AOL Help : About AOL® PassCode

Ian G iang at systemics.com
Fri Jan 7 17:24:35 EST 2005 

Richard Clayton wrote:

>>Actually I have been waiting for phishing with MITM to appear for some 
>>time (I haven't any yet - if somebody has, I'd be interested to hear 
>>about), 
>>    
>>
>
>I've been shown something similar last July ... which was, IIRC, a
>PayPal phish where the web page you went to checked that the password it
>was given was in fact valid.  It wasn't a full-scale MITM attack, but it
>did have some real-time elements.
>  
>

An interesting data point!

>I haven't been bothering to look at phishing sites recently, so I don't
>know if the technology to do this has become the general state of the
>art, or if it was just one gangs unique coding style ?
>

afaik, the active or dynamic MITM attack has not
been seen out in the wild.  Lots of other thing,
which lead one to suspect that it will turn up just
as soon as it is worth the trouble, but not precisely
that.  A summary here:

http://www.financialcryptography.com/mt/archives/000263.html

>because it has some advantages for the attacker:
>  
>

I agree, these advantages made me think that
we'd see the full cycle attacks sooner.  But, they
went for the simpler attack first.  I guess there's
a lesson in there for us.

>this is the fundamental problem with using the passcode, the user is
>"signing" just the single bit "I authorise" rather than the full bag of
>bits {amount, payee, timestamp} ... as soon as you write out formally
>what is going on the shortcoming is entirely obvious
>  
>

I would say that this is the old saw of "you
signed for this legally" versus "what works."
In practice, depending on the institution
concerned, the model that gets put in place
is "what works" where working can be
measured by as tight or loose as the spirit
of the moment determines.

>Now if Bill's browser could display the last six digits of the SSL key
>then those could be compared with the SMS message and the customer would
>know that they were safe....    the banks might even go for this
>solution because it dumps the decision to go ahead (and hence the risk
>as well) onto the customer :)
>  
>
Ah so!  Bill and his browser authenticate the
website directly.  Where have we seen that
before ;-)

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list