Re: Citibank discloses private information to improve security
Ian G wrote: > This will change,. I predict that the banks will end up with the liability for phishing, for good or for bad, and they will then find it in their hearts to finance the add-ons, which will battle it out, thus leading to the 'best practices' which will be incorporated into the browsers. I think that the odds are better, historically, for the following bet: Banks will shift to the users the cost and liability for phishing, for good or for bad, and they will not finance any add-ons otherwise they would have the liability for those add-ons failing. The solution for phishing will have to come from developers and will be adopted by banks as long as (in this order): (1) the bank's liability is zero, and (2) it works. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
On Wednesday 01 June 2005 23:38, Anne & Lynn Wheeler wrote: > in theory, the KISS part of SSL's countermeasure for MITM-attack ... is > does the URL you entered match the URL in the provided certificate. An > attack is inducing a fraudulent URL to be entered for which the > attackers have a valid certificates. Firefox have added a cert domain into the status bar on the bottom of the browser. This is part way to what you suggest and a very welcome improvement to browser security. It falls short for (IMHO) 3 reasons: 1. the domain that is shown isn't the certificate domain, but is something amalgamated from the URL and the cert; which then breaks the independent check you are hoping for above. 2., the CA should be listed so as to complete the security statement. Something like "ThisCA signed the This.Domain.Com cert". This is done in the Mouseover, but not displayed all the time, and it is possible to get a Mouseover that shows a statement that is strictly false because of 1. above. (Bugs filed and all the rest...) 3. Another issue is that it is not big enough nor loud enough in the Trustbar sense to break through the current user teachings that they can ignore everything as its all safe. > Rather than complex defense in depth ... all with cracks and > vulnerabilities that attackers can wiggle around ... a better approach > would be KISS solution that had integrated approach to existing systemic > vulnerabilities. For instance, some sort of clear, un-obfuscated > indications integrated with URL selection that can leverage the existing > SSL MITM-attack countermeasures. Yes, this would be a much better way forward. Now, bear in mind that the people writing the plugins would give their left legs to get the attention and respect of the browser manufacturers so as to create this integrated solution. See various other rants... > The downside of a KISS integrated solution that eliminates existing > systemic problems (and avoids creating complex layers, each with their > individual cracks that the attackers can wiggle thru) ... is that the > only current special interest for such a solution seems to be the > victims. Some sort of fix that allows naive users to relate and enter > specific trusted URLs associated with specific tasks could fix many of > the existing infrastructure vulnerabilities. The issue is what > institutions have financial interest in designing, implementing, and > marketing such a likely "free" add-on to existing mostly "free" based > infrastructure. It appears to be much easier justify the design, > implementation and marketing of a totally new feature that can be > separately charge for. This will change,. I predict that the banks will end up with the liability for phishing, for good or for bad, and they will then find it in their hearts to finance the add-ons, which will battle it out, thus leading to the 'best practices' which will be incorporated into the browsers. (Seeing as this is prediction time, I'll stick my neck out another several kms and say it will be in about 6 months that the banks are asked to take on the liability.) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
"Heyman, Michael" <[EMAIL PROTECTED]> writes: >The false positive I was referring to is the "something is telling me >something unimportant" positive. I didn't mean to infer that the users >likely went through a thought process centered around the possible causes of >the certificate failure, specifically the likelihood of an active man-in-the- >middle vs. software bug, vs. setup error, vs. etc.. Oh, I see. So we were actually in violent agreement :-). >I've probably seen hundreds of signature validation warnings from various >web-sites for certificates and Active-X and possibly other signed content. I >can't recall needing to heed even one of the warnings. We are trying to >detect man-in-the-middle or outright spoofing with signatures and our false >positive rate is through the roof. The false positive rate must be zero or >nearly zero to work as a useful detector in real world situations. It's not just passive false-positive acceptance, users are actively encouraged by software vendors to accept verification-failed content. For example every other hardware device you install, as part of it's connect-the-dots sequence of screen shots in the install guide, shows a shot of some sort of signature- warning dialog, along with an arrow pointing to the "Ignore this warning" button to click and text telling users to, well, do what the button says. Even things like WHQL-certified drivers, which should have all the correct credentials, end up being installed in non-certified ways because the vendors submit a safe-but-slow configuration to get certified and then ship the unsafe-but-fast one to be installed (this is standard practice for any hardware where performance is the main selling point, i.e. video drivers, RAID drivers, network drivers, etc etc). Alternatively, the latest bugfix drivers are several steps ahead of the certified WHQL'd ones, so you get the same thing. For non-Windows users who haven't seen this sort of user-conditioning in documentation, here's the first half-dozen online examples of this (to save me having to scan install guides to demonstrate it): http://www.msha.gov/TECHSUPP/ACC/shortcircuit/install.htm http://support.academic.com/knowbase/root/public/acdm9103.htm http://mail.regent-college.edu/wireless/printer/w98/ http://home.cfl.rr.com/dogone/Download.htm http://129.171.91.6/firewall/InstallConfig/msie_instruction.cfm http://www.rochester.edu/its/wireless/win_IE_certificate.html Note also that the warnings for valid and invalid signed content are extremely similar, and both contain lots of text, jargon, and incomprehensible (to the average user) information. Both in effect state "Mumble mutter fnord fnord, do you want to go ahead", with the fnord-level for the valid-signature dialog being at least as high as the invalid-signature one. It'd be interesting to see if users can tell the difference between the two. This one is particularly cool: "Don't get worried by the JPilot Security Warning! Just click "YES" to install & run applet. If you don't, you can't chat!": http://mc2.vicnet.net.au/help/chathelp.html (Don't worry about those nasty warnings, just close your eyes and click your heels tog^H^H^H^Hclick OK). Just to show that it's not just ActiveX signing under Windows that's training users in this manner, here's a Unix one too: http://apps.cybersource.com/library/documentation/dev_guides/Microsoft_Commerce_Server_2002/html/install.htm Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Heyman, Michael wrote: Defense in depth can help against spoofing - this includes valid certificates, personalization (even if it is the less-than-optimal Citibank-like solution), PetName, etc. Man-in-the-middle is harder given that we have such a high false positive rate on our best weapon. i would claim that SSL-like protocol with both countermeasure for MITM-attack and eavesdropping attacks should be adequate. many of the current problems is that browsers and email clients have tended to added multiple layers of obfuscation around the URL process ... so it may be difficult for even experience users to realize what is happening a semi-counter argument for defense-in-depth is KISS ... lots of complex layers tend to create all sorts of cracks for the attackers to get thru. in theory, the KISS part of SSL's countermeasure for MITM-attack ... is does the URL you entered match the URL in the provided certificate. An attack is inducing a fraudulent URL to be entered for which the attackers have a valid certificates. so some of the recent internet phishing countermeasures are trying to rely on clear, un-obfuscated indications recognizable by even naive users. however, the tend to be add-ons, non-integrated with existing countermeasures (like SSL MITM-attack countermeasures) and leave existing systemic vulnerabilities in place. When purely static data un-obfuscated recognizable indications are used independently of MITM countermeasures a MITM can create active channels between themselves and the end-user and themselves and the website and transparently pass information between the two end-points. Rather than complex defense in depth ... all with cracks and vulnerabilities that attackers can wiggle around ... a better approach would be KISS solution that had integrated approach to existing systemic vulnerabilities. For instance, some sort of clear, un-obfuscated indications integrated with URL selection that can leverage the existing SSL MITM-attack countermeasures. The downside of a KISS integrated solution that eliminates existing systemic problems (and avoids creating complex layers, each with their individual cracks that the attackers can wiggle thru) ... is that the only current special interest for such a solution seems to be the victims. Some sort of fix that allows naive users to relate and enter specific trusted URLs associated with specific tasks could fix many of the existing infrastructure vulnerabilities. The issue is what institutions have financial interest in designing, implementing, and marketing such a likely "free" add-on to existing mostly "free" based infrastructure. It appears to be much easier justify the design, implementation and marketing of a totally new feature that can be separately charge for. some some topic drift ... one person's history of priced software: http://www.garlic.com/~lynn/2005g.html#51 http://www.garlic.com/~lynn/2005g.html#53 http://www.garlic.com/~lynn/2005g.html#54 http://www.garlic.com/~lynn/2005g.html#57 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Peter Gutmann > Sent: Tuesday, May 31, 2005 1:29 PM > > >In this situation, I believe that the users, through hard won > >experience with computers, _correctly_ assumed this was a > >false positive. > > Probably not. > [SNIP text on user's thoughts on warning dialogs] The false positive I was referring to is the "something is telling me something unimportant" positive. I didn't mean to infer that the users likely went through a thought process centered around the possible causes of the certificate failure, specifically the likelihood of an active man-in-the-middle vs. software bug, vs. setup error, vs. etc.. So, when the box popped up, in the "unimportant" vs. "important" choice that the users went through, they correctly chose "unimportant". These warning dialogs pop up regularly and usually they are crying wolf. I've probably seen hundreds of signature validation warnings from various web-sites for certificates and Active-X and possibly other signed content. I can't recall needing to heed even one of the warnings. We are trying to detect man-in-the-middle or outright spoofing with signatures and our false positive rate is through the roof. The false positive rate must be zero or nearly zero to work as a useful detector in real world situations. Defense in depth can help against spoofing - this includes valid certificates, personalization (even if it is the less-than-optimal Citibank-like solution), PetName, etc. Man-in-the-middle is harder given that we have such a high false positive rate on our best weapon. -Michael - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Ed Gerck wrote: Also, in an effort to make their certs more valuable, CAs have made digitally signed messages imply too much -- much more than they warrant or can even represent. There are now all sorts of legal implications tied to PKI signatures, in my opinion largely exagerated and casuistic. as discussed in numerous non-repudiation posts, dual-use threat posts, and posts about human signatures where the human signature implies that the person has read, understood, authorizes, approves, and/or agrees with what is read and understood .,... the validation of a digital signature with a public key implies that the message hasn't been altered since transmission and there is "something you have" authentication (the originator has access and use of the corresponding private key). the simple validation of a digital signature doesn't carry with it any of the sense of a human signature and/or non-repudiation. in most business scenarios ... the relying party has previous knowledge and contact with the entity that they are dealing with (making the introduction of PKI digital certificates redundant and superfluous). Furthermore, x.509 identity certificates possibly horribly overloaded with personal information would reprensent significant privacy issues. i've claimed that in the aads effort http://www.garlic.com/~lynn/index.html#aads not having to be pre-occupied with trying to interest relying parties in digital certificates containing information they already had we were more free to concentrate on general threat, risk and vulnerability analysis. for instance, one of the things that a relying party might be really interested in is the integrity of the environment housing a subject's private key (is it in a software file or a hardware token, if a hardware token, what are the characteristics of the hardware token, etc) and the integrity of the environment in which a digital signature was generated. one possible scenario is that CAs wanted to convince relying parties in the value of the certificates and not distract them with fundamental business integrity issues ... which might have resulted in businesses diverting money to fundamental business integrity items ... rather than spending on redundant and superfluous digital certificates likely containing information that they already had (i.e. having digital certificates would result in magical fu-fu dust being sprinkled over the rest of the infrastructure automagically precluding any such integrity problems?). furthermore they could spread semantic confusion ... somehow implying that because the term "digital signature" contained the word "signature" ... it was somehow related to a human signature. lots of collected past postings related to fraud, exploits. vulernabilities, etc http://www.garlic.com/~lynn/subpubkey.html#fraud some number of posts on account number harvesting http://www.garlic.com/~lynn/subpubkey.html#harvest - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
oops, sorry, forgot to include this one Hong Kong banks to introduce two-factor authentication for online transactions http://www.finextra.com/fullstory.asp?id=13744 Banks in Hong Kong are set to introduce two-factor authentication services to the country's 2.7 million Internet banking customers next month. ... snip ... and lots of collected posts on 3-factor authentication paradigm http://www.garlic.com/~lynn/subpubkey.html#3factor * something you have * something you know * something you are - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
just for the heck of it ... something today more from the physical world ATM scams added to GASA’s fraud library http://www.atmmarketplace.com/news_story_23307.htm CAPE TOWN, South Africa and BROOKINGS, S.D. — The ATM Industry Association's Global ATM Security Alliance launched its online library of ATM fraud, according to a news release. The library is part of Cognito, GASA’s global ATM crime data management system. ... snip ... ... and http://www.globalasa.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Steven M. Bellovin wrote: Bank of America is adopting some new schemes that might help. First, they're asking users to select a picture the user selected at registration time. The theory is presumably that a phishing site won't have the right image for you. Second, you can "register" your computer; if your account is accessed from another computer, additional authentication is demanded, thus rendering a compromised password much less useful. I think both schemes will help; I doubt that either will stop the problems. a couple more BofA rolls out authentication tools after data breach incident http://eyeonit.itmanagersjournal.com/article.pl?sid=05/05/27/1816200 Bank of America looks to protect Online users with SiteKey http://tech.monstersandcritics.com/news/article_1002765.php/Bank_of_America_looks_to_protect_Online_users_with_SiteKey Payments News: Bank of America Launches SiteKey http://www.paymentsnews.com/2005/05/bank_of_america.html Bank of America | Sign up for the SiteKey Service http://www.bankofamerica.com/privacy/passmark/ Bank of America takes on cyberscams http://news.com.com/Bank+of+America+takes+on+cyberscams/2100-1029_3-5722035.html Bank Of America Fights Phishing With New Authentication http://informationweek.smallbizpipeline.com/news/163701500 Bank of America Announces Industry-Leading Security Feature ... http://money.cnn.com/services/tickerheadlines/prn/200505261000PR_NEWS_USPR_CLTH009.htm Bank of America's SiteKey scrutinized http://news.com.com/2061-10789_3-5723556.html?part=rss&tag=5723556&subj=news - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Steven M. Bellovin wrote: Bank of America is adopting some new schemes that might help. First, they're asking users to select a picture the user selected at registration time. The theory is presumably that a phishing site won't have the right image for you. Second, you can "register" your computer; if your account is accessed from another computer, additional authentication is demanded, thus rendering a compromised password much less useful. I think both schemes will help; I doubt that either will stop the problems. http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm but they appear to be vulnerable to MITM-attacks a recent thread http://seclists.org/lists/fulldisclosure/2005/May/0629.html http://seclists.org/lists/fulldisclosure/2005/May/0637.html http://seclists.org/lists/fulldisclosure/2005/May/0639.html http://seclists.org/lists/fulldisclosure/2005/May/0644.html - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Bank of America is adopting some new schemes that might help. First, they're asking users to select a picture the user selected at registration time. The theory is presumably that a phishing site won't have the right image for you. Second, you can "register" your computer; if your account is accessed from another computer, additional authentication is demanded, thus rendering a compromised password much less useful. I think both schemes will help; I doubt that either will stop the problems. http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Adam Fields wrote: Moreover, in my experience (as I've mentioned before on this list), noticing an invalid certificate is absolutely useless if the banks won't verify via another channel a) that it changed, b) what the new value is or c) what the old value is. I've tried. They won't/can't. one might claim then that a solution is to go to a PGP-like repository of trusted public keys (in addition to and/or in conjunction of typical browser repostiory of trusted certification authority public keys). the URL & public key are loaded into the repository and some out-of-band process is used to establish the "trust" level of the information ... and you are involving the end-user in the trust establishment process. For convenience ... enable this from bookmark and end-user clicks on trusted URLs. then rather than browser using webserver supplied certificate as part of SSL process, the browser uses the onfile trusted public key for that URL. http://www.garlic.com/~lynn/subpubkey.html#certless a threat is social-engineering can convince some number of naive users to do just about anything ... including things like updating a trusted public key repository ... and clicking on email obfuscated URLs (what the email claims to be the URL ... in unrelated to what the URL actually is). a major problem is that a large percentage of the population seems to be extremely naive about trust. some large amount of the skimming and harvesting related fraud is because of existing authentication paradigms that make extensive use of static data and shared-secrets http://www.garlic.com/~lynn/subpubkey.html#secrets a countermeasure could be public key and digital signature verification based authentication. extensive use of file-based private keys make them vulnerable to harvesting by viruses ... but also vulnerable to social engineering attacks getting naive users to divulge contents of private key files. a countermeasure might be hardware tokens where the private key can't be divulged ... even by the token owner. however, social engineering attacks can still get naive users to perform fraudulent transactions on behalf of crooks (even in hardware token based infrastructures). however, the percentage of the population vulnerabile to such attacks might go down as complexity of the social engineering and/or the awareness of the user population goes up. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Ed Gerck wrote: Suppose you choose "A4RT" as your codeword. The codeword has no privacy concern (it does not identify you) and is dynamic -- you can change it at will, if you suspect someone else got it. Compare with the other two identifiers that Citibank is using. Your full name is private and static. The ATM's last-four is private and static too (unless you want the burden to change your card often). I agree on the privacy issue, your point is well taken there. Lance James wrote: But from your point, the codeword would be in the clear as well. Respectively speaking, I don't see how either solution would solve this. Ed Gerck wrote: List, In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the ATM card. -- Best Regards, Lance James Secure Science Corporation www.securescience.com Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Have Phishers stolen your customers' logins? Find out with DIA https://slam.securescience.com/signup.cgi - it's free! - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
"Heyman, Michael" <[EMAIL PROTECTED]> writes: >In this situation, I believe that the users, through hard won experience with >computers, _correctly_ assumed this was a false positive. Probably not. This issue was discussed at some length on the hcisec list, (security usability, http://groups.yahoo.com/group/hcisec/), e.g: -- Snip -- In my experience with helping out non-technical users, certificates are treated as a purely boolean option, either they're valid or they're not. In fact usually the validity of certificates isn't even an option, either you get a warning dialog or you don't, the actual text may as well be written in Swahili. People don't understand (or maybe don't want to understand) the technical explanations that browsers throw up for them. So an expired cert would have the same status as one for the wrong site or a dozen other reasons why the browser would throw up a warning. I did some even less rigorous checking (i.e. asked a few users who were handy) why they would have done something like this if they'd been one of the 300 and their response was that since it was a known site that they'd dealt with before, they'd assume it was some config error and continue anyway. Several of them had had similar problems with things like hotmail (that is, not SSL- related but just general "it didn't work when I tried it" problems), where clicking OK to get rid of warnings or waiting half an hour and trying again had fixed things. This was just another random site error that they would have navigated around. -- Snip -- For more discussion, see the list archives. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
On Tue, May 31, 2005 at 02:45:56PM +0100, Ian G wrote: > On Saturday 28 May 2005 18:47, James A. Donald wrote: > > > Do we have any comparable experience on SSH logins? > > Existing SSH uses tend to be geek oriented, and do not > > secure stuff that is under heavy attack. Does anyone > > have any examples of SSH securing something that was > > valuable to the user, under attack, and then the key > > changed without warning? How then did the users react? > > I've heard an anecdote on 2 out of 3 of those criteria: > > In a bank that makes heavy use of SSH, the users have > to phone the help desk to get the key reset when the > warning pops up. The users of course blame the tool. > > I suspect in time the addition of certificate based > checking into SSH or the centralised management > of keys will overcome this. > The solution for intramural use of SSH is to use Kerberos for mutual authentication, this obviates the need for per-user known hosts files. Though it took some time for the code that correctly integrates Kerberos into OpenSSH to be adopted, AFAIK this is now done. If it is not (please apply suitable prods to maintainers, as the code has been available for some time). The key obstacle was to allow Kerberos mutual auth to not only log the user in, but to also authenticate the server despite any mismatch in the (now ephemeral) RSA keys. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
With bank web sites, experience has shown that only 0.3% of users are deterred by an invalid certificate, probably because very few users have any idea what a certificate authority is, what it does, or why they should care. (And if you have seen the experts debating what a certificate authority is and what it certifies, chances are that those few who think they know are wrong) Well, I have some usability tests that seem to prove your intuitive claim that most users don't know what's a CA. I don't know about arguments between experts on this. I think however that even naive users understand quite the TrustBar UI for SSL protected sites. We display something like identified by . I'll appreciate your thoughts/feedback, try it at http://TrustBar.MozDev.org. -- Best regards, Amir Herzberg Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com New: see my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame.html - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
On Saturday 28 May 2005 18:47, James A. Donald wrote: > Do we have any comparable experience on SSH logins? > Existing SSH uses tend to be geek oriented, and do not > secure stuff that is under heavy attack. Does anyone > have any examples of SSH securing something that was > valuable to the user, under attack, and then the key > changed without warning? How then did the users react? I've heard an anecdote on 2 out of 3 of those criteria: In a bank that makes heavy use of SSH, the users have to phone the help desk to get the key reset when the warning pops up. The users of course blame the tool. I suspect in time the addition of certificate based checking into SSH or the centralised management of keys will overcome this. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of James A. Donald > Sent: Saturday, May 28, 2005 1:48 PM > > With bank web sites, experience has shown that only 0.3% of > users are deterred by an invalid certificate, probably > because very few users have any idea what a certificate > authority is, what it does, or why they should care. > I assume you refer to the BankDirect case with the accidentally invalid certificate. In this situation, I believe that the users, through hard won experience with computers, _correctly_ assumed this was a false positive. If an attack had actually occurred, the users would have been wrong. Luckily for them, they were correct and did not let the mistake interfere with their commerce. The one in 300 users that did let the mistake interfere wasted their time and, perhaps, money if they lost money due to the delay in access. As it stands, the system works reasonably well (of course it still has its share of problems). If 300 out of 300 users wasted time and money because of the mistake (say if the system were designed so users could not bypass the possibly bad certificate warning), the security folks in ivory towers may pat themselves on the back saying, "look, the system works great!" - the actual users of the technology would be more then a little ticked. A brittle system that cannot accept failures will always have trouble dealing with us fallible types. I'm not familiar with the BankDirect site, but if it like banking sites I am used to, it is fairly impersonal and easy to spoof. One way to reduce the ease-of-spoof factor is to add many ways to identify the bank web site. If one or two of them fail, the web site is probably still valid. Ways to identify a site include certificates, personalized greetings ("Hello Michael, Welcome back, you haven't been here in 4 days and we've missed you"), code words, the PetName tool, green light by anti-phishing software, even the URL and overall look-and-feel. So what if a couple of them fail? That happens all the time and we have to expect that and design our systems to work in spite of it. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
"James A. Donald" <[EMAIL PROTECTED]> writes: >With bank web sites, experience has shown that only 0.3% of users are >deterred by an invalid certificate, probably because very few users have any >idea what a certificate authority is, what it does, or why they should care. James (and others): I really wouldn't cite the BankDirect figure as a hard value, since it represents just a single user, who may in turn have clicked on the wrong button (i.e. the real figure could have been 0%). It'd be better to say "statistically insignificant" or "negligible" or some other close-to-or- equal-to-zero synonym. Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
On Sat, May 28, 2005 at 10:47:56AM -0700, James A. Donald wrote: [..] > With bank web sites, experience has shown that only 0.3% > of users are deterred by an invalid certificate, > probably because very few users have any idea what a > certificate authority is, what it does, or why they > should care. (And if you have seen the experts debating > what a certificate authority is and what it certifies, > chances are that those few who think they know are > wrong) Moreover, in my experience (as I've mentioned before on this list), noticing an invalid certificate is absolutely useless if the banks won't verify via another channel a) that it changed, b) what the new value is or c) what the old value is. I've tried. They won't/can't. > Do we have any comparable experience on SSH logins? > Existing SSH uses tend to be geek oriented, and do not > secure stuff that is under heavy attack. Does anyone > have any examples of SSH securing something that was > valuable to the user, under attack, and then the key > changed without warning? How then did the users react? Every time this has happened to someone I know who uses SSH, it's been immediate cause for alarm, causing a phone call to the person who administers the box asking "what the? did you reinstall the OS again?". -- - Adam ** I can fix your database problems: http://www.everylastounce.com/mysql.html ** Blog... [ http://www.aquick.org/blog ] Links.. [ http://del.icio.us/fields ] Photos. [ http://www.aquick.org/photoblog ] Experience. [ http://www.adamfields.com/resume.html ] Product Reviews: .. [ http://www.buyadam.com/blog ] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
-- On 26 May 2005 at 11:24, Ed Gerck wrote: > A better solution, along the same lines, would have > been for Citibank to ask from their account holders > when they login for Internet banking, whether they > would like to set up a three- or four-character > combination to be used in all emails from the bank to > the account holder. This combination would not be > static, because it could be changed by the user at > will, and would not identify the user in any other > way. An even better solution would be if email clients silently did key continuity checking on a signature hidden in the email headers, if such a header is present, and then popped up an SSH style dialog if an accustomed key is absent or changed. With bank web sites, experience has shown that only 0.3% of users are deterred by an invalid certificate, probably because very few users have any idea what a certificate authority is, what it does, or why they should care. (And if you have seen the experts debating what a certificate authority is and what it certifies, chances are that those few who think they know are wrong) Do we have any comparable experience on SSH logins? Existing SSH uses tend to be geek oriented, and do not secure stuff that is under heavy attack. Does anyone have any examples of SSH securing something that was valuable to the user, under attack, and then the key changed without warning? How then did the users react? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9xkPv5IiSbkDSyL+VmtW44PAr2ChEHEncpVVVLUp 4PtEJ+TutEYw9poqnX74X8nSltnDV22OJDPqsG1cS - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Wells Fargo reported to me some time ago that they tried using digitally signed S/MIME email messages and it did not work even for their _own employees_. Also, in an effort to make their certs more valuable, CAs have made digitally signed messages imply too much -- much more than they warrant or can even represent. There are now all sorts of legal implications tied to PKI signatures, in my opinion largely exagerated and casuistic. If someone forges a digitally signed Citibank message, or convincingly spoofs it, the liability might be too large to even think of it. Using a non-signed codeword that the user has defined beforehand allows the user to have a first proof that the message is legitimate. Since the user chooses it, there is no privacy concern or liability for the bank. Of course, here trust decreases with time -- a fresh codeword is more valuable. But if the user can refresh it at will, each user will have the security that he wants. Matt Crawford wrote: On May 26, 2005, at 13:24, Ed Gerck wrote: A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the bank to the account holder. Why couldn't they just use digitally signed S/MIME email? I'm sure that works just as well as signed SSL handshakes. Oh. Answered my own question, didn't I? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
On May 26, 2005, at 13:24, Ed Gerck wrote: A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the bank to the account holder. Why couldn't they just use digitally signed S/MIME email? I'm sure that works just as well as signed SSL handshakes. Oh. Answered my own question, didn't I? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
Suppose you choose "A4RT" as your codeword. The codeword has no privacy concern (it does not identify you) and is dynamic -- you can change it at will, if you suspect someone else got it. Compare with the other two identifiers that Citibank is using. Your full name is private and static. The ATM's last-four is private and static too (unless you want the burden to change your card often). Lance James wrote: But from your point, the codeword would be in the clear as well. Respectively speaking, I don't see how either solution would solve this. Ed Gerck wrote: List, In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the ATM card. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Citibank discloses private information to improve security
But from your point, the codeword would be in the clear as well. Respectively speaking, I don't see how either solution would solve this. Ed Gerck wrote: List, In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the ATM card. Not only are these personal identifiers sent in an insecure communication, such use is not authorized by the person they identify. Therefore, I believe that some points need to be made in regard to right to privacy and security expectations. It's the usual tactic of pushing the liability to the user. The account holder gets the full liability for the "security" procedure used by the bank. A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the bank to the account holder. This combination would not be static, because it could be changed by the user at will, and would not identify the user in any other way. Private, identifying information of customers have been used before by banks for customer login. The account holder's name, the ATM card number, the account number, and the SSN have all been used, and abandoned, for Internet banking login. Why? Because of the increased exposure creating additional risks. Now, with the unilateral disclosure by Citibank of the account holder's name as used in the account and the last four digits of the ATM number, Citibank is back tracking its own advances in user login (when they abandoned those identifiers). Of course, banks consider the ATM card their property, as well as the number they contain. However, the ATM card number is a unique personal identifier and should not be disclosed in a plaintext email without authorization. A much better solution (see above) exists, even using plaintext email -- use a codeword that is agreed beforehand with the user. This would be a win-win solution, with no additional privacy and security risk. Or is email becoming even more insecure, with our private information being more and more disclosed by those who should actually guard it, in the name of security? Cheers, Ed Gerck -- Best Regards, Lance James Secure Science Corporation www.securescience.com Author of 'Phishing Exposed' http://www.securescience.net/amazon/ Have Phishers stolen your customers' logins? Find out with DIA https://slam.securescience.com/signup.cgi - it's free! - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Citibank discloses private information to improve security
List, In an effort to stop phishing emails, Citibank is including in a plaintext email the full name of the account holder and the last four digits of the ATM card. Not only are these personal identifiers sent in an insecure communication, such use is not authorized by the person they identify. Therefore, I believe that some points need to be made in regard to right to privacy and security expectations. It's the usual tactic of pushing the liability to the user. The account holder gets the full liability for the "security" procedure used by the bank. A better solution, along the same lines, would have been for Citibank to ask from their account holders when they login for Internet banking, whether they would like to set up a three- or four-character combination to be used in all emails from the bank to the account holder. This combination would not be static, because it could be changed by the user at will, and would not identify the user in any other way. Private, identifying information of customers have been used before by banks for customer login. The account holder's name, the ATM card number, the account number, and the SSN have all been used, and abandoned, for Internet banking login. Why? Because of the increased exposure creating additional risks. Now, with the unilateral disclosure by Citibank of the account holder's name as used in the account and the last four digits of the ATM number, Citibank is back tracking its own advances in user login (when they abandoned those identifiers). Of course, banks consider the ATM card their property, as well as the number they contain. However, the ATM card number is a unique personal identifier and should not be disclosed in a plaintext email without authorization. A much better solution (see above) exists, even using plaintext email -- use a codeword that is agreed beforehand with the user. This would be a win-win solution, with no additional privacy and security risk. Or is email becoming even more insecure, with our private information being more and more disclosed by those who should actually guard it, in the name of security? Cheers, Ed Gerck -- I use ZSentry Mail Secure Email https://zsentry.com/R/index.html/[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]