iang.org/ssl/), `A page on the the harms and 
devastations wrought by implementations of SSL.`. With apologies to Ian, 
we recently saw another SSL-bashing by the folks in Artisoft, `SSL - 
does it protect you or is it a condom open at both ends ?` (their PR guy 
made a blunder of their technology... and their metaphor!).

I agree that the lock icon/logo as used in pgp.com may mislead users to 
think this is a protected site. But I think there is a bigger threat 
here. As your demo at http://iang.org/ssl/ shows, a spoofing site could 
present the logo of the victim site. Now, most users don't even check 
the SSL logo.

In fact, many `serious` web sites ask users to enter passwords etc. in 
pages which are NOT PROTECTED, usually relying on a script in the page 
to invoke SSL just before submitting the information; this implies that 
a spoofing/phishing site can present the same content and collect the 
unencrypted passwords... I found such vulnerabilities in many of the 
most prestigious web sites, including Microsoft's Passport, Chase, 
E-Bay, Amazon, Yahoo! and TD Waterhouse (see screen shots at fig 5 of 
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm).

So my conclusion is: the problem is not with SSL/TLS, the problem is in 
their current use by browsers (and we present a possible fix in the 
paper). You can't sue the condom maker if it failed to protect it, 
although you've put it on carefully - but too late. Or if your partner 
promised to use it, but forgot.

So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe 
`Stop SSL-Abuse!`
-- 
Best regards,

Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography & 
security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040718/24f2bac1/attachment.vcf>

More information about the cryptography mailing list