Re: SSL and Malicious Hardware/Software

2008-05-06 Thread Arcane Jill

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Steven M. Bellovin

Sent: 03 May 2008 00:51
To: Arcane Jill
Cc: cryptography@metzdowd.com
Subject: Re: SSL and Malicious Hardware/Software


  I can't think of a great way of alerting the user,

 I would be alerted immediately, because I'm using the Petname Tool
 Firefox plugin.

 For an unproxied site, I get a small green window with my own choice
 of text in it (e.g. Gmail if I'm visiting https://mail.google.com).
 If a proxy were to insert itself in the middle, that window would turn
 yellow, and the message would change to (untrusted).

Assorted user studies suggest that most users do not notice the color
of random little windows in their browsers...




The point is that the plugin does not trust the browser's list of installed 
CAs. The only thing it trusts is the fingerprint of the certificate. If the 
fingerprint is one that you, personally, (not your browser), have approved in 
the past, then the plugin is green. If not, the plugin is yellow.


Without this plugin, identifying proxies is hard, because the proxy certificate 
will likely be installed in your browser, so it will just automatically pass 
the usual SSL checks, and will appear to you as an authenticated site. If you 
have an expectation that your web traffic will not be eavesdropped en route, 
then the sudden appearance of a proxy can flout that expectation.


On the other hand, a system which checks /only/ that the certificate 
fingerprint is what you expect it to be does not suffer from the same 
disadvantage. This is a technical difference. There's more to it than just the 
color of the warning sign! (...though I do concede, a Red Alert siren would 
probably get more attention :-) ).


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: SSL and Malicious Hardware/Software

2008-05-03 Thread Steven M. Bellovin
On Fri, 2 May 2008 08:33:19 +0100
Arcane Jill [EMAIL PROTECTED] wrote:

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Phillips
 Sent: 28 April 2008 23:13
 To: Cryptography
 Subject: SSL and Malicious Hardware/Software
 
  I can't think of a great way of alerting the user,
 
 I would be alerted immediately, because I'm using the Petname Tool
 Firefox plugin.
 
 For an unproxied site, I get a small green window with my own choice
 of text in it (e.g. Gmail if I'm visiting https://mail.google.com).
 If a proxy were to insert itself in the middle, that window would
 turn yellow, and the message would change to (untrusted).
 
Assorted user studies suggest that most users do not notice the color
of random little windows in their browsers...


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


privacy expectations Was: SSL and Malicious Hardware/Software

2008-04-30 Thread Alexander Klimov
On Tue, 29 Apr 2008, Jack Lloyd wrote:
  Expectations of privacy at work vary by jurisdiction and industry. In
  the US, and say in the financial services industry, any such expectations
  are groundless (IANAL).

 Most places I have worked (all in the US) explicitly required consent
 to more or less arbitrary amounts of monitoring as a condition of
 employment.

Even if you sign a contract that you do not have any expectations
of privacy, it does not mean that you do not have them: honestly,
you do expect that your coworkers are not going to read you
personal emails, right?

http://www.securityfocus.com/columnists/421/2:

  Lance Corporal Jennifer Long was issued a government computer
  to use on a government military network. When she was
  suspected of violations of the military drug use policies (and
  of criminal laws related to drug use), Marine Corps criminal
  investigators reviewed the contents of email messages she sent
  to another military employee who was likewise using
  a government issued computer over the same government network.
  The messages were retrieved from the government mail server
  and later used against Long. On September 27, 2006, the United
  States Court of Appeals for the Armed forces had to decide
  whether Long had any expectation of privacy in these e-mails.

  The starting point for any analysis is, of course, the DoD
  policy expressed on its warning banner, which stated quite
  explicitly:

[...] All information, including personal information,
placed on or sent over this system may be monitored. Use of
this DoD computer system, authorized or unauthorized,
constitutes consent to monitoring of this system. [...]

  However, the military court, [...] found that Long did, in
  fact have some privacy interests in the contents of her
  communications. It noted that while the government said it
  could monitor, it rarely did.

-- 
Regards,
ASK

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: privacy expectations Was: SSL and Malicious Hardware/Software

2008-04-30 Thread Steven M. Bellovin
On Wed, 30 Apr 2008 12:49:12 +0300 (IDT)
Alexander Klimov [EMAIL PROTECTED] wrote:

 
 http://www.securityfocus.com/columnists/421/2:
 
   Lance Corporal Jennifer Long was issued a government computer
   to use on a government military network. When she was
   suspected of violations of the military drug use policies (and
   of criminal laws related to drug use), Marine Corps criminal
   investigators reviewed the contents of email messages she sent
   to another military employee who was likewise using
   a government issued computer over the same government network.
   The messages were retrieved from the government mail server
   and later used against Long. On September 27, 2006, the United
   States Court of Appeals for the Armed forces had to decide
   whether Long had any expectation of privacy in these e-mails.
 
   The starting point for any analysis is, of course, the DoD
   policy expressed on its warning banner, which stated quite
   explicitly:
 
 [...] All information, including personal information,
 placed on or sent over this system may be monitored. Use of
 this DoD computer system, authorized or unauthorized,
 constitutes consent to monitoring of this system. [...]
 
   However, the military court, [...] found that Long did, in
   fact have some privacy interests in the contents of her
   communications. It noted that while the government said it
   could monitor, it rarely did.
 
The actual opinion is much more nuanced and case-specific.  In the
first place, it demonstrated that the actual culture at that site was
very different.  In particular, the administrator testified that it
was general policy to avoid examining e-mails and their content
because it was a 'privacy issue'.  The court might well have ruled
differently were that not the case.

Second, the court noted that the suspected misconduct was (a) for
evidence of illegal behavior, and (b) unrelated to workplace misconduct.
And the banner wasn't specific enough: The banner in the instant case
did not provide Apellee with notice that she had no right of privacy.
Instead, the banner focused on the idea that her use of the system may
be monitored for limited purposes.

In addition, because the employer in this case was the government,
constitutional protections come into play, in a way that would not
apply to a private sector employer.  The reasoning there is complex,
especially since we're talking about the military (and soldiers have
many fewer rights than do civilians), so I won't try to summarize it;
let it suffice to say that generalizing from that case to an ordinary
workplace environment is not simple.

To sum up -- the court ruling in this particular case was very specific
to the facts of the case.  It's far from clear that it's generally
applicable.

--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Victor Duchovni
On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote:

 What are people's opinions on corporations using this tactic?  I can't
 think of a great way of alerting the user, but I would expect a pretty
 reasonable level of privacy while using an SSL connection at work.  

Expectations of privacy at work vary by jurisdiction and industry. In
the US, and say in the financial services industry, any such expectations
are groundless (IANAL).

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Leichter, Jerry
On Mon, 28 Apr 2008, Ryan Phillips wrote:
| Matt's blog post [1] gets to the heart of the matter of what we can
| trust.
| 
| I may have missed the discussion, but I ran across Netronome's 'SSL
| Inspector' appliance [2] today and with the recent discussion on this
| list regarding malicious hardware, I find this appliance appalling.
It's not the first.  Blue Coat, a company that's been building various
Web optimization/filtering appliances for 12 years, does the same thing.
I'm sure there are others.

| Basically a corporation can inject a SSL Trusted CA key in the
| keystore within their corporate operating system image and have this
| device generate a new server certificate to every SSL enabled website,
| signed by the Trusted CA, and handed to the client.  The client does a
| validation check and trusts the generated certificate, since the CA is
| trusted.  A very nice man-in-the-middle and would trick most casual
| computer users.
| 
| I'm guessing these bogus certificates can be forged to look like the
| real thing, but only differ by the fingerprint and root CA that was
| used to sign it.
|
| What are people's opinions on corporations using this tactic?  I can't
| think of a great way of alerting the user, but I would expect a pretty
| reasonable level of privacy while using an SSL connection at work.
I'm very uncomfortable with the whole business.

Corporations will of course tell you it's their equipment and is there
for business purposes, and you have no expectation of privacy while
using it.  I can understand the issues they face:  Between various
regulatory laws that impinge on the white-hot topic of data leakage
and issues of workplace discrimination arising out of questionable
sites, they are under a great deal of pressure to control what goes over
their networks.  But if monitoring everything is the stance they have to
take, I would rather that they simply block encrypted connections
entirely.

As this stuff gets rolled out, there *will* be legal issues.  On the
one hand, the whole industry is telling you HTTPS to a secure web
site - see that green bar in your browser? - is secure and private.
On the other, your employer is doing a man-in-the-middle attack and,
without your knowing it, reading your discussions with your doctor.
Or maybe gaining access to your credit card accounts - and who knows
who in the IT department might be able to sneak a peak.

Careful companies will target these appliances at particular sites.
They'll want to be able to prove that they aren't watching you order
your medications on line, lest they run into ADA problems, for example.

It's going to be very interesting to see how this all plays out.  We've
got two major trends crashing headlong into each other.  One is toward
tighter and tighter control over what goes on on a company's machines
and networks, some of it forced by regulation, some of it because we
can.  The other is the growing technological workarounds.  If I don't
like the rules on my company's network, I can buy over-the-air broadband
service and use it from my desk.  It's still too expensive for most
people today, but the price will come down rapidly.  Corporate IT will
try to close up machines to make that harder and harder to do, but at
the same time there's a growing push for IT to get out of the business
of buying, financing, and maintaining rapidly depreciating laptops.
Better to give employees a stipend and let them buy what they want -
and carry the risks.
-- Jerry


| Regards,
| Ryan
| 
| [1] http://www.crypto.com/blog/hardware_security/
| [2] http://www.netronome.com/web/guest/products/ssl_appliance

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Jack Lloyd
On Mon, Apr 28, 2008 at 10:03:38PM -0400, Victor Duchovni wrote:
 On Mon, Apr 28, 2008 at 03:12:31PM -0700, Ryan Phillips wrote:
 
  What are people's opinions on corporations using this tactic?  I can't
  think of a great way of alerting the user, but I would expect a pretty
  reasonable level of privacy while using an SSL connection at work.  
 
 Expectations of privacy at work vary by jurisdiction and industry. In
 the US, and say in the financial services industry, any such expectations
 are groundless (IANAL).

Most places I have worked (all in the US) explicitly required consent
to more or less arbitrary amounts of monitoring as a condition of
employment.

-Jack

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


SSL and Malicious Hardware/Software

2008-04-28 Thread Ryan Phillips
Matt's blog post [1] gets to the heart of the matter of what we can trust.

I may have missed the discussion, but I ran across Netronome's 'SSL
Inspector' appliance [2] today and with the recent discussion on this list
regarding malicious hardware, I find this appliance appalling. 

Basically a corporation can inject a SSL Trusted CA key in the keystore
within their corporate operating system image and have this device generate
a new server certificate to every SSL enabled website, signed by the
Trusted CA, and handed to the client.  The client does a validation check
and trusts the generated certificate, since the CA is trusted.  A very nice
man-in-the-middle and would trick most casual computer users.

I'm guessing these bogus certificates can be forged to look like the real
thing, but only differ by the fingerprint and root CA that was used to sign
it.  

What are people's opinions on corporations using this tactic?  I can't
think of a great way of alerting the user, but I would expect a pretty
reasonable level of privacy while using an SSL connection at work.  

Regards,
Ryan

[1] http://www.crypto.com/blog/hardware_security/
[2] http://www.netronome.com/web/guest/products/ssl_appliance

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]