Cross logins

2005-08-03 Thread James A. Donald 
--
Is it possible for two web sites to arrange for cross 
logins?

The goal is that if someone is logged into website 
https://A.com as user127, and then browses to 
https://B.com/A_com_registrants, he will be 
automatically logged in on b.com as [EMAIL PROTECTED]

Inventing a protocol off the spur of the moment, and the 
seat of my pants, which is a good way to get shot down 
in flames, the B.com web page would access a resource 
whose url is the on A.com web site, the url containing a 
representation of the browser's current B.com cookie. 
User127's browser would access that resource, sending 
the A.com cookie,  the A.com web site would then signal 
B.com that the browser with that B.com cookie is 
currently logged into A.com as user127

One obvious flaw in this scheme is that *automatic* 
login leaks information - users can be logged in without 
them knowing it.

So another solution is that the B.com login link is 
actually a link to the A.com web site, with a transient 
public key encoded in the url.   A.com looks at the 
referring url, and tells user " wants to 
identify you as an A.com subscriber.  Do you want to 
login to  as [EMAIL PROTECTED]"  If user says 
yes, then A.com sends his browser a redirect to B.com 
with an encrypted message in the URL to B.com saying 
"This guy is [EMAIL PROTECTED]".  To avoid replay attacks, 
public key should change every time - public key should 
change with the browser cookie used by B.com 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 kwlCI6Mq0EaMdsYIBsG4HSSU/4ClkoGzJaqI/la0
 4fWyITvZRCkgtoqZc3tjKLElzZH7CStTwrq8OxcvR



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[Clips] Escaping Password Purgatory

2005-08-03 Thread R.A. Hettinga 

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Wed, 3 Aug 2005 15:27:20 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] Escaping Password Purgatory
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 


 Forbes


 Computer Hardware Software
 Escaping Password Purgatory
 David M. Ewalt,  08.03.05, 3:00 PM ET

 There's a story in the biblical Book of Judges about two warring Semitic
 tribes, the Ephraimites and the Gileadites. In the wake of a great battle,
 the Gileadites set up a blockade to catch escaping enemies and asked anyone
 passing by to pronounce the word "shibboleth." The Ephraimites couldn't
 wrap their tongues around the password and were thus exposed, captured and
 put to the sword.

 As far as we know, nobody's ever been executed for typing the wrong
 password to their e-mail account. But it's likely there have been a few IT
 guys who've considered that option. Managing forgotten passwords is a huge
 problem for IT departments, often consuming massive amounts of worker time
 and company money. But software that gives users just a single sign on
 could save the day.

 Keeping track of passwords might not have been a big deal when you only had
 to remember one or two of them. But increasingly, users are saddled with so
 many shibboleths that they can't keep track. "I think I have passwords for
 over 47 different applications both internal and external that I access,
 and I've acquired those IDs and passwords over several years," says Wayne
 Grimes, manager of customer care operations for the U.S. Postal Service.

 Three years ago, the USPS was getting pounded by the password problem. "Our
 help desk was getting overwhelmed with password reset requests," says
 Grimes. The service has about 235,000 users who access more than 700
 internal applications, each of which requires a separate ID and password.
 That meant that some users were forced to keep track of dozens of different
 accounts. Strict security measures at the Postal Service required regular
 password changes and forced users to select nonobvious passwords, which are
 harder to remember.

 Before long, users were lost in a sea of their own passwords, and
 inevitably they'd lose track of them. Once that happened, they'd call the
 help desk, to the tune of 30,000 calls per month for password resets.

 That kind of call volume can weigh down any IT department, but the USPS had
 another problem to deal with. Since it outsources its help desk, each and
 every call to the service provider incurred a charge, and before long
 password-reset costs ballooned to millions of dollars. And all the while,
 user productivity suffered since people couldn't access applications until
 their passwords were reset.

 It's a problem across all industries. According to Forrester Research, up
 to 30% of all help-desk calls are password-reset requests.

 To cut down on those costs, the USPS created a self-service Web site and
 set up a phone line with voice-recognition software, either one of which
 lets users reset passwords on their own. But that didn't cut down on the
 number of passwords users had to keep track of, nor did it reduce the total
 number of reset requests.

 So the USPS deployed v-GO password-management software from Passlogix. The
 first time users log into the system, they give the v-GO software all of
 the individual log-ins they want managed. After that, they can forget
 them-all those different passwords are safely stored in an encrypted file
 on the user's computer. From then on, any time the user clicks on a Web
 site, program or database that requires its own user ID and password, the
 software issues the proper credentials, all in the background, without the
 user having to lift a finger or remember a word. It will even handle
 regularly scheduled password changes, automatically updating account
 details.

 That means users only need to remember one master password, which they're
 not likely to forget. "V-GO really helps the end user manage their IDs and
 passwords for all the different applications that they need access to,"
 says Grimes. "Personally, I don't know how I could live without it." After
 the changes were made, the number of password reset calls to the USPS help
 desk dropped from 30,000 per month to under 5,000.

 Critics of single-sign-on software-which is developed by companies ranging
 from startup Passlogix to giants like Sun Microsystems (nasdaq: SUNW - news
 - people ), Verisign (nasdaq: VRSN - news  - people ) and Computer
 Associates (nyse: CA - news  - people )-say that they're less secure. If
 anyone gets a hold of your master login, they can access countless other
 accounts. But if users only have one password to keep secret, they're
 likely to choose something much harder to hack (an obscure mix of letters
 and numbers, for example), a

[Clips] Apple adopts controversial security chip

2005-08-03 Thread R.A. Hettinga 

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Wed, 3 Aug 2005 12:21:15 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] Apple adopts controversial security chip
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 

 VNUNet


 Apple adopts controversial security chip

 Trusted Platform Module limits OS X to Macs, but could do more
  Tom Sanders in California, vnunet.com 03 Aug 2005

 Developer preview models of Apple's forthcoming Intel-powered
 computer contain a security chip that has come under fire for its ability
 to compromise the privacy of users.

 Apple recently started shipping Developer Transition Kits that help
 developers test and prepare software for the switch to the Intel-powered
 computers next year. The kit contains a version of OS X for Intel, and a
 Mac computer featuring an Intel processor.

 The computer features a security chip called the Trusted Platform Module
 (TPM), an open industry standard governed by the not-for-profit Trusted
 Computing Group which develops security standards.

 The chip's inclusion with the Apple hardware does not come as a complete
 surprise. It has been previously suggested that Apple could use the TPM to
 prevent computer users installing the OS X operating system on a non-Mac
 computer.

 "The TPM is going to be the barrier for moving the Mac software to any PC,"
 Martin Reynolds, a research fellow at analyst firm Gartner told vnunet.com.

 Each TPM chip contains an encrypted serial number that allows the operating
 system to verify whether it is running on Apple hardware.

 Hackers could in theory forge the serial number, according to Reynolds,
 fooling the software into believing that it is running on Mac hardware even
 when it is not.

 The security chips are currently included with some PCs for the enterprise
 market from IBM/Lenovo and HP. They use the TPM to security store passwords
 or encrypt data.

 The upcoming Windows Vista relies on the TPM for a technology dubbed Secure
 Startup, which blocks access to the computer if the content of the hard
 drive is compromised.

 This prevents a laptop thief from swapping out the hard drive, or booting
 the system from a floppy disk to circumvent security features.

 Reynolds suggested that in the future software developers could use the
 chip as an anti-piracy device. The vendor would link the TPM identification
 number to the software registration key.

 However, the TPM has also gained notoriety because it is seen as a way to
 invade user privacy. The identifying number built into the chip could be
 used to limit the fair use of digital media by enforcing digital rights
 management technologies, or to track users online.

 But Reynolds insisted that the fear of such scenarios is overstated, and
 that privacy-infringing schemes are uncovered sooner or later at great
 expense to the computer maker.

 "There are things that manufacturers could do with the TPM that are very
 much against the interests of the user. But, in practice, manufacturers
 have found that it is best not to do that," he said.

 Apple did not respond to questions about the TPM in time for this story's
 posting.

 --
 -
 R. A. Hettinga 
 The Internet Bearer Underwriting Corporation 
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [Clips] Online ID Thieves Exploit Lax ATM Security

2005-08-03 Thread Anne & Lynn Wheeler 
two-factor authentication nominal objective is to have different
vulnerabilities, i.e. PINs ("something you know") is nominally
countermeasure to lost/stolen cards ("something you have").

However, skimming exploits can copy both magstripe and pin for
producing a counterfeit magstripe card that can be used with stolen
PIN (common vulnerability) ... minor reference found with search
engine:
http://wiki.whatthehack.org/index.php/Time_to_Ditch_the_Magstripe

The phishing vulnerability can steal both account number and PIN for
producing counterfeit magstripe card for use with the stolen pin; again,
common vulnerability defeating objective of using two-factor authentication.

back in the dark ages there were attacks on magstripe credit cards that
used the algorithms for valid account numbers to generate counterfeit
magstripe credit cards. magstripes then acquired effectively a kind of
hash code as countermeasure to counterfeit mastripes with algorithm
generated account numbers. this turns out to also be a countermeasure
for counterfeit magstripe credit cards that have been created from
phished account number (however this isn't a countermeasure to skimmed
magstripe exploit that produces counterfeit magstripe with all the exact
information). description of magstripe (and descretionary data field)
format:
http://en.wikipedia.org/wiki/Magnetic_stripe_card

PINs have also been used as countermeasure to counterfeit magstripe
debit cards ... possibly based on assumption that counterfeit debit
magstripe from phishing exploits were similar threat to lost/stolen
card. However, this isn't a effective countermeasure when both the PIN
and the account number (magstripe) have a common vulnerability (phishing)

As an aside, a countermeasure for lost/stolen cards is also early
reporting (owner is aware of the missing card). However this is not
applicable to skimmed/phished information since the card owner might not
even be aware that it has happened (until after discovering fraudulent
transactions).

...

spate of recent articles on phishing and ATM/debit

Analysts Say ATM Systems Highly Vulnerable To Fraud
http://www.banktech.com/aml/showArticle.jhtml?articleID=167100238
Something Phishy's Going On
http://www.banktech.com/aml/showArticle.jhtml?articleID=167100396
Analysts Say ATM Systems Highly Vulnerable To Fraud
http://www.banktech.com/news/showArticle.jhtml?articleID=167100238
E-Fraud | Cybercrooks Target ATM And Debit Cards, Steal Billions
http://www.techweb.com/wire/security/167100202
Analysts Say ATM Systems Highly Vulnerable To Fraud
http://www.financetech.com/utils/www.banktech.com/story/enews/showArticle.jhtml?articleID=167100238
Phishers exploiting lax ATM security - Gartner
http://www.finextra.com/fullstory.asp?id=14058
Banks let phishers get away with $2.75bn
http://www.vnunet.com/vnunet/news/2140690/banks-let-phishers-away-75b
Banks let phishers get away with $2.75bn
http://www.pcw.co.uk/vnunet/news/2140690/banks-let-phishers-away-75b
Phishing attacks highlight banks' weaknesses
http://news.zdnet.co.uk/internet/security/0,39020375,39211852,00.htm
Phishers cash in on ATM cards
http://www.zdnetasia.com/news/security/0,39044215,39246973,00.htm
ATM Systems Highly Vulnerable
http://www.newsfactor.com/story.xhtml?story_id=00302F1U

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Standardization and renewability

2005-08-03 Thread Hagai Bar-El 

Dear Colleagues,

I am currently in the process of writing a short position paper about 
standardization of broadcast renewability schemes. Along with the 
usual challenges that need to be addressed when defining renewability 
methods (methods that allow a system to survive successful attacks, 
basically by changing itself throughout its lifecycle), I am trying 
to tackle what I consider to be the biggest problem of standardizing 
a renewability scheme, which is that evolving a standard is too slow 
and cumbersome of a process to be incorporated into another process 
that is all about prompt response. Simply put, if a broadcast 
mechanism is broken there is no time for the standardization 
committee to re-define it - too much content will be lost by the time 
the job is done.


Up till now I could come up with three approaches to solve this problem:

1. Limit renewability to keying.
2. Generalize the scheme (like the SPDC concept, or MPEG IPMP), more 
or less by making the standard part general, with non-standard "profiles".
3. Standardize sets of key management methods at once, so to have 
spares for immediate switching.


If any one of you has any other approach towards solving this issue I 
will be glad if he posts it on the list. Also, if any one of you 
would like to get a copy of this paper when it's done, please let me 
know by e-mailing me directly.


Regards,
Hagai.

---
Hagai Bar-El - Information Security Analyst
T/F: 972-8-9354152 Web: www.hbarel.com


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Last WWII Comanche "code talker" dies in Oklahoma

2005-08-03 Thread Daniel F. Fisher 

Andreas Hasenack> Wasn't that "navajo" instead?

I wondered about that myself. With some googling, I have found that
native american code talkers were used from a number of tribes (Navajo,
Comanche, Choctaw). Code talkers were also used in WW I. Here are some 
links:


http://www.comanchelanguage.org/code_talkers.htm
http://codetalkers.info/content/view/20/37/

-Dan




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Ostiary

2005-08-03 Thread Alexander Klimov 
On Tue, 2 Aug 2005, Udhay Shankar N wrote:

> Sounds interesting. Has anybody used this, and are there any comments?

For similar purpose I used to use .qmail based system: the script
started from .qmail when a message to some special address arrives,
the script checks the digital signature on the message, compare the
first line with stored counter (to avoid replay attacks) and executes
the needed command. The positive side of this technique is that it is
very simple (just few lines to code), does not need to open a port
(and so it is firewall-friendly, no need to talk with sysadmins, ...),
very unlikely to introduce security holes (qmail has quite good
records, and in my case the mail was needed anyway).

-- 
Regards,
ASK

P.S. If the moderator is troubled with spam let us agree on some
special word in subject so that he can automatically reject the
messages which do not have it.

[Moderator's note: blocking messages from non-subscribers has been
100% effective already. --Perry]
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]