Re: Security through kittens, was Solving password problems
James A. Donald jam...@echeque.com writes: The interesting thing is that it and similar phishes do not seem to have been all that successful - few people seemed to notice at all, the general reaction being to simply hit the spam key reflexively, much as people click away popup warnings reflexively, and are unaware that there ever was a popup. Why the attack resistance? I conjecture that: 1. User normally enters his password in an environment that looks nothing like a web page, so being asked to do so in a web page automatically makes him suspicious - it is a deviation from normal workflow 2. Blizzard never communicates by email, so receiving email from blizzard automatically makes the user suspicious. You'd really need to perform a controlled experiment to see which factors actually affect this. For example another factor could be that the gamer demographic is more aware of phishing than Joe Sixpack and therefore less likely to become a target. Or that they're more interested in gaming than account management and just ignore the message. It'd be interesting to see what the contributing factors are (although if it's more interested in gaming than account management then it doesn't translate to other areas much). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
Clever though this scheme is, man-in-the middle attacks make it no better than a plain SSL login screen. Since the bad guy knows what site you're trying to reach, he can use your usercode to fetch the shared secret from the real site and present it to you on his fake site. It's true, the fake site won't have the same URL as the real site, but if the security of this scheme still depends on people scrutinizing the browser's address bar to be sure they're visiting the site they think they are, how is this any better than an ordinary kitten-free SSL login screen? If there is actual security value in it (as opposed to security theater) presumably it is that the MITM has to interact with the bank site to present the username and fetch the image in order to complete the phish. The bank site would monitor for a client address that makes multiple requests with different usernames and shut off its access quickly. The MITM could of course get around this by using multiple client addresses to make these requests, but this raises the bar for an effective MITM. Does it raise it enough to justify the cost of deploying these schemes? Apparently the banks think so, or they're doing them for some other reason (theater, peer pressure, whatever). - RL Bob - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
John Levine jo...@iecc.com writes: Clever though this scheme is, man-in-the middle attacks make it no better than a plain SSL login screen. You don't even need a MITM, just replace the site image on your phishing site with either a broken- image picture or a message that your award-winning site-image software is being upgraded and will be back soon and it's rendered totally ineffective. Ref: The Emperor's New Security Indicators, Stuart Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. These things are as worthless as most of the other wish-it-was-two-factor authentication methods that US banks have deployed in reaction to the FFIEC guidance (in the case of Sitekey, it's the top-rated URL for the Prg malware, indicating that it presents no problem at all for the phishers). The best two-factor I've seen to date is the New Horizons Community Credit Union, whose idea of two-factor auth is Oh, we got both kinds. We got user name *and* password. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
This means a site paying attention to such things could notice a change in IP address, or, if several users were attacked this way, notice repeated connections from the same IP. (Granted the MITM could distribute the queries over a botnet, but it raises the bar somewhat.) I have no idea if sites do such check, just speculation on my part. You're right, but it's not obvious to me how a site can tell an evil MITM proxy from a benign shared web cache. The sequence of page accesses would be pretty similar. I suppose that you could hope that legitimate HTTPS requests would come direct from the client machine, so requests for multiple users on the same IP would be suspicious, but on networks like AOL's, I wouldn't count on it working that way. R's, John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
On Wed, 2009-02-25 at 14:53 +, John Levine wrote: You're right, but it's not obvious to me how a site can tell an evil MITM proxy from a benign shared web cache. The sequence of page accesses would be pretty similar. There is no such thing as a benign web cache for secure pages. If you detect something doing caching of secure pages, you need to shut them off just as much as you need to shut off any other MITM. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
On Wed, 25 Feb 2009 10:04:40 -0800 Ray Dillinger b...@sonic.net wrote: On Wed, 2009-02-25 at 14:53 +, John Levine wrote: You're right, but it's not obvious to me how a site can tell an evil MITM proxy from a benign shared web cache. The sequence of page accesses would be pretty similar. There is no such thing as a benign web cache for secure pages. If you detect something doing caching of secure pages, you need to shut them off just as much as you need to shut off any other MITM. It's not caching such pages; it is acting as a TCP relay for the requests, without access to the keys. These are utterly necessary for some firewall architectures, for example, and generally do not represent a security threat beyond traffic analysis. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
John Levine jo...@iecc.com writes: Clever though this scheme [kittens] is, man-in-the middle attacks make it no better than a plain SSL login screen. Peter Gutmann wrote: You don't even need a MITM, just replace the site image on your phishing site with either a broken- image picture or a message that your award-winning site-image software is being upgraded and will be back soon and it's rendered totally ineffective. Assume we have this great process, perhaps password-authenticated key agreement, perhaps kitten based, that guarantees we are phish proof it the user actually uses it. How do we make the workflow and user interface so that if the user is asked to bypass our great process, he hears alarm bells? When it comes to workflows, the WoW interface seems to work quite well WoW accounts control WoW gold, typically $50 to $100 worth, so WoW accounts are a popular phish target: An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here: WoW - Legal - End User License Agreement and Section 8 of the Terms of Use found here: WoW - Legal - Terms of Use The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated. In order to keep this from occurring, you should immediately verify that you are the original owner of the account. To verify your identity please visit the following webpage: https://www.worldofwarcraft.com/login/login?service=https%3A%2F%2Fwww... Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft. This phish used a flaw in the official WoW website to redirect an https login with WoW to an https login with the scammer site. The interesting thing is that it and similar phishes do not seem to have been all that successful - few people seemed to notice at all, the general reaction being to simply hit the spam key reflexively, much as people click away popup warnings reflexively, and are unaware that there ever was a popup. Most accounts are lost through keyloggers - rather phishing, the attacker has to take over the end user's computer completely. Why the attack resistance? I conjecture that: 1. User normally enters his password in an environment that looks nothing like a web page, so being asked to do so in a web page automatically makes him suspicious - it is a deviation from normal workflow 2. Blizzard never communicates by email, so receiving email from blizzard automatically makes the user suspicious. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Security through kittens, was Solving password problems
you enter a usercode in the first screen, you are presented with a second screen to enter your password. The usercode is a mnemonic 6-character code such as HB75RC (randomly generated, you receive from the server upon registration). Your password is freely choosen by you upon registration.That second screen also has something that you and the correct server know but that you did not disclose in the first screen -- This scheme is quite popular with banks. I have at least three accounts where I enter my user name in one screen, then on a second password entry screen it shows me a picture chosen when I set up the account along with a caption I wrote. They have a large library of pictures of cute animals, household appliances, and so forth. Clever though this scheme is, man-in-the middle attacks make it no better than a plain SSL login screen. Since the bad guy knows what site you're trying to reach, he can use your usercode to fetch the shared secret from the real site and present it to you on his fake site. It's true, the fake site won't have the same URL as the real site, but if the security of this scheme still depends on people scrutinizing the browser's address bar to be sure they're visiting the site they think they are, how is this any better than an ordinary kitten-free SSL login screen? Another bank sent me a dongle that generates a timestamped six-digit number that I use as part of the login. Even with the dongle, MITM attacks are still effective. The bad guy can only steal one session rather than a user's permanent credentials, but that's still plenty to, e.g., wire money out of the country. The only thing I've been able to come up with that seems even somewhat secure is a USB dongle that plugs into your computer and can set up an end-to-end encrypted channel with the bank, and that has a screen big enough that once you've set up your transaction in your browser, the bank then sends a description to the dongle to display on its screen, and YES and NO buttons on the dongle itself. Unless the screen and the buttons are physically part of the dongle, you're still subject to MITM attacks. But a dongle with a screen big enough for my 87 year old father to read, and buttons big enough for him to push reliably would be unlikely to fit on his keychain. It's a very hard problem. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor More Wiener schnitzel, please, said Tom, revealingly. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com