Citibank discloses private information to improve security

Wed Jun 1 18:38:18 EDT 2005

Heyman, Michael wrote:
> Defense in depth can help against spoofing - this includes valid
> certificates, personalization (even if it is the less-than-optimal
> Citibank-like solution), PetName, etc. Man-in-the-middle is harder given
> that we have such a high false positive rate on our best weapon.

i would claim that SSL-like protocol with both countermeasure for 
MITM-attack and eavesdropping attacks should be adequate.

many of the current problems is that browsers and email clients have 
tended to added multiple layers of obfuscation around the URL process 
... so it may be difficult for even experience users to realize what is 
happening

a semi-counter argument for defense-in-depth is KISS ... lots of complex 
  layers tend to create all sorts of cracks for the attackers to get thru.

in theory, the KISS part of SSL's countermeasure for MITM-attack ... is 
does the URL you entered match the URL in the provided certificate. An 
attack is inducing a fraudulent URL to be entered for which the 
attackers have a valid certificates.

so some of the recent internet phishing countermeasures are trying to 
rely on clear, un-obfuscated indications recognizable by even naive 
users. however, the tend to be add-ons, non-integrated with existing 
countermeasures (like SSL MITM-attack countermeasures) and leave 
existing systemic vulnerabilities in place. When purely static data 
un-obfuscated recognizable indications are used independently of MITM 
countermeasures .... a MITM can create active channels between 
themselves and the end-user and themselves and the website and 
transparently pass information between the two end-points.

Rather than complex defense in depth ... all with cracks and 
vulnerabilities that attackers can wiggle around ... a better approach 
would be KISS solution that had integrated approach to existing systemic 
vulnerabilities. For instance, some sort of clear, un-obfuscated 
indications integrated with URL selection that can leverage the existing 
SSL MITM-attack countermeasures.

The downside of a KISS integrated solution that eliminates existing 
systemic problems (and avoids creating complex layers, each with their 
individual cracks that the attackers can wiggle thru) ... is that the 
only current special interest for such a solution seems to be the 
victims. Some sort of fix that allows naive users to relate and enter 
specific trusted URLs associated with specific tasks could fix many of 
the existing infrastructure vulnerabilities. The issue is what 
institutions have financial interest in designing, implementing, and 
marketing such a likely "free" add-on to existing mostly "free" based 
infrastructure. It appears to be much easier justify the design, 
implementation and marketing of a totally new feature that can be 
separately charge for.

some some topic drift ... one person's history of priced software:
http://www.garlic.com/~lynn/2005g.html#51
http://www.garlic.com/~lynn/2005g.html#53
http://www.garlic.com/~lynn/2005g.html#54
http://www.garlic.com/~lynn/2005g.html#57

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com