Failure of PKI in messaging
John Levine
johnl at iecc.com
Thu Feb 15 12:11:56 EST 2007
>Suppose we have a messaging service that, like Yahoo, is
>also a single signon service, ...
Then you just change the attack model.
There are a bunch of sites that do various things with your address
book ranging from the toxic Plaxo which slurps it up and sends spam to
everyone in it masquerading as an address change message from you to
more reasonable ones like LinkedIn which offers controlled messaging
to friends of friends.
Since typing in address book info by hand is hard, a lot of them sync
with your existing Outlook addressbook via a plugin, and some of them
also offer to sync with your Yahoo or or Gmail or Hotmail address
book. What a bad idea -- those are single signon systems. If you've
ever bought anything at one of their hosted stores or use one of their
premium services, it's the same credential that lets people charge
stuff to your credit card.
It gets even messier. Look at a configurable aggregator page like the
very spiffy Netvibes. It has modules to check mail at AOL, MSN,
Yahoo, Gmail, and your POP provider, all conveniently remembering your
login info. As far as I know Netvibes is reliable and competent, but
they have an extension API that lets anyone write extension modules
and offer them to Netvibes users.
I realize that readers of this list will use separate accounts for
financial info and free webmail, but the other 99.9% of people in
the world will be delighted that they only have one password to
write on a post-it rather than six.
It should be obvious why overloading phish protection onto this is an
equally bad idea -- it drops the security of the phish protection to
the security of the sleaziest aggregator module or address book site
that someone might use, and puts valuable financial and antiphish info
in the same security bucket as the three most recent subject lines
from your web mail. Thanks, but no thanks.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list