"Steven M. Bellovin" <s...@cs.columbia.edu> writes:

>http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/ -- we've talked
>about this attack for quite a while; someone has now implemented it.

My analysis of this (part of a much longer writeup):

-- Snip --

[...] it's now advantageous for attackers to spoof non-SSL rather than their
previous practice of trying to spoof SSL.  The reason for this is that the
Hamming distance beteween the eye-level SSL indicators and the no-SSL
indicators (even without using the trick of putting a blue border around the
favicon) is now so small that, as shown in the magnified view in [Reference to
graphic snipped], it's barely noticeable (imagine this crammed up into the
corner of a 1280 x 1024 display, at which point the difference is practically
invisible).  What makes this apparently counterintuitive spoof worthwhile is
the destructive interaction between the near-invisible indicators and the
change in the way that certificate errors are handled.  In Firefox 3 any form
of certificate error (including minor bookkeeping ones like forgetting to pay
your annual CA tax) results in a huge scary warning that requires a great many
clicks to bypass.  In contrast not having a certificate at all produces almost
no effect.  Since triggering negative feedback from the browser is something
that attackers generally want to avoid while failing to trigger positive
feedback has little to no effect, the unfortunate interaction of these two
changes in Firefox is that it's now of benefit to attackers to spoof non-SSL
rather than spoofing SSL.

-- Snip --

It's the law of unintended consequences in effect, HCI people pointed out some 
time ago that the change in the security indicators in FF3 was a bad idea but 
AFAIK 'Moxie Marlinspike' is the first person to show that it's even worse 
than that because of the destructive interaction between the 
security-indicator change and the cert-warning change.

The first step in fixing this would be to undo several of the UI changes that 
lead to the easily-spoofed security indicators in FF3 and bring back the FF2 
versions, which would at least partially upset the nasty interaction that 
makes this attack effective.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to