A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

Steven M. Bellovin smb at cs.columbia.edu
Thu Feb 10 18:24:46 EST 2005


In message <420B1453.5050002 at cs.biu.ac.il>, Amir Herzberg writes:
>Steve, my point was not the trivial fact that TrustBar would not display 
>the homograph; suppose it did... even then, the user is _asked_ about 
>the certificate, since it was signed by an unusual CA that the user did 
>not specify as `to be trusted always`; this should certainly be a good 
>warning for most users (and of course, a good situation to check for 
>tricks such as homographs...).
>
>And even if some user allowed this CA as `always trusted`, there is 
>still a fair chance he'll notice that the brand of CA on his bank's site 
>has suddenly changed... which may also raise the alarm.
>

"Unusual CA"?  I'm not sure what a *usual* CA is.

Just for fun, I opened up the CA list that came with my copy of 
Firefox.  There are no fewer than 40 different entities listed, many of 
whom have more than one certificate.  I personally know less than half 
of them to be trustworthy -- and that's assuming that, say, Thawte, 
Thawte Consulting, and Thawte Consulting cc are all the same company 
and I can count that as three different ones.  I had no idea that that 
the U.S. Postal Service had a CA that was trusted by my browser -- and 
I dare say that many non-Americans wouldn't trust it at all, on the 
assumption that it would do whatever the U.S. government told it to do. 
(For such people: the relationship between the USPS and the government 
is complex.  Let it suffice to say that they moved from .gov to .com, 
and they had quasi-valid reasons for doing so.)  Baltimore is listed; 
last I heard, they were out of business.  Is a private root key (or the 
equivalent signing device) an asset that can be acquired under 
bankruptcy proceedings?  Almost certainly.  The following text appears 
in the December 2004 Shareholder Circular I found at www.baltimore.com:

	The Company sold the last of its remaining operating
	businesses in 2003, and has not engaged in operating
	activities since that time. Since taking office in July
	2004, the Company's new Board of Directors has been working
	to resolve all significant legacy issues, to identify a
	means of utilising the Company's remaining non-cash assets,
	toreduce costs so as to maximise the cash available for
	future deployment and to review appropriate business
	opportunities to enhance shareholder value. Paragraph 5 of
	Part II of this document describes, among other things,
	the current position relating to the utilisation of the
	Company's non-cash assets.

Apart from the question of whether or not EvilHackerDudes.Org, a sub rosa
corporation, purchased that key, the fact that this CA is out of business
is certainly good cause for a bank to change its CA.  Would you like
to be the supervisor of customer service when people start calling
about this problem their browser is complaining about?  Remember that
99.99% of people have no idea what a certificate is, what a CA is, or
how to judge whether or not a given CA exercises due diligence when
issuing a cert.  

One member of this mailing list, in a private exchange, noted that
he had asked his bank for their certificate's fingerprint.  My
response was that I was astonished he found someone who knew what
he was talking about.

I'm not saying your toolbar is a bad idea; in fact, I think it's a good
one.  But the problem of verifying certificates is a very deep one,
and simple answers will not solve the phishing or MITM problem.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list