"Steven M. Bellovin" <s...@cs.columbia.edu> writes: >http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/ -- we've talked >about this attack for quite a while; someone has now implemented it.
My analysis of this (part of a much longer writeup): -- Snip -- [...] it's now advantageous for attackers to spoof non-SSL rather than their previous practice of trying to spoof SSL. The reason for this is that the Hamming distance beteween the eye-level SSL indicators and the no-SSL indicators (even without using the trick of putting a blue border around the favicon) is now so small that, as shown in the magnified view in [Reference to graphic snipped], it's barely noticeable (imagine this crammed up into the corner of a 1280 x 1024 display, at which point the difference is practically invisible). What makes this apparently counterintuitive spoof worthwhile is the destructive interaction between the near-invisible indicators and the change in the way that certificate errors are handled. In Firefox 3 any form of certificate error (including minor bookkeeping ones like forgetting to pay your annual CA tax) results in a huge scary warning that requires a great many clicks to bypass. In contrast not having a certificate at all produces almost no effect. Since triggering negative feedback from the browser is something that attackers generally want to avoid while failing to trigger positive feedback has little to no effect, the unfortunate interaction of these two changes in Firefox is that it's now of benefit to attackers to spoof non-SSL rather than spoofing SSL. -- Snip -- It's the law of unintended consequences in effect, HCI people pointed out some time ago that the change in the security indicators in FF3 was a bad idea but AFAIK 'Moxie Marlinspike' is the first person to show that it's even worse than that because of the destructive interaction between the security-indicator change and the cert-warning change. The first step in fixing this would be to undo several of the UI changes that lead to the easily-spoofed security indicators in FF3 and bring back the FF2 versions, which would at least partially upset the nasty interaction that makes this attack effective. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com