Citibank discloses private information to improve security

Anne & Lynn Wheeler lynn at garlic.com
Tue May 31 15:23:34 EDT 2005


Adam Fields wrote:
> Moreover, in my experience (as I've mentioned before on this list),
> noticing an invalid certificate is absolutely useless if the banks
> won't verify via another channel a) that it changed, b) what the new
> value is or c) what the old value is.
> 
> I've tried. They won't/can't.

one might claim then that a solution is to go to a PGP-like repository 
of trusted public keys (in addition to and/or in conjunction of typical 
browser repostiory of trusted certification authority public keys). the 
URL & public key are loaded into the repository and some out-of-band 
process is used to establish the "trust" level of the information ... 
and you are involving the end-user in the trust establishment process.

For convenience ... enable this from bookmark and end-user clicks on 
trusted URLs. then rather than browser using webserver supplied 
certificate as part of SSL process, the browser uses the onfile trusted 
public key for that URL.
http://www.garlic.com/~lynn/subpubkey.html#certless

a threat is social-engineering can convince some number of naive users 
to do just about anything ... including things like updating a trusted 
public key repository ... and clicking on email obfuscated URLs (what 
the email claims to be the URL ... in unrelated to what the URL actually 
is). a major problem is that a large percentage of the population seems 
to be extremely naive about trust.

some large amount of the skimming and harvesting related fraud is 
because of existing authentication paradigms that make extensive use of 
static data and shared-secrets
http://www.garlic.com/~lynn/subpubkey.html#secrets

a countermeasure could be public key and digital signature verification 
based authentication. extensive use of file-based private keys make them 
vulnerable to harvesting by viruses ... but also vulnerable to social 
engineering attacks getting naive users to divulge contents of private 
key files.

a countermeasure might be hardware tokens where the private key can't be 
divulged ... even by the token owner. however, social engineering 
attacks can still get naive users to perform fraudulent transactions on 
behalf of crooks (even in hardware token based infrastructures). 
however, the percentage of the population vulnerabile to such attacks 
might go down as complexity of the social engineering and/or the 
awareness of the user population goes up.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list