Carl Ellison writes:
> The Bloomberg attack didn't require connection hijacking. All that attacker
> did was post a newsgroup message with a URL in it.
This is presumably a reference to the incident described in
http://news.cnet.com/news/0-1005-200-341267.html, where a PairGain
employee apparently created a fake web page which resembled that
of trusted financial news source Bloomberg, reporting an impending
acquisition of PairGain. He then posted to Yahoo discussion groups a
reference to his page's URL, using its IP address to disguise the actual
point of origin and claiming it to be a genuine Bloomberg news story.
The result was a 30% rise in PairGain's stock.
This kind of attack is one of the things that PKIs are intended to
address, but in this case no cryptography was used. Perhaps it would
make good fodder for your upcoming companion article, "Ten Risks of NOT
Using PKI".
> If you're depending on that little lock in the corner of the browser window
> to mean you're connected to the page you seem to be connected to, and the
> "seem to be" is derived only from the page contents, you're in trouble.
> That's more what we were talking about than connection hijacking -- although
> if you want to go to that trouble, feel free. :)
Okay, but in the context of the risk you identified with PKIs, that is
in fact what we are talking about: ways to get that little lock to appear
when it shouldn't. They aren't as easy as the Bloomberg attack.
> This shows up more clearly with e-mail. Here again, you don't have to
> hijack a connection if the attacker initiates the exchange (sends the first
> message) and the victim uses the "reply to" button in his mailer. [E.g.,
> the attacker asks for a copy of the victim's latest draft -- and the
> victim sends it.]
Again, isn't this a case where a PKI helps rather than harms security?
Getting a cert accepted with the identity of the person the victim
thinks he is responding to will be more difficult than simply sending
an unsigned message which claims to be from that person.
Many of the issues you raised in your article are legitimate (although
not necessarily specific to PKIs), but there seems to be a danger that
you will just end up sowing confusion and doubt. The result will be
that people will continue to use the old ways and fall into the traps
you have described here. It's fair to criticize PKIs with an eye towards
improving them, but your article seems more directed at questioning the
value of cryptography itself.
