At 11:10 PM 3/23/2003 -0500, Ian Grigg wrote:
Who's afraid of Mallory Wolf?

slight observations ... i've heard of no cases of credit card number intercepted on the internet "in flight" (requiring crypto) ... and no known cases of MITM attack (requiring certificates)

However there have been some cases of impersonation ... being directed to a counterfeit web-site. I know of no cases of that being done with DNS cache poisoning ... which is also what certificates are targeted at ... both MITM and other impersonations of various kind. the ones i'm aware of is that the person clicks on some URL and goes to that site .... which is a counterfeit website. This isn't caught by SSL ... since it just compares the domain name in the URL against the domain name in the certificate presented by the server. Since the subterfuge happens well before any DNS cache is involved ... the SSL check of matching domain names doesn't catch anything. There have also been various impersonation involving frames and other screen painting techniques.

There have been cache poisonings (ip-address take over) ... there have been also incidents in the press of domain name hijacking ... sending updates to domain name infrastructure convincing them that somebody else is the new domain name owner. getting a new certificate as the new domain name owner is also a way of subverting the SSL check of matching domain names.
people registering public keys at the same time they register domain names was one of the suggested countermeasures to domain name hijacking.

There was another press thing last week regarding DNS attacks. The issue raised by the DNS attack last fall and the latest warning is that these have the potential to bring the internet to a halt.,10801,79576,00. html

so there is some effort regarding dns integrity because of its critical importance for just having internet function at all.

past dns attack refs:
also,1080 1,75564,00.html

from a cost of business standpoint ... i've suggested why not use the existing DNS infrastructure to distribute server public keys in the same way they distribute ip-address (they are pieces of information bound to the domain name, a function of the domain name infrastructure).... and are capable of distributing other things ... like administrative & technical contacts .... although that is getting restricted ... some bleed over from pkix The case against directories The case against directories

they could be naked public keys ... which would also be subject to DNS cache poisoning ... or they could be "signed" public keys .... doesn't need all the baggage of x509 certs ... can just be really simple signed public key.

Slightly related to the above posting about long ago and far away .... when looking at allowing people (20 plus years ago) on business trips to use portable terminals/PCs to dial in and access the internal network/email .... a vulnerability assesement found that one of the highest problem areas was hotel PBXs. as a result a special 2400 baud encrypting modem was created. encrypting modem anecdote from the time: Security Proportional to Risk (was: IBM Mainframe at home)

... these weren't in any related to the link encrypters from the previous reference (aka supposedly over half of the link encrypters in the world were installed on the internal network).

in any case, there was a big concern about numerous kinds of evesdropping ... requiring encryption for information hiding. however, the current internet credit card scenario seems to be that it is so much easier to harvest a whole merchant file with tens or hundreds of thousands of numbers ... than trying to get them one or two at a time off some internet connection.

note that the x9.59 approach has always been to remove the credit card numbers as a point of attack (form of shared-secret) by requiring all transactions to be authenticated. as a result, just knowing the number isn't sufficient for fraud (countermeasure against all account number harvesting .... regardless of the technique and whether insider or outsider attack):
the low-hanging fruit theory is that if merchant sites were armored then there could be more interest in evesdropping-based harvesting ... (leading to more demand for internet encryption). However. armoring merchant sites is difficult since 1) there are potentially millions, 2) human mistake is frequent/common vulnerability, 3) still leaves insiders as threat.

other parts of security proportional to risk thread: Security Proportional to Risk (was: IBM Mainframe at home) Security Proportional to Risk (was: IBM Mainframe at home) Security Proportional to Risk (was: IBM Mainframe at home) Security Proportional to Risk (was: IBM Mainframe at home) Security Proportional to Risk (was: IBM Mainframe at home) Security Proportional to Risk (was: IBM Mainframe at home)
Anne & Lynn Wheeler
Internet trivia 20th anv

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to