Re: Trojan horse attack involving many major Israeli companies, executives

2005-06-02 Thread Anne Lynn Wheeler

Amir Herzberg wrote:
Nicely put, but I think not quite fair. From friends in financial and 
other companies in the states and otherwise, I hear that Trojans are 
very common there as well. In fact, based on my biased judgement and 
limited exposure, my impression is that security practice is much better 
in Israeli companies - both providers and users of IT - than in 
comparable companies in most countries. For example, in my `hall of 
shame` (link below) you'll find many US and multinational companies 
which don't protect their login pages properly with SSL (PayPal, Chase, 
MS, ...). I've found very few Israeli companies, and of the few I've 
found, two actually acted quickly to fix the problem - which is rare! 
Most ignored my warning, and few sent me coupons :-) [seriously]


Could it be that such problems are more often covered-up in other 
countries? Or maybe that the stronger awareness in Israel also implies 
more attackers? I think both conclusions are likely. I also think that 
this exposure will further increase awareness among Israeli IT managers 
and developers, and hence improve the security of their systems.


there is the story of the (state side) financial institution that was 
outsourcing some of its y2k remediation and failed to perform due 
diligence on the (state side) lowest bidder ... until it was too late 
and they were faced with having to deploy the software anyway.


one of the spoofs of SSL ... was originally it was supposed to be used 
for the whole shopping experience from the URL the enduser entered, thru 
shopping, checkout and payment. webservers found that with SSL they took 
a 80-90% performance hit on their thruput ... so they saved the use of 
SSL until checkout and payment. the SSL countermeasure to MITM-attack is 
that the URL the user entered is checked against the URL in the 
webserver certificate. However, the URL the users were entering weren't 
SSL/HTTPS ... they were just standard stuff ... and so there wasn't any 
countermeasure to MITM-attack.


If the user had gotten to a spoofed MITM site ... they could have done 
all their shopping and then clicked the checkout button ... which might 
provide HTTPS/SSL. however, if it was a spoofed site, it is highly 
probable that the HTTPS URL provided by the (spoofed site) checkout 
button was going to match the URL in any transmitted digital 
certificate. So for all, intents and purposes .. most sites make very 
little use of https/ssl as countermeasure for MITM-attacks ... simply 
encryption as countermeasure for skimming/harvesting (evesdropping).


in general, if the naive user is clicking on something that obfuscates 
the real URL (in some case they don't even have to obfuscate the real 
URL) ... then the crooks can still utilize https/ssl ... making sure 
that they have a valid digital certificate that matches the URL that 
they are providing.


the low-hanging fruit of fraud ROI ... says that the crooks are going to 
go after the easiest target, with the lowest risk, and the biggest 
bang-for-the buck. that has mostly been the data-at-rest transaction 
files. then it is other attacks on either of the end-points. attacking 
generalized internet channels for harvesting/skimming appears to be one 
of the lowest paybacks for the effort. in other domains, there have been 
harvesting/skimming attacks ... but again mostly on end-points ... and 
these are dedicated/concentrated environments where the only traffic ... 
is traffic of interest (any extraneous/uninteresting stuff has already 
been filtered out).


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Trojan horse attack involving many major Israeli companies, executives

2005-06-01 Thread Amir Herzberg

J.A. Terranson wrote:


So, how long before someone, possibly even me, points out that all
Checkpoint software is built in Israel?


Nicely put, but I think not quite fair. From friends in financial and 
other companies in the states and otherwise, I hear that Trojans are 
very common there as well. In fact, based on my biased judgement and 
limited exposure, my impression is that security practice is much better 
in Israeli companies - both providers and users of IT - than in 
comparable companies in most countries. For example, in my `hall of 
shame` (link below) you'll find many US and multinational companies 
which don't protect their login pages properly with SSL (PayPal, Chase, 
MS, ...). I've found very few Israeli companies, and of the few I've 
found, two actually acted quickly to fix the problem - which is rare! 
Most ignored my warning, and few sent me coupons :-) [seriously]


Could it be that such problems are more often covered-up in other 
countries? Or maybe that the stronger awareness in Israel also implies 
more attackers? I think both conclusions are likely. I also think that 
this exposure will further increase awareness among Israeli IT managers 
and developers, and hence improve the security of their systems.

--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com

New: see my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Trojan horse attack involving many major Israeli companies, executives

2005-05-31 Thread Amir Herzberg
John, yes, I believe the Trojan ran on Windows. In fact, I just met my 
kids schoolmaster, and turns out she was also a victim of that person - 
already 3-4 years ago!!! Her daughter learned with his in the same 
school, and apparently he got mad at them and started abusing them in 
the most crazy ways - for instance, he intercepted family pictures sent 
to them, and _disfigured_the_pictures!! She went to the police but I 
guess was less lucky and they didn't find him, she changed computers, 
dial-up connection, etc. etc...


As you say - movie stuff. Amir

John Saylor wrote:

hi

( 05.05.30 15:34 +0200 ) Amir Herzberg:


See more info e.g. at http://www.haaretz.com/hasen/spages/581790.html



an excellent tale [still unfolding]- no doubt coming to a bookstore or
movie theatre near you real soon.

of course, it was never mentioned in the article, but they *had* to be
running windows.



--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com

New: see my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Trojan horse attack involving many major Israeli companies, executives

2005-05-31 Thread J.A. Terranson

 John Saylor wrote:
  hi
 
  ( 05.05.30 15:34 +0200 ) Amir Herzberg:
 
 See more info e.g. at http://www.haaretz.com/hasen/spages/581790.html
 
 
  an excellent tale [still unfolding]- no doubt coming to a bookstore or
  movie theatre near you real soon.
 
  of course, it was never mentioned in the article, but they *had* to be
  running windows.

So, how long before someone, possibly even me, points out that all
Checkpoint software is built in Israel?


-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF


Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty.

Joseph Pulitzer
1907 Speech

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]