On `SSL considered harmful`, correct use of condoms and SSL abuse
Amir Herzberg
herzbea at macs.biu.ac.il
Sun Jul 18 04:19:43 EDT 2004
Ian Grigg called attention to the fact that the use (as by pgp.com) of a
lock in the FavIcon position (in the location bar) can be abused in site
spoofing/phishing attacks, to fool users to think that a page is SSL
protected, when it's not. In fact, this is part of Ian's `SSL considered
harmful` page (at http://iang.org/ssl/), `A page on the the harms and
devastations wrought by implementations of SSL.`. With apologies to Ian,
we recently saw another SSL-bashing by the folks in Artisoft, `SSL -
does it protect you or is it a condom open at both ends ?` (their PR guy
made a blunder of their technology... and their metaphor!).
I agree that the lock icon/logo as used in pgp.com may mislead users to
think this is a protected site. But I think there is a bigger threat
here. As your demo at http://iang.org/ssl/ shows, a spoofing site could
present the logo of the victim site. Now, most users don't even check
the SSL logo.
In fact, many `serious` web sites ask users to enter passwords etc. in
pages which are NOT PROTECTED, usually relying on a script in the page
to invoke SSL just before submitting the information; this implies that
a spoofing/phishing site can present the same content and collect the
unencrypted passwords... I found such vulnerabilities in many of the
most prestigious web sites, including Microsoft's Passport, Chase,
E-Bay, Amazon, Yahoo! and TD Waterhouse (see screen shots at fig 5 of
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm).
So my conclusion is: the problem is not with SSL/TLS, the problem is in
their current use by browsers (and we present a possible fix in the
paper). You can't sue the condom maker if it failed to protect it,
although you've put it on carefully - but too late. Or if your partner
promised to use it, but forgot.
So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe
`Stop SSL-Abuse!`
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: herzbea.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040718/24f2bac1/attachment.vcf>
More information about the cryptography
mailing list