Re: An attack on paypal --> secure UI for browsers

2003-06-16 Thread John Kelsey
At 04:29 PM 6/14/03 -0400, Sunder wrote:
...
If the day comes where MS Office DRM only works with MS Office DRM, how
many people will switch to it?  If your company is willing to switch to
it, then they'll give you a PC with it on it.  If they don't, then they
can't expect you to interact with them via such formats and can't require
you to do so.
So, have you ever tried doing substantial revisions on a large document 
that's going back and forth between two or more versions of Word?  It's in 
MS' interest to get everyone using the same version, so it's not really in 
their interest to spend great amounts of time debugging their version 
translation functions.  It shows.

If you need to coordinate working on a big Word document with several other 
people (e.g., clients or coworkers who are most comfortable with Word), you 
pretty-much will need to use not just Word, but the same version of 
Word.  That doesn't need any secure hardware to enforce, just buggy 
software.  You can sometimes work around this, but it's a pain to do.

You sound like someone's holding a gun to your head and requiring you to
have MS Office.
Well, let's distinguish between:

a.  The sort of network monopoly situation Microsoft is in, where the world 
has more-or-less settled on a bunch of their products, and so they can do a 
lot of irritating things before they actually lose their dominant market 
position.  (Note that this doesn't mean they are unassailable; Word Perfect 
and Lotus -123 were once in similarly dominant positions.)

b.  Eventual laws requiring that every new computer contain a secure 
processing unit to enforce the dictates of the government, the record 
companies, or whomever else on your computers.

I think a lot of the objection to TCPA is the worry that it will be 
mandated eventually, and that it will then be used to cement the network 
monopoly held by MS forever.  And Vinge's description of "ubiquitous 
governance" comes to mind here--whether it's MS or the US federal 
government or the UN or the Catholic Church, if someone can put themselves 
in control of all computer equipment you own in some secure way, they look 
a heck of a lot like the government.

Either way, you can ask them to export to other document formats which you
can read.  Even now Office will export to HTML for example which is
readable by Mozilla and other browsers.
Sure.  Or you can often translate their documents, or open them with 
OpenOffice.  I do this when I just need to read and comment on a Word 
document.  But if you are going to be revising and sending back the 
document a few times, this will not work--you will lose some formatting, 
you will probably introduce weird formatting bugs, you may mess up the file 
format, etc.  It's just not worth the pain.  Though I have a legitimate 
copy of Word on my machine, when given a choice, I always do everything in 
ASCII text until the very end, and then paste the text into Word and do 
formatting last.  But again, this isn't too helpful if it's a document I'm 
working on with someone else.
...
Either way, how much a revolt do you think there will be if Microsoft
decides to lock down their tools (such as word) to the point where they
can no longer export to HTML, plain text, RTF should the author wish
it to do so and provides whatever passphrases or ID's needed to unlock
the document and export it out?

Who would buy such a dog of a product?  Do you think businesses are so
stupid that they'd put up with a product that jails them in?  Get real
son, you're howling at the moon!
Mainframe customers used to put up with this kind of treatment routinely, 
so it's not impossible.  Whether it will fly these days is an interesting 
question, but I don't think the answer is obvious.  Someone might ask the 
same rhetorical question about whether customers would sit still for buggy, 
insecure software.  But nobody would ask that question these days, as the 
answer is so painfully obvious.
...

--John Kelsey, [EMAIL PROTECTED]
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259


Re: MS Format Flames Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Bill Stewart
> Oh get over it.  There are other formats.
You ever heard of XML?  HTML? RTF?
There are output formats and input formats.

It's easy to output data in formats other people can read -
if you want something prettier than ASCII,
HTML is usually fine, though there's not much support
for embedded pictures as opposed to separate files.
XML is a meta-format - you can't really guarantee that
anybody else's XML tool can read your XML tool's documents,
because they may not have all the same objects.
If you want to give them something quasi-immutable,
there's always PDF.  That lets you be rude _and_ proprietary :-)
Postscript is more flexible, but too many people don't have
tools to read it with.
Input formats are harder, because Microsoft keeps adding
backwards-incompatibility every time they upgrade Office,
just to force everybody else to upgrade.
OpenOffice can often help, but not always.
Microsoft does make free readers for Word and Powerpoint.
They're only intended for running on Windows,
but perhaps they work on WINE?


Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Jamie Lawrence
On Sat, 14 Jun 2003, Sunder wrote:

> Oh get over it.  There are other formats.  You ever heard of
> XML?  HTML? RTF?

Yes, as a matter of fact. RTF is an MS format, BTW. They do change it
sometimes, breaking various attempts at interoperability. They don't do
it much; it seems like something they forget to break much of the time.

> If the day comes where MS Office DRM only works with MS Office DRM, how
> many people will switch to it?  If your company is willing to switch to
> it, then they'll give you a PC with it on it.  If they don't, then they
> can't expect you to interact with them via such formats and can't require
> you to do so.
> 
> You sound like someone's holding a gun to your head and requiring you to
> have MS Office.

No, there's no gun to anyone's head. However, as part of negotiating my 
current contract (I'm a partner in a small software development
company), we recieved lots of MS Word/Excel docs. When you're
negotiating new business, saying "erm, I don't do windows. Can you give
me something else" is a bit of a show stopper. By comparison, if you're
selling someone a car, are you going to stop them mid-sale and ask that
they please haggle in Euros? (And in case you're curious, our project 
is entirely open source driven.)

> Microsoft is not the DMV.  You don't need to use their software.

For that matter, one can drive without a license.

I see your distinction, however it is very difficult to do business
without MS software. I'm typing this on a Linux-running laptop, which is
my primary user-level machine, and in order to do business, have to run
Crossover. (And I do own my MS Office license.) All of my proposals are
written in plain text and sometimes, done in Postgres when I need
spreadsheet-like behavior. They have to be rendered in Word format for
client consumption. (Open source spreadsheets still suck, in my
opinion.)

> And no, I will never be part of your problem because the documents I will
> create for non work use will be made with Open Office or will be plain
> text, html, or xml files.

That's a rather fine point to put on it. There isn't much difference
between work and non-work for me. Rather, there is, but nonwork choices
directly impact my work choices.

You seem to offload a lot of your choices onto your company.

> If I'm required to use a DRM'ed Office for work, then fine, my company
> owns those documents anyway and they can do whatever the fuck they like
> with them either way.   It doesn't matter to me at all -- it's their call,
> it's their company, it's their documents.

Just workin' for the man, eh?

> Either way, how much a revolt do you think there will be if Microsoft
> decides to lock down their tools (such as word) to the point where they
> can no longer export to HTML, plain text, RTF should the author wish 
> it to do so and provides whatever passphrases or ID's needed to unlock
> the document and export it out?

Honestly, this is supposition, entirely unsupported by anything other
than my intuition about how companies I've worked for in the past 
behave. Feel free to ignore. 

I think they'll lap it up. Along with expensive and annoying licensing
terms, companies get no-forward emails and expiring spreadsheets. Think
about what Enron would have done with that. Hell, I suspect MS
probably evaluated what they did wrong in the antitrust trial in order
to avoid similar outcomes in the future. There's a market there.
 
> Who would buy such a dog of a product?  Do you think businesses are so
> stupid that they'd put up with a product that jails them in?  Get real
> son, you're howling at the moon!

Um. Who owns the market in "desktop productivity software"?

> You want to make a difference?  Go ahead, wipe every bit of Microsoft
> wares off all your machines and burn the CD's you've installed them
> from.  Go all open source and show others the right way.  At least I'd
> have some respect for you for voting with your wallet and practicing what
> you preach.
> 
> Right now all you're doing is bitching that you're forced to buy and use
> Microsoft Office.  I say that's bullshit, and you know it.


I use MS software for interoperability testing (much like I use
Quickbooks, some Oracle wares, etc.), and for client communication.
Everything else in my company is open source. Everything we deploy is
open source, unless the client asks for something else. They typically
pay for that choice, not only because I'm frequently not familiar with
the software they choose, but also because it's a bitch to work with
(anyone else ever have to deal with Adobe Distiller under unix?)

It isn't bullshit that to operate as a business entity, one needs MS
software. I can certainly dick around with my personal website and write
my memoirs without it, and 98% of what I do for a living is MS free,
getting business without it (read aloud as "public interfaces")
is nearly impossible. Perhaps you can ignore that, becuase you're just
working for the man, and it isn't your fault that y

Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Adam Shostack
A charming naivete.

*Plonk*


On Sat, Jun 14, 2003 at 04:29:23PM -0400, Sunder wrote:
| Oh get over it.  There are other formats.  You ever heard of
| XML?  HTML? RTF?
| 
| If the day comes where MS Office DRM only works with MS Office DRM, how
| many people will switch to it?  If your company is willing to switch to
| it, then they'll give you a PC with it on it.  If they don't, then they
| can't expect you to interact with them via such formats and can't require
| you to do so.
|
| You sound like someone's holding a gun to your head and requiring you to
| have MS Office.
| 
| Either way, you can ask them to export to other document formats which you
| can read.  Even now Office will export to HTML for example which is
| readable by Mozilla and other browsers.
| 
| Microsoft is not the DMV.  You don't need to use their software.
| 
| And no, I will never be part of your problem because the documents I will
| create for non work use will be made with Open Office or will be plain
| text, html, or xml files.
| 
| If I'm required to use a DRM'ed Office for work, then fine, my company
| owns those documents anyway and they can do whatever the fuck they like
| with them either way.   It doesn't matter to me at all -- it's their call,
| it's their company, it's their documents.
| 
| But, for personal use, I won't buy any upgrades or new Microsoft
| software.  End of story.
| 
| Either way, how much a revolt do you think there will be if Microsoft
| decides to lock down their tools (such as word) to the point where they
| can no longer export to HTML, plain text, RTF should the author wish 
| it to do so and provides whatever passphrases or ID's needed to unlock
| the document and export it out?
| 
| Who would buy such a dog of a product?  Do you think businesses are so
| stupid that they'd put up with a product that jails them in?  Get real
| son, you're howling at the moon!
| 
| On one hand you're bitching that you have to use Microsoft software on the
| other you're complaining that I'm using it while I'm telling you I don't
| want to and don't care to and won't upgrade to it.
| 
| You want to make a difference?  Go ahead, wipe every bit of Microsoft
| wares off all your machines and burn the CD's you've installed them
| from.  Go all open source and show others the right way.  At least I'd
| have some respect for you for voting with your wallet and practicing what
| you preach.
| 
| Right now all you're doing is bitching that you're forced to buy and use
| Microsoft Office.  I say that's bullshit, and you know it.
| 
| 
| --Kaos-Keraunos-Kybernetos---
|  + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
|   \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
| <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
|   /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
|  + v + :   The look on Sadam's face - priceless!   
| [EMAIL PROTECTED] http://www.sunder.net 
| 
| On Sat, 14 Jun 2003, Adam Shostack wrote:
| 
| > Sure.  And I'm glad you work with a small group of people who
| > understand that you don't read their documents.  After many years of
| > refusal, I finally gave up.  I work with lots of customers who expect
| > documents in MS formats, and look at you askance for giving them
| > anything else.  You only get so many explanations before customers go
| > elsewhere, and I chose not to spend them on this.  Similarly, I could
| > choose to speak to everyone I meet in, say, Russian.  And some folks
| > would understand.  Others would walk away.  So, you can argue that
| > you're effectively required to speak English to do business in North
| > America.  I would argue that you're similarly required to use MS
| > Office.
| > 
| > 
| > You'll be part of the problem when Nogsuccob is apon us, because the
| > documents you create won't be readable in OpenOffice, and Crossover
| > won't run.
| >
| > 
| > Office Nogsuccob will only interoperate with itself.  Companies will end
| > up deploying it to interact with other versions, not for any real
| > feature.
| > 
| > You don't like the word force, I suggest quitting all use of .DOC,
| > .PPT, and .XLS formats.  Please educate the world on how much better
| > the alternatives are.  Me, I'll pay my $200 to not bother today, and
| > regret it tomorrow.
| > 
| > And by the way, do you have a driver's license, or other state-issued
| > ID card?
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume



Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Sunder
Oh get over it.  There are other formats.  You ever heard of
XML?  HTML? RTF?

If the day comes where MS Office DRM only works with MS Office DRM, how
many people will switch to it?  If your company is willing to switch to
it, then they'll give you a PC with it on it.  If they don't, then they
can't expect you to interact with them via such formats and can't require
you to do so.

You sound like someone's holding a gun to your head and requiring you to
have MS Office.

Either way, you can ask them to export to other document formats which you
can read.  Even now Office will export to HTML for example which is
readable by Mozilla and other browsers.

Microsoft is not the DMV.  You don't need to use their software.

And no, I will never be part of your problem because the documents I will
create for non work use will be made with Open Office or will be plain
text, html, or xml files.

If I'm required to use a DRM'ed Office for work, then fine, my company
owns those documents anyway and they can do whatever the fuck they like
with them either way.   It doesn't matter to me at all -- it's their call,
it's their company, it's their documents.

But, for personal use, I won't buy any upgrades or new Microsoft
software.  End of story.

Either way, how much a revolt do you think there will be if Microsoft
decides to lock down their tools (such as word) to the point where they
can no longer export to HTML, plain text, RTF should the author wish 
it to do so and provides whatever passphrases or ID's needed to unlock
the document and export it out?

Who would buy such a dog of a product?  Do you think businesses are so
stupid that they'd put up with a product that jails them in?  Get real
son, you're howling at the moon!

On one hand you're bitching that you have to use Microsoft software on the
other you're complaining that I'm using it while I'm telling you I don't
want to and don't care to and won't upgrade to it.

You want to make a difference?  Go ahead, wipe every bit of Microsoft
wares off all your machines and burn the CD's you've installed them
from.  Go all open source and show others the right way.  At least I'd
have some respect for you for voting with your wallet and practicing what
you preach.

Right now all you're doing is bitching that you're forced to buy and use
Microsoft Office.  I say that's bullshit, and you know it.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Adam Shostack wrote:

> Sure.  And I'm glad you work with a small group of people who
> understand that you don't read their documents.  After many years of
> refusal, I finally gave up.  I work with lots of customers who expect
> documents in MS formats, and look at you askance for giving them
> anything else.  You only get so many explanations before customers go
> elsewhere, and I chose not to spend them on this.  Similarly, I could
> choose to speak to everyone I meet in, say, Russian.  And some folks
> would understand.  Others would walk away.  So, you can argue that
> you're effectively required to speak English to do business in North
> America.  I would argue that you're similarly required to use MS
> Office.
> 
> 
> You'll be part of the problem when Nogsuccob is apon us, because the
> documents you create won't be readable in OpenOffice, and Crossover
> won't run.
>
> 
> Office Nogsuccob will only interoperate with itself.  Companies will end
> up deploying it to interact with other versions, not for any real
> feature.
> 
> You don't like the word force, I suggest quitting all use of .DOC,
> .PPT, and .XLS formats.  Please educate the world on how much better
> the alternatives are.  Me, I'll pay my $200 to not bother today, and
> regret it tomorrow.
> 
> And by the way, do you have a driver's license, or other state-issued
> ID card?



Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Adam Shostack
On Sat, Jun 14, 2003 at 03:30:47PM -0400, Sunder wrote:
| Um, how's that agin?  How does Ballmer and Gates force you, Adam Shostack
| to run Microsoft Office?  Did they put a gun to your head?  Did they
| manage to twist Congress's arms to put a gun to your head?
| 
| Compatibility you say?  Well, that's your choice.  You can decide if it's
| important enough to you and act accordingly.  I personally think MSFT is
| evil, and provides nothing but mediocre software.  So I vote with my
| wallet by not paying them for their junk and I won't buy upgrades of their
| software if the previous versions do what I needed, and install Linux and
| OpenBSD on new machines.

Sure.  And I'm glad you work with a small group of people who
understand that you don't read their documents.  After many years of
refusal, I finally gave up.  I work with lots of customers who expect
documents in MS formats, and look at you askance for giving them
anything else.  You only get so many explanations before customers go
elsewhere, and I chose not to spend them on this.  Similarly, I could
choose to speak to everyone I meet in, say, Russian.  And some folks
would understand.  Others would walk away.  So, you can argue that
you're effectively required to speak English to do business in North
America.  I would argue that you're similarly required to use MS
Office.

| Yes, my work machine runs win2k, but I didn't pay for it, and I didn't
| have much choice in it - actually I could either quit and find a new job
| (really lots of fun in this economy) or reinstall Linux over it and live
| with Open Office and other open tools or have paid for Crossover office
| out of my pocket, etc.  Wasn't worth the trouble and we already have a
| site license for win2k + office 2k, so that's the path I went.   Not my
| money, the company's money.  They chose to pay the Redmond Beast, so what
| do I care?

You'll be part of the problem when Nogsuccob is apon us, because the
documents you create won't be readable in OpenOffice, and Crossover
won't run.

| So why do you feel it's required of you to either pay Microsoft for, or
| pirate Office XP and Server 2003 and TCPA enabled junkware?  What's so
| important that you can't live without them.

Office Nogsuccob will only interoperate with itself.  Companies will end
up deploying it to interact with other versions, not for any real
feature.

You don't like the word force, I suggest quitting all use of .DOC,
.PPT, and .XLS formats.  Please educate the world on how much better
the alternatives are.  Me, I'll pay my $200 to not bother today, and
regret it tomorrow.

And by the way, do you have a driver's license, or other state-issued
ID card?

Adam


| On Sat, 14 Jun 2003, Adam Shostack wrote:
| 
| > Well, sure.  And no one forces me to run Microsoft office, either,
| > except Microsoft's monoploy.  And when the document format can phone
| > home to prevent piracy or openoffice from running, no one will be
| > 'obligating' me to pay monopoly rents to Microsoft.
| 
| 
|  
| > In the same way, no one forces me to have a drivers license.  But its
| > damned hard living life without one.
| > 
| 
| 
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume



Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Sunder
Um, how's that agin?  How does Ballmer and Gates force you, Adam Shostack
to run Microsoft Office?  Did they put a gun to your head?  Did they
manage to twist Congress's arms to put a gun to your head?

Compatibility you say?  Well, that's your choice.  You can decide if it's
important enough to you and act accordingly.  I personally think MSFT is
evil, and provides nothing but mediocre software.  So I vote with my
wallet by not paying them for their junk and I won't buy upgrades of their
software if the previous versions do what I needed, and install Linux and
OpenBSD on new machines.

Yes, some of the older shittier machines I have run Windows, but that's
because I'm either too lazy to track down drivers for Linux or want them
to continue running what they run.  Doesn't mean I have to go to XP or
2003.

Yes, my work machine runs win2k, but I didn't pay for it, and I didn't
have much choice in it - actually I could either quit and find a new job
(really lots of fun in this economy) or reinstall Linux over it and live
with Open Office and other open tools or have paid for Crossover office
out of my pocket, etc.  Wasn't worth the trouble and we already have a
site license for win2k + office 2k, so that's the path I went.   Not my
money, the company's money.  They chose to pay the Redmond Beast, so what
do I care?

But for home use, I have no real use for much more than OpenOffice and
Linux.  There's no need for me to pirate garbage from Microsoft.  I can
live without it.  

These are some old pentium1- 100Mhz notebook machines I have that came
with Windows 95 and 98 - turd OS's really, but they serve a purpose - mp3
players and light web surfing in my living room and other places for
example.  And before you ask, no, I didn't pirate the mp3's.  They're all
ripped from CD's that I owned, and I still have the CD's as proof of
ownership.  Yes, I could go to linux on them, but why bother wasting half
a day tracking down drivers and tuning kernels for them when they're
already built and working the way I want them to?


So why do you feel it's required of you to either pay Microsoft for, or
pirate Office XP and Server 2003 and TCPA enabled junkware?  What's so
important that you can't live without them.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Sat, 14 Jun 2003, Adam Shostack wrote:

> Well, sure.  And no one forces me to run Microsoft office, either,
> except Microsoft's monoploy.  And when the document format can phone
> home to prevent piracy or openoffice from running, no one will be
> 'obligating' me to pay monopoly rents to Microsoft.


 
> In the same way, no one forces me to have a drivers license.  But its
> damned hard living life without one.
> 




Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread David Wagner
Adam Lydick  wrote:
>The faq (see attached) claims that "anyone can write a nexus" and that
>"users control which nexus(s) run".
>
>I certainly didn't see anything that suggests that anyone can force you
>to run arbitrary code, regardless of who has signed it.

"Force", maybe not.  No one can "force" me to turn my machine on,
for instance.  But take a look at one line you quoted from the FAQ:

"Only one nexus at a time will be able to run on a machine."

That looks to me like an important sentence.



Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread Adam Shostack
On Sat, Jun 14, 2003 at 11:20:16AM -, a Microsoft employee wrote:
| Adam Shostack writes:
| 
| > Actually, most of the features of Nogsuccob are features that I 
| > want, like integrity protected, authenticated boot.  The problem, 
| > bundled with those features, is the ability of the system to attest to 
| > its secure boot.  This can be fixed by not letting the host know if 
| > you've exported its host key or not, which makes it possible to run a 
| > virtualized, trusted copy in your emulation environment. 
| 
| Nothing forces you to tell anyone else that you booted securely.  At most
| someone may offer to give you something in exchange for such a proof,
| but you're not obligated to take them up on it.

Well, sure.  And no one forces me to run Microsoft office, either,
except Microsoft's monoploy.  And when the document format can phone
home to prevent piracy or openoffice from running, no one will be
'obligating' me to pay monopoly rents to Microsoft.

In the same way, no one forces me to have a drivers license.  But its
damned hard living life without one.

| It's not clear what you're getting at about exporting the host key.
| These systems (TCs) are generally designed to make that difficult or
| impossible to accomplish.  The security of the whole system is built on
| that assumption.  If you actually did manage to pull out the host key
| then you could make it attest to any falsehood you wanted, although you
| might get caught eventually.

The security of the system to make attestations is built on that
assumption.  However, there are other values that a TBC can offer,
like secure key storage or trusted boot of a known OS image, that I
might like.

My ability to attest to any falsehood is limited by the statements the
key is expected to sign.  How broad are those?  I thought they were
quite limited.


| Trusted Computing lets people convincingly tell the truth about what
| software they are running.  This is seen as a horrific threat in certain
| circles.  It's easy to see why liars wouldn't like it.  What does an
| honest man have to lose?

Interoperability.
Fair use.
Market Choice.
Archives.
Control over their own computers.
Ability to decide when to patch.
The ability to run purchased software..
... privately.
... when there are bugs in the license code.
... when the license server or the network is unavailable.

That's off the top of my head.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume



Re: An attack on paypal --> secure UI for browsers

2003-06-14 Thread lcs Mixmaster Remailer
Adam Shostack writes:

> Actually, most of the features of Nogsuccob are features that I 
> want, like integrity protected, authenticated boot.  The problem, 
> bundled with those features, is the ability of the system to attest to 
> its secure boot.  This can be fixed by not letting the host know if 
> you've exported its host key or not, which makes it possible to run a 
> virtualized, trusted copy in your emulation environment. 

Nothing forces you to tell anyone else that you booted securely.  At most
someone may offer to give you something in exchange for such a proof,
but you're not obligated to take them up on it.

It's not clear what you're getting at about exporting the host key.
These systems (TCs) are generally designed to make that difficult or
impossible to accomplish.  The security of the whole system is built on
that assumption.  If you actually did manage to pull out the host key
then you could make it attest to any falsehood you wanted, although you
might get caught eventually.

Trusted Computing lets people convincingly tell the truth about what
software they are running.  This is seen as a horrific threat in certain
circles.  It's easy to see why liars wouldn't like it.  What does an
honest man have to lose?



Re: An attack on paypal --> secure UI for browsers

2003-06-13 Thread Adam Lydick
The faq (see attached) claims that "anyone can write a nexus" and that
"users control which nexus(s) run".

I certainly didn't see anything that suggests that anyone can force you
to run arbitrary code, regardless of who has signed it. I also find it
absurd to worry about what code Microsoft is running on your system. If
you are running their operating system, you are already running
arbitrary code from them. If you install a security or functional patch,
you are running arbitrary code from them. How would this be different?

My only real concern is that once this becomes widespread, having the
correct "nexus" + DRM software installed will be the only way to get
play digital media. I have a feeling I won't be playing any of that
content from the MythTv box in my living room...

AdamL

--

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp

Q: What is the "nexus" component of NGSCB?

A:  The nexus is a new Windows OS component that will be introduced as
part of NGSCB. The nexus, what we used to refer to as a "nub" or
"trusted operating root," is essentially the kernel of an isolated
software stack that runs alongside the existing software stack. The
nexus provides a limited set of APIs and services for applications,
including sealed storage and attestation functions. Think of nexus-aware
applications as residing in the user mode space of the parallel
execution environment and the nexus as residing in the kernel mode
space.

Anyone can write a nexus for use with nexus-aware systems. The user
always has the ultimate authority over what nexuses are allowed to run.
Only one nexus at a time will be able to run on a machine.

Q: What is the privacy model associated with NGSCB?

A: The user is always in control of whether or not nexus-aware
technology is enabled on his or her PC and what nexuses have access to
specific functions. The technology being developed as part of NGSCB
provides a fine-grained access control model that allows users to
specify (by hash) whether an individual nexus has the right to invoke a
specific security operation. In addition, SSC functions that reveal
potentially machine-identifying information, such as the RSA public key,
can only be performed once per SSC reset (and the SSC cannot be reset
from software; you have to power-cycle the PC). 

-- 
Adam Lydick <[EMAIL PROTECTED]>



Re: An attack on paypal

2003-06-13 Thread Sunder
The problem with these stop crackers and hackers by law is that it allows
software developers to get away with leaving huge gaping security holes
unfixed.  Anecodatal evidence: The classic well known Robin Hood and Friar
Tuck "hack".

These days, the bug wouldn't get fixed and the guys reporting it would
wind up in jail because they "convinced" the OS authors to fix the
bug.  IMHO, not the right way to go at all.

from http://ftp.arl.mil/ftp/unix-wizards/V16%23017
scroll down a bit more than half way down the page (also available from 
most other GNU sources)

 Back in the mid-1970s, several of the system support staff at
 Motorola discovered a relatively simple way to crack system
 security on the Xerox CP-V timesharing system.  Through a simple
 programming strategy, it was possible for a user program to trick
 the system into running a portion of the program in `master mode'
 (supervisor state), in which memory protection does not apply.  The
 program could then poke a large value into its `privilege level'
 byte (normally write-protected) and could then proceed to bypass
 all levels of security within the file-management system, patch the
 system monitor, and do numerous other interesting things.  In
 short, the barn door was wide open.

 Motorola quite properly reported this problem to Xerox via an
 official `level 1 SIDR' (a bug report with an intended urgency of
 `needs to be fixed yesterday').  Because the text of each SIDR was
 entered into a database that could be viewed by quite a number of
 people, Motorola followed the approved procedure: they simply
 reported the problem as `Security SIDR', and attached all of the
 necessary documentation, ways-to-reproduce, etc.

 The CP-V people at Xerox sat on their thumbs; they either didn't
 realize the severity of the problem, or didn't assign the necessary
 operating-system-staff resources to develop and distribute an
 official patch.

 Months passed.  The Motorola guys pestered their Xerox
 field-support rep, to no avail.  Finally they decided to take
 direct action, to demonstrate to Xerox management just how easily
 the system could be cracked and just how thoroughly the security
 safeguards could be subverted.

 They dug around in the operating-system listings and devised a
 thoroughly devilish set of patches.  These patches were then
 incorporated into a pair of programs called `Robin Hood' and `Friar
 Tuck'.  Robin Hood and Friar Tuck were designed to run as `ghost
 jobs' (daemons, in UNIX terminology); they would use the existing
 loophole to subvert system security, install the necessary patches,
 and then keep an eye on one another's statuses in order to keep the
 system operator (in effect, the superuser) from aborting them.

 One fine day, the system operator on the main CP-V software
 development system in El Segundo was surprised by a number of
 unusual phenomena.  These included the following:

* Tape drives would rewind and dismount their tapes in the
  middle of a job.
* Disk drives would seek back and forth so rapidly that they
  would attempt to walk across the floor (see {walking drives}).
* The card-punch output device would occasionally start up of
  itself and punch a {lace card}.  These would usually jam in
  the punch.
* The console would print snide and insulting messages from
  Robin Hood to Friar Tuck, or vice versa.
* The Xerox card reader had two output stackers; it could be
  instructed to stack into A, stack into B, or stack into A
  (unless a card was unreadable, in which case the bad card was
  placed into stacker B).  One of the patches installed by the
  ghosts added some code to the card-reader driver... after
  reading a card, it would flip over to the opposite stacker.
  As a result, card decks would divide themselves in half when
  they were read, leaving the operator to recollate them
  manually.

 Naturally, the operator called in the operating-system developers.
 They found the bandit ghost jobs running, and X'ed them... and were
 once again surprised.  When Robin Hood was X'ed, the following
 sequence of events took place:

  !X id1

  id1: Friar Tuck... I am under attack!  Pray save me!
  id1: Off (aborted)

  id2: Fear not, friend Robin!  I shall rout the Sheriff
   of Nottingham's men!

  id1: Thank you, my good fellow!

 Each ghost-job would detect the fact that the other had been
 killed, and would start a new copy of the recently slain program
 within a few milliseconds.  The only way to kill both ghosts was to
 kill them simultaneously (very difficult) or to deliberately crash
 the system.

 Finally, the system programmers

Re: An attack on paypal --> secure UI for browsers

2003-06-13 Thread Adam Shostack
On Fri, Jun 13, 2003 at 11:04:42PM +0200, Thomas Shaddack wrote:
| > The problem (among others) is that this allows a virus to steal the
| > client cert.  If it is protected by a password, the malware must hang
| > around long enough for the user to unlock the cert (perhaps because the
| > malware sent a spoofed email calling for the user to visit the site,
| > even the real site!).  It can then read the user's keystrokes and acquire
| > the password.  Now it has the cert and password and can impersonate the
| > user at will.
| >
| > The solution to this is Palladium (NGSCB).
| 
| BAH! *shudders*
| 
| All we need for this is an external cryptographic token - a smartcard with
| a keypad, an USB device, a Bluetooth-enabled thingy. You plug it into the
| machine, the server you connect to sends its certificate name and
| challenge to the browser, which passes it unchanged to your token. The
...
| get as low as few dollars, can easily interface with just about any OS
| including PDAs, and doesn't require The Megacorp Whose Name Shouldn't Be
| Spoken to take over your machine.

Actually, most of the features of Nogsuccob are features that I
want, like integrity protected, authenticated boot.  The problem,
bundled with those features, is the ability of the system to attest to
its secure boot.  This can be fixed by not letting the host know if
you've exported its host key or not, which makes it possible to run a
virtualized, trusted copy in your emulation environment.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume



Re: An attack on paypal --> secure UI for browsers

2003-06-13 Thread Thomas Shaddack
> The problem (among others) is that this allows a virus to steal the
> client cert.  If it is protected by a password, the malware must hang
> around long enough for the user to unlock the cert (perhaps because the
> malware sent a spoofed email calling for the user to visit the site,
> even the real site!).  It can then read the user's keystrokes and acquire
> the password.  Now it has the cert and password and can impersonate the
> user at will.
>
> The solution to this is Palladium (NGSCB).

BAH! *shudders*

All we need for this is an external cryptographic token - a smartcard with
a keypad, an USB device, a Bluetooth-enabled thingy. You plug it into the
machine, the server you connect to sends its certificate name and
challenge to the browser, which passes it unchanged to your token. The
token asks you for a PIN, and calculates a response. The browser then
transparently relays the response back. There is nothing in the unit
that's accessible from the computer, and because of a physically different
keypad nothing can be sniffed from the computer. The cost of the unit can
get as low as few dollars, can easily interface with just about any OS
including PDAs, and doesn't require The Megacorp Whose Name Shouldn't Be
Spoken to take over your machine.



Re: An attack on paypal

2003-06-13 Thread Major Variola (ret)
At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
>At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>>somebody (else) commented (in the thread) that anybody that currently
>>(still) writes code resulting in buffer overflow exploit maybe should
be
>>thrown in jail.

Not a very friendly bug-submission mechanism :-)

>IMHO, the problem is that the C language is just too error prone to be
used
>for most software.  In "Thirty Years Later:  Lessons from the Multics
>Security Evaluation",  Paul A. Karger and Roger R. Schell
> credit the use of PL/I
for
>the lack of buffer overruns in Multics.  However, in the
Unix/Linux/PC/Mac
>world, a successor language has not yet appeared.

What about Java?  Apart from implementation bugs, its secure by design.

---
"and then you go to jail" is a bad error-handler for a protocol.



Re: An attack on paypal --> secure UI for browsers

2003-06-13 Thread Mike Rosing
On Fri, 13 Jun 2003, Nomen Nescio wrote:

> Apparently you neglected to read
> http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where
> Microsoft says (as they have repeated many times) "Customers and partners
> need reliable ways to ensure the quality of technology that addresses
> the critical needs met by NGSCB. That's why Microsoft will make available
> for public review the source code of the core piece of enabling software
> in NGSCB, called the 'nexus,' so it can be evaluated and validated by
> third parties for both security and privacy considerations."

So why isn't it open for review *before* it's finalized?  Might it
give too many people an idea of what's really wrong with it?

> Therefore some educated person (obviously not you, at least not yet)
> will in fact be able to perform their own examination of the trusted part
> of the OS, since it will have its source code published for exactly this
> sort of review.

Let's see it now.  Not after it's finisihed.

> Microsoft's legacy software is all extremely complex.  Palladium is
> taking a different approach, aiming at simplicity and transparency.

I want the drugs you are on dude.  You have a very rosy picture, and
it seems all your inputs have been hijacked by supreme chemicals!

> The Nexus, which is the micro-kernel for the trusted components (NCAs),
> will be published for review.  Its tasks are relatively few and well
> defined, nothing like the massive Windows OS.  That is what Microsoft has
> gained by architecting Palladium as they did, with the new "trusted"
> CPU mode, which allows side-by-side operating systems to run.  On the
> left hand side (LHS) we find the legacy Windows OS and applications.
> On the right hand side (RHS) we find the Nexus acting as the OS, and
> the NCAs acting as the applications.

And in the mean time the user can't control their own computer.

> The brilliance of Palladium is that the LHS can't touch the RHS,
> because of hardware protection.  At one stroke, the new trusted mode is
> insulated from bugs in the Windows OS, device drivers and applications.
> It in effect allows the designers to start with a clean piece of paper
> and produce a simple micro-kernel (the Nexus) whose only job is to
> service the NCAs.  This is a manageable task and, in conjunction with
> public review, there is good reason to hope and expect that the Nexus
> will be secure.  If so then NCAs will indeed run in a mode where they
> are protected from other software components (including other NCAs).

Very nice drug induced rant.  Too bad reality doesn't work that way.
Who owns the hardware?  The user or the RIAA?  True hardware protection
means the user is protected from Microsoft, not the other way around.

> Your comments above make it clear that you are not at all acquainted
> with the material in those documents.  If you're going to pretend to
> be a security expert (remember when you advocated ECB mode for the XML
> encryption effort?!!), you could do worse than spending a few hours
> studying these documents closely.  It's very likely that NGSCB will
> be a central technology for security in the next two to ten years or
> even longer.  This is undoubtedly an area where security consulting
> could be lucrative.  Sadly, even "experts" of your caliber can probably
> be very successful in this area.  But you'll have to do your homework.

Palladium changed to NGSCB and will morph to something else and something
after that.  It won't ever fly because the user can't control their own
machine.

Trust is a two way street.  Until Microsoft learns to trust their
customers, nobody will trust Microsoft.  What we do in person we can do
on a computer.  We can con each other in person, so we'll be able to con
each other with computers.  That's how reality works, and no hardware
or laws is going to change that.

Instead of trying to wave a magic wand while everyone is on lsd, it'd
be better if Microsoft and the RIAA came out with their own hardware
for the specific purpose of DRM sales.  Everyone would know who owns
the hardware because they'd just rent it instead of buying it.  IBM
is already on the right track for this.  Microsoft has yet to get it.

Patience, persistence, truth,
Dr. mike




Re: An attack on paypal --> secure UI for browsers

2003-06-12 Thread Nomen Nescio
Joe Ashwood writes:
> From: "Anonymous"  
> > You clearly know virtually nothing about Palladium. 

> I still stand by, "Arbitrarily trusting anyone to write a secure program 
> simply doesn't work" regardless of how many times MS says "trust us" any 
> substantially educated person should as well be prepared to either trust a 
> preponderance of evidence, or perform their own examination, neither of 
> these options is available.

Apparently you neglected to read
http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where
Microsoft says (as they have repeated many times) "Customers and partners
need reliable ways to ensure the quality of technology that addresses
the critical needs met by NGSCB. That's why Microsoft will make available
for public review the source code of the core piece of enabling software
in NGSCB, called the 'nexus,' so it can be evaluated and validated by
third parties for both security and privacy considerations."

Therefore some educated person (obviously not you, at least not yet)
will in fact be able to perform their own examination of the trusted part
of the OS, since it will have its source code published for exactly this
sort of review.


> The information available does not cover the 
> technical information, in fact their "Technical FAQ" about it actually has 
> the following: 
>
> "Q: Does this technology require an online connection to be used? 
>
> A: No. " 
>
> That is just so enlightening, and is about as far from a useful answer 
> as possible. 

Very few of the Technical FAQ answers are so brief.  In this case, it is
a stupid question and deserves a trivial answer.  The only reason it is
in there is because of the lies spread by Lucky Green and Ross Anderson,
all about how Palladium will connect to a central server and refuse to
let you work with your own documents, or delete files that Microsoft or
the U.S. Government don't like.


> > NCAs do not have 
> > "complete access to private information".  Quite the opposite.  Rather, 
> > NCAs have the power to protect private information such that no other 
> > software on the machine can access it.  They do so by using the Palladium 
> > software and hardware to encrypt the private data.  The encryption is 
> > done in such a way that it is "sealed" to the particular NCA, and no other 
> > software is allowed to use the Palladium crypto hardware to decrypt it. 
>
> This applies only under the condition that the software in Palladium is 
> perfectly secure. Again I point to the issues with ActiveX, where a wide 
> variety of hoels have been found, I point to the newest MS operating system 
> which has it even been out a month yet? and already has a security patch 
> available, in spite of their "secure by default" process. Again I don't 
> believe this is because MS is inherently bad, it is because writing secure 
> programs is extremely difficult, MS just has the most feature bloat so they 
> have the most problems.

Microsoft's legacy software is all extremely complex.  Palladium is
taking a different approach, aiming at simplicity and transparency.
The Nexus, which is the micro-kernel for the trusted components (NCAs),
will be published for review.  Its tasks are relatively few and well
defined, nothing like the massive Windows OS.  That is what Microsoft has
gained by architecting Palladium as they did, with the new "trusted"
CPU mode, which allows side-by-side operating systems to run.  On the
left hand side (LHS) we find the legacy Windows OS and applications.
On the right hand side (RHS) we find the Nexus acting as the OS, and
the NCAs acting as the applications.

The brilliance of Palladium is that the LHS can't touch the RHS,
because of hardware protection.  At one stroke, the new trusted mode is
insulated from bugs in the Windows OS, device drivers and applications.
It in effect allows the designers to start with a clean piece of paper
and produce a simple micro-kernel (the Nexus) whose only job is to
service the NCAs.  This is a manageable task and, in conjunction with
public review, there is good reason to hope and expect that the Nexus
will be secure.  If so then NCAs will indeed run in a mode where they
are protected from other software components (including other NCAs).


> If the Palladium software is actually secure 
> (unlikely), then there is the issue of how the (foolishly trusted) NCAs are 
> determined to be the same, this is an easy problem to solve if no one ever 
> added features, but a hard one to solve where the program evolves, once MS 
> shows the solution for this, I will point to the same information and show 
> you a security hole. 

Read the documents!  Actually you claim you already read them, but
obviously you are lying or you would know that this question has been
answered.  I wrote a long posting about this last month explaining how
it worked.  The mechanism is called a Manifest and is described in section
9 of http://www.microsoft.com/resources/ngscb/documents/ngscb_tcb.doc

Re: Re: An attack on paypal --> secure UI for browsers

2003-06-12 Thread Joseph Ashwood
- Original Message - 
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers


> You clearly know virtually nothing about Palladium.

Actually, properly designed Palladium would be little more than a smart card
welded to the motherboard. As currently designed it is a complete second
system that is allowed to take over the main processor. It has a few aspects
of what it should be, but not many. It does include the various aspects of
the smart card, but it also makes room for those aspects to take over the
main system, properly designed this would not be an option, of course
properly designed it could also be a permanently attached $1 smart card that
internally hangs off the USB controller instead of a mammoth undertaking.

I still stand by, "Arbitrarily trusting anyone to write a secure program
simply doesn't work" regardless of how many times MS says "trust us" any
substantially educated person should as well be prepared to either trust a
preponderance of evidence, or perform their own examination, neither of
these options is available. The information available does not cover the
technical information, in fact their "Technical FAQ" about it actually has
the following:
"Q: Does this technology require an online connection to be used?

A: No. "

That is just so enlightening, and is about as far from a useful answer
as possible.


> NCAs do not have
> "complete access to private information".  Quite the opposite.  Rather,
> NCAs have the power to protect private information such that no other
> software on the machine can access it.  They do so by using the Palladium
> software and hardware to encrypt the private data.  The encryption is
> done in such a way that it is "sealed" to the particular NCA, and no other
> software is allowed to use the Palladium crypto hardware to decrypt it.

This applies only under the condition that the software in Palladium is
perfectly secure. Again I point to the issues with ActiveX, where a wide
variety of hoels have been found, I point to the newest MS operating system
which has it even been out a month yet? and already has a security patch
available, in spite of their "secure by default" process. Again I don't
believe this is because MS is inherently bad, it is because writing secure
programs is extremely difficult, MS just has the most feature bloat so they
have the most problems. If the Palladium software is actually secure
(unlikely), then there is the issue of how the (foolishly trusted) NCAs are
determined to be the same, this is an easy problem to solve if no one ever
added features, but a hard one to solve where the program evolves, once MS
shows the solution for this, I will point to the same information and show
you a security hole.

> In the proposed usage, an NCA associated with an ecommerce site would seal
> the data which is used by the user to authenticate to the remote site.

After running unattended on your computer, a brilliant
idea, hasn't anyone learned?

> The authentication data doesn't actually have to be a certificate with
> associated key, but that would be one possibility.  Only NCAs signed by
> that ecommerce site's key would be able to unseal and access the user's
> authentication credentials.  This prevents rogue software from stealing
> them and impersonating the user.

Not in the slightest, a single compromise of a single ecommerce site
(remember they're "trusted") will remove all this pretend security. Let's
use a particularly popular example on here right now www.e-go1d.com, they
could easily apply to be an ecommerce site, they collect money, they offer a
service, clearly they are an ecommerce site. Are you really gullible enough
to believe that they won't do everything in their power to exploit the data
transfer problem above, as well as any other holes in Palladium? I should
hope not.


> Seriously, have you read any
> of the documents linked from http://www.microsoft.com/resources/ngscb/?

Yes I have, in fact at this point I think it is safe to say that you have
not, or you didn't understand the implications of the small amount of
information it actually contains.
Joe



Re: An attack on paypal

2003-06-12 Thread Anne & Lynn Wheeler
At 10:56 AM 6/11/2003 -0400, Sunder wrote:
In either case, we wouldn't need to worry about paying Verisign or anyone
else if we had properly secured DNS.  Then you could trust those pop-up
self-signed SSL cert warnings.
actually, if you had a properly secured DNS  then you could trust DNS 
to distribute public keys bound to a domain name in the same way they 
distribute ip-addresses bound to a domain name.

the certificates serve two purposes: 1) is the server that we think we are 
talking to really the server we are talking to and 2) key-exchange for 
establishing an encrypted channel. a properly secured DNS would allow 
information distributed by DNS to be trusted  including a server's 
public key  and given the public key  it would be possible to do 
the rest of the SSL operation (w/o requiring certificates) which is 
establishing an agreed upon session secret key.
--
Anne & Lynn Wheelerhttp://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm



Re: An attack on paypal

2003-06-12 Thread Steven M. Bellovin
In message <[EMAIL PROTECTED]>, "Matt Crawford" writ
es:
>> The worst trouble I've had with https is that you have no way to use host
>> header names to differentiate between sites that require different SSL
>> certificates.
>
>True as written, but Netscrape ind Internet Exploder each have a hack
>for honoring the same cert for multiple server names.  Opera seems to
>honor at least one of the two hacks, and a cert can incorporate both
>at once.
>
>   /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
>   /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
>   /CN=bravo.fnal.gov/CN=charlie.fnal.gov

You can also use *.fnal.gov

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)



Re: An attack on paypal

2003-06-12 Thread Eric Rescorla
Sunder <[EMAIL PROTECTED]> writes:

> The worst trouble I've had with https is that you have no way to use host
> header names to differentiate between sites that require different SSL
> certificates.
>
> i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :(  This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com" 
> 
> So you need to waste IP's for this.  Since the browser standards are
> already in place, it's unlikely to be to find a workaround.  i.e. be able
> to switch to a different virtual host after you've established the ssl
> session.  :(
This is being fixed. See draft-ietf-tls-extensions-06.txt

-Ekr

-- 
[Eric Rescorla   [EMAIL PROTECTED]
http://www.rtfm.com/



Re: An attack on paypal

2003-06-12 Thread Peter Gutmann
"Matt Crawford" <[EMAIL PROTECTED]> writes:

>True as written, but Netscrape ind Internet Exploder each have a hack for
>honoring the same cert for multiple server names.  Opera seems to honor at
>least one of the two hacks, and a cert can incorporate both at once.
>
>   /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
>   /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
>   /CN=bravo.fnal.gov/CN=charlie.fnal.gov

Just to clarify this, so you need a multivalued CN, with one containing the
expression "(a|b|c)" and the remaining containing each of "a", "b", and "c"?
Is it multiple AVAs in an RDN, or multiple RDNs?   (Either of these could be
hard to generate with a lot of software, which can't handle multiple AVAs in
an RDN or multiple same-type RDNs).  Which hack is for MSIE and which is for
Netscape?

Peter.



Re: An attack on paypal

2003-06-12 Thread Matt Crawford
> "Matt Crawford" <[EMAIL PROTECTED]> writes:
> >... Netscrape ind Internet Exploder each have a hack for
> >honoring the same cert for multiple server names.  Opera seems to honor at
> >least one of the two hacks, and a cert can incorporate both at once.
> >
> >   /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services
> >   /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov
> >   /CN=bravo.fnal.gov/CN=charlie.fnal.gov
> 
> Just to clarify this, so you need a multivalued CN, with one containing the
> expression "(a|b|c)" and the remaining containing each of "a", "b", and "c"?
> Is it multiple AVAs in an RDN, or multiple RDNs?   (Either of these could be
> hard to generate with a lot of software, which can't handle multiple AVAs in
> an RDN or multiple same-type RDNs).  Which hack is for MSIE and which is for
> Netscape?

Each CN is in a single-element RDN as usual. Netscape honors only the
first CN in the SubjectDN, but will treat it as a restricted regex
(shell-like * wildcard, alternation and grouping). IE checks the
server name against each CN's individually.

This was mainly determined by experimentation.  I think we did find a
limit on how long that first regex could be, but I don't remember
what it was.  Longer than my example, but short enough that some of
our bigger virtual-hosting servers were inconvenienced by it.

Openssl has no qualms about multiple same-type components.  You just
have to use the somewhat documented

0.commonName = ...
1.commonName = ...
2.commonName = ...

in the configuration file.



Re: An attack on paypal

2003-06-12 Thread Matt Crawford
> You can also use *.fnal.gov

Yes, we know, but our in-house CA operator (me) won't issue such a
certificate.



Re: An attack on paypal

2003-06-11 Thread Bill Frantz
At 11:01 AM -0700 6/11/03, Major Variola (ret) wrote:
>At 03:39 PM 6/10/03 -0700, Bill Frantz wrote:
>>IMHO, the problem is that the C language is just too error prone to be
>used
>>for most software.  In "Thirty Years Later:  Lessons from the Multics
>>Security Evaluation",  Paul A. Karger and Roger R. Schell
>> credit the use of PL/I
>for
>>the lack of buffer overruns in Multics.  However, in the
>Unix/Linux/PC/Mac
>>world, a successor language has not yet appeared.
>
>What about Java?  Apart from implementation bugs, its secure by design.

Java is certainly an improvement for buffer overruns.  (The last estimate I
heard was that 1/3 of the penetrations were due to buffer overruns.)  Java
is still semi-intrepreted, so it is probably too slow for some
applications.  However Java is being used for server-side scripting with
web servers, where the safety of the language is a definite advantage.

Of course, when you cover one hole, people move on to others.  Server-side
Java is succeptable to SQL injection attacks for example.

Cheers - Bill


-
Bill Frantz   | Due process for all| Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
[EMAIL PROTECTED] | American way.  | Los Gatos, CA 95032, USA



Re: An attack on paypal

2003-06-11 Thread Sunder
The worst trouble I've had with https is that you have no way to use host
header names to differentiate between sites that require different SSL
certificates.

i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
have individual ssl certs for https. :(  This is because the cert is
exchanged before the http 1.1 layer can say "I want www.bar.com" 

So you need to waste IP's for this.  Since the browser standards are
already in place, it's unlikely to be to find a workaround.  i.e. be able
to switch to a different virtual host after you've established the ssl
session.  :(

Personally I find thawte certs to be much cheaper than verisign and they
work just as well.

In any case, anyone is free to do the same thing AlterNIC did - become
your own free CA.  You'll just have to convince everyone else to add your
CA's cert into their browser.  You might be able to get the Mozilla guys
to do this, good luck with the beast of Redmond though.

Either way, having a pop-up isn't that big deal so long as you're sure of
the site you're connecting to.

In either case, we wouldn't need to worry about paying Verisign or anyone
else if we had properly secured DNS.  Then you could trust those pop-up
self-signed SSL cert warnings.


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, James A. Donald wrote:

> The most expensive and inconvenient part of https, getting
> certificates from verisign, is fairly useless.
> 
> The useful part of https is that it has stopped password
> sniffing from networks, but the PKI part, where the server, but
> not the client, is supposedly authenticated, does not do much
> good. 



Re: An attack on paypal

2003-06-11 Thread Dave Howe
James A. Donald wrote:
> How many attacks have there been based on automatic trust of
> verisign's feckless ID checking?   Not many, possibly none.
I imagine if there exists a https://www.go1d.com/ site for purposes of
fraud, it won't be using a self-signed cert. Of course it is possible that
the attackers are using http:// instead, but more people are likely to
notice that.

> That is not the weak point, not the point where the attacks
> occur.   If the browser was set to accept self signed
> certificates by default, it would make little difference to
> security.
I don't think any currently can be - but regardless, an attacker wishing to
run a fraudulent https site must have a certificate acceptable to the
majority of browsers without changing settings - That currently is the big
name CAs and nobody else.



RE: An attack on paypal

2003-06-11 Thread Vincent Penquerc'h
> the lack of buffer overruns in Multics.  However, in the 
> Unix/Linux/PC/Mac
> world, a successor language has not yet appeared.

Work on the existing C/C++ language will have a better chance
of actually being used earlier. Not that it removes the problem
entirely, but it should catches a lot of easy stack smashing bugs.

http://gcc.gnu.org/projects/bp/main.html

-- 
Vincent Penquerc'h 



Re: Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Joseph Ashwood
- Original Message - 
From: "Anonymous" <[EMAIL PROTECTED]>
Subject: CDR: Re: An attack on paypal --> secure UI for browsers


> In short, if Palladium comes with the ability to download site-specific
> DLLs that can act as NCAs

Ok what flavor of crack are you smoking? Because I can tell from here that's
some strong stuff. Downloading random DLLs that are given complete access to
private information is one of the worst concepts that anyone has ever come
up with, even if they are signed by a "trusted" source. Just look at the
horrifically long list of issues with ActiveX, even with WindowsXP (which
hasn't been around that long) you're already looking at more than half a
dozen, and IIRC win95 had about 50. This has less to do with "windows is
bad" than with "secure programming is hard." Arbitrarily trusting anyone to
write a secure program simply doesn't work, especially when it's something
sophisticated.

Now for the much more fundamental issue of your statement. Palladium will
never "download site-specific" anything. Palladium is a hardware technology,
not a web browser.

I will refrain from saying Paladium is a bad idea, simply because I see some
potentially very lucrative (for me) options for it's use.
Joe



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Morlock Elloi
> The solution to this is Palladium (NGSCB).
> 
> You'd want each ecommerce site to download a Nexus Computing Agent into
> the client.  This should be no more difficult than downloading an Active-X
> control or some other DLL.  The NCA has a manifest file associated with it

No shit? This is moronic. But then it reflects the impaired cognitive abilities
of corpdrones in mintel.

I pay for the "computer", and then all these corporations start downloading
shit to my "computer" in order to make it safe for me to use it, right ? I am
lay person and need to trust these people, as I am clueless about stuff they
download. But their web page says it's good.

This all happens *after* I buy the computer.

So, to recap, I pay several $K for the "computer" and then have to customize it
so that it becomes "safe". The computer, as malladium authenticates the
computer. 

Why do I want $3,000 authentication token ?

No, mintel making money is not the right answer. Try again.



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Anonymous
The problem to be solved is this.  Spoofed sites can acquire user
credentials, especially passwords, and then use those to impersonate the
user on the real sites.  With paypal and e-gold, this allows stealing
real money.

Using client certificates to authenticate would solve this, because
even if the user got fooled and authenticated to the spoofed site, the
attacker wouldn't learn the client cert secret key and so would not be
able to masquerade as the user.

The problem (among others) is that this allows a virus to steal the
client cert.  If it is protected by a password, the malware must hang
around long enough for the user to unlock the cert (perhaps because the
malware sent a spoofed email calling for the user to visit the site,
even the real site!).  It can then read the user's keystrokes and acquire
the password.  Now it has the cert and password and can impersonate the
user at will.

The solution to this is Palladium (NGSCB).

You'd want each ecommerce site to download a Nexus Computing Agent into
the client.  This should be no more difficult than downloading an Active-X
control or some other DLL.  The NCA has a manifest file associated with it
that contains the ecommerce site's signing key.  This allows the NCA to be
effectively locked to that key.

The user's site-specific client certificate would be sealed to this NCA.
That means that no other NCA could get access to the client cert for
that site, nor could any legacy software.  All this is protected by the
Palladium hardware and software.

If a password is used for further security, to unlock the client cert
(in addition to the NCA-specific encryption), it can use a secure
channel to the NCA so that no keystroke loggers can steal the password.
(However, as mentioned in a previous mail, this may not stop rogue NCA's
from fooling the user by pretending to be the ecommerce site's NCA and
picking up the password.  It's not clear that adding a password really
increases security.  Fortunately the NCA security itself is already
vastly stronger than anything available on a PC today.)

In short, if Palladium comes with the ability to download site-specific
DLLs that can act as NCAs, it should allow for solving the spoofed-site
problem once and for all.  When you login to paypal or e-gold, you would
authenticate yourself using a cert that only those sites could see.
This can be done in the framework of standard SSL, but would require a
Palladium-aware browser.



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Nomen Nescio
Adam Lydick writes:

> I'd guess that no applications (besides the secure nexus) would
> have access to your "list of doggie names", just the ability to display
> it. The list just indicates that you are seeing a window from one of
> your partitioned and verified applications. I would also assume the
> window would get decorated with the name of the trusted application (not
> just your secret list). Thus you only need a single secret list to
> handle all of your "authorized" applications.

That makes sense.  However it puts the burden onto the user to closely
inspect his window frames in order to make sure that he is talking
to the program (or NCA in Palladium) that he thinks he is talking to.
It also introduces the problem of program-name spoofing; you might be
given a dialog to enter your password for Paypa1 or E-Go1d.

If users were that careful, we wouldn't have these kinds of problems in
the first place.



Re: An attack on paypal

2003-06-10 Thread Bill Frantz
At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote:
>somebody (else) commented (in the thread) that anybody that currently
>(still) writes code resulting in buffer overflow exploit maybe should be
>thrown in jail.

A nice essay, partially on the need to include technological protections
against human error, included the above paragraph.

IMHO, the problem is that the C language is just too error prone to be used
for most software.  In "Thirty Years Later:  Lessons from the Multics
Security Evaluation",  Paul A. Karger and Roger R. Schell
 credit the use of PL/I for
the lack of buffer overruns in Multics.  However, in the Unix/Linux/PC/Mac
world, a successor language has not yet appeared.

YMMV - Bill


-
Bill Frantz   | Due process for all| Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
[EMAIL PROTECTED] | American way.  | Los Gatos, CA 95032, USA



Re: An attack on paypal

2003-06-10 Thread James A. Donald
--
On 9 Jun 2003 at 2:09, Dave Howe wrote:
> The problem is here, we are blaming the protective device for
> not being able to protect against the deliberate use of an
> attack that bypasses, not challenges it - by exploiting the
> gullibility or tendency to take the path of least resistance
> of the user. The real weakness in HTTPS is the tendency of
> certificates signed by Big Name CAs to be automagically
> trusted - even if you have never visited that site before.
> yes, you can fix this almost immediately by untrusting the
> root certificate - but then you have to manually verify each
> and every site at least once, and possibly every time if you
> don't mark the cert as "trusted" for future reference. To
> blame HTTPS for an attack where the user fills in a web form
> received via html-rendering email (no https involved at all)
> is more than a little unfair though.

How many attacks have there been based on automatic trust of
verisign's feckless ID checking?   Not many, possibly none.

That is not the weak point, not the point where the attacks
occur.   If the browser was set to accept self signed
certificates by default, it would make little difference to
security.

A wide variety of ways of getting big name certificates that
one should not have, have been discovered.   Attackers never
showed much interest. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 uJuAm4Xwyo4xTn0ozjBmW2ZqpI8Z3ru25WDmB7iw
 43PXj2QDpBfcahqs2aOleapJYsqtA6S36+hOdVkpR



Re: An attack on paypal

2003-06-10 Thread James A. Donald
--
On 8 Jun 2003 at 20:00, Anne & Lynn Wheeler wrote:
> that is why we coined the term merchant "comfort"
> certificates some time ago. my wife and I having done early
> work for payment gateway with small client/server startup in
> menlo park ... that had this thing called SSL/HTTPS ... and
> then having to perform due diligence on the major issuers of
> certificates  we recognized 1) vulnerabilities in the
> certificate process and 2) information hiding of transaction
> in flight only addressed a very small portion of the
> vulnerabilities and exploits.

https is like a strong fortress wall that only goes half way
around the fortress.

The most expensive and inconvenient part of https, getting
certificates from verisign, is fairly useless.

The useful part of https is that it has stopped password
sniffing from networks, but the PKI part, where the server, but
not the client, is supposedly authenticated, does not do much
good. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 9ZQw+0/xh1y28CkGulSQSVxewfy71qzXGHI8KJbN
 4osBv1veq07jaMVh2zVetZVKqIRfQjiwJaKu99GqM



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Sunder
Yes, >NOW< if you can load yourself into kernel space, you can do anything
and everything - Thou Art God to quote Heinlein.  This is true of every
OS.  Except if you add that nice little TCPA bugger which can verify the
kernel image you're running is the right and approved one. Q.E.D.

Look at the XBox hacks for ideas as to why it's not a trival issue, but
even so, one James Bond like buffer overflow in something everyone will
have marked as trusted (say IE 8.0, or a specially crafted Word 2005
macro), and the 3v1l h4x0r party is back on and you iz ownz0red once more.

It's not enough to fear Microsoft, you must learn to love it.  Give us 2
minutes of hate for Linux now brother!


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, Rich Salz wrote:

> But if the system is rooted, then the attacker merely has to find the
> "today's secret word" entry in the registry and do the same thing.
> Unless Windows is planning on getting real kernel-level kinds of protection.
> 
> > It was none other than Microsoft's NGSCB, nee Palladium.  See
> > http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:
> 
> See previous sentence. :)



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Sunder
It's simple.  It solves the problem that Microsoft Salesmen have.  In
order to sell shit, you have to make it look like gold.  Cee Eee Ohs have
heard it said that Microsoft software is insecure crap.  Now the Microsoft
Salesmen can do fancy demos with pretty colors and slick Operators Are
standing By, Act Now, *New*, Don't Delay, Improved, Secure, Bells Whistles
and Coolness demos and sign the suckers up.

Just like the wonderful ads that peppered NYC when Ex-Pee came out saying
"Reliable, and Secure."


--Kaos-Keraunos-Kybernetos---
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.\|/
 + v + :   The look on Sadam's face - priceless!   
[EMAIL PROTECTED] http://www.sunder.net 

On Tue, 10 Jun 2003, Nomen Nescio wrote:

> I don't see how this is going to work.  The concept seems to assume
> that there is a distinction between "trusted" and "untrusted" programs.
> But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be
> written by anyone.  If you've loaded a Trojan application onto your
> machine, it can create an NCA, which would presumably be eligible to
> put up a "trusted" window.
> 
> So either you have to configure a different list of doggie names for
> every NCA (one for your banking program, one for Media Player, one for
> each online game you play, etc.), or else each NCA gets access to your
> Secret Master List of Doggie Names.  The first possibility is unmanageable
> and the second means that the trustedness of the window is meaningless.
> 
> So what good is this?  What problem does it solve?



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Rich Salz
> For example, a proposal I saw recently which
> would have the OS decorate the borders of "trusted" windows with facts or
> images that an attacker wouldn't be able to predict: the name of your
> dog, or whatever.

But if the system is rooted, then the attacker merely has to find the
"today's secret word" entry in the registry and do the same thing.
Unless Windows is planning on getting real kernel-level kinds of protection.

> It was none other than Microsoft's NGSCB, nee Palladium.  See
> http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:

See previous sentence. :)
/r$

--
Rich Salz  Chief Security Architect
DataPower Technology   http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html



Re: An attack on paypal --> secure UI for browsers

2003-06-10 Thread Peter Gutmann
Nomen Nescio <[EMAIL PROTECTED]> writes:

>I don't see how this is going to work.  The concept seems to assume that
>there is a distinction between "trusted" and "untrusted" programs. But in the
>NGSCB architecture, Nexus Computing Agents (NCAs) can be written by anyone.
>If you've loaded a Trojan application onto your machine, it can create an NCA,
>which would presumably be eligible to put up a "trusted" window.
>
>So either you have to configure a different list of doggie names for every
>NCA (one for your banking program, one for Media Player, one for each online
>game you play, etc.), or else each NCA gets access to your Secret Master List
>of Doggie Names.  The first possibility is unmanageable and the second means
>that the trustedness of the window is meaningless.

Maybe MS will implement something like the secure attention key in the old VAX
A1 VMM (Ctrl-Alt-Del already serves this purpose for logins) which gives you a
guaranteed non-spoofed interface to the kernel (see for example "A
Retrospective on the VAX VMM Security Kernel" by Karger et al for more
information on this).  They certainly have the VMS knowhow :-).

Peter.



Re: An attack on paypal --> secure UI for browsers

2003-06-09 Thread Nomen Nescio
Tim Dierks wrote:
>  - Get browser makers to design better ways to communicate to users that 
> UI elements can be trusted. For example, a proposal I saw recently which 
> would have the OS decorate the borders of "trusted" windows with facts or 
> images that an attacker wouldn't be able to predict: the name of your 
> dog, or whatever. (Sorry, can't locate a link right now, but I'd 
> appreciate one.)

It was none other than Microsoft's NGSCB, nee Palladium.  See
http://news.com.com/2100-1012_3-1000584.html?tag=fd_top:

   NEW ORLEANS--Microsoft is trying to make security obvious.

   The software giant plans to visually alter document or application
   windows that contain private information that's secured through
   Microsoft's Next-Generation Secure Computing Base (NGSCB), formerly
   known as Palladium. Secure windows will look different than regular,
   unsecured windows in order to remind users that they are looking
   at confidential material, Peter Biddle, product unit manager for
   Microsoft, said Thursday at the Windows Hardware Engineering Conference
   (WinHEC) here.
   ...
   The border of a secured page may contain information--such as the
   names of all the dogs that someone has ever owned--to make the data
   instantly recognizable as sound to the individual owner, as well as
   difficult to replicate. A hacker can create a spoof page with dogs'
   names running along the border but, in all likelihood, not one reading
   "Buffy, Skip and Jack Daniels--and in that order," Biddle said.
   ...
   Information on secured windows will vanish if another window is placed
   on top of it or shifted to the background. Erasing the information
   will prevent certain types of attacks and remind people that they're
   dealing with confidential material, Biddle said.

   When the secure window returns to the top of the stack, the information
   will reappear, he said.

I don't see how this is going to work.  The concept seems to assume
that there is a distinction between "trusted" and "untrusted" programs.
But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be
written by anyone.  If you've loaded a Trojan application onto your
machine, it can create an NCA, which would presumably be eligible to
put up a "trusted" window.

So either you have to configure a different list of doggie names for
every NCA (one for your banking program, one for Media Player, one for
each online game you play, etc.), or else each NCA gets access to your
Secret Master List of Doggie Names.  The first possibility is unmanageable
and the second means that the trustedness of the window is meaningless.

So what good is this?  What problem does it solve?



Re: An attack on paypal --> secure UI for browsers

2003-06-09 Thread Peter Gutmann
Amir Herzberg <[EMAIL PROTECTED]> writes:

>Ka Ping Yee, User Interface Design for Secure System, ICICS, LNCS 2513, 2002.

Ka-Ping Yee has a web page at http://zesty.ca/sid/ and a lot of interesting
things to say about secure HCI (and HCI in general), e.g. a characterisation
of safe systems vs. general-purpose systems:

  In order for Alice to use her computer usefully, she has to be able to
  instruct programs to do things for her.  In order for those programs to
  carry out tasks, she has to trust those programs with some authority.  So
  every useful operation involves making the system a little bit less safe.
  In order to keep the system from becoming unboundedly unsafe, Alice must
  also be able to make her system more safe.

  A system in an ultimately safe state is one that can't do anything other
  than what was planned ahead of time.  General-purpose computing is useful to
  Alice only because she can make unpredictable inputs into the system, asking
  it to do new things.

Peter.



Re: An attack on paypal

2003-06-08 Thread Dave Howe
James A. Donald wrote:
> Attached is a spam mail that constitutes an attack on paypal similar
> in effect and method to man in the middle.
>
> The bottom line is that https just is not working.  Its broken.
HTTPS works just fine.
The problem is - people are broken.
At the very least, verisign should say "ok so '..go1d..' is a valid server
address, but doesn't it look suspiously similar to this '..gold..' site over
here?" for https://pseudo-gold-site/ - but really, if users are going to
fill in random webforms sent by email, they aren't going to be safe under
any circumstances; the thing could send by unsecured http to any site on the
planet, then redirect to the real gold site for a generic "transaction
completed" or even "failed" screen
A world where a random paypal hack like this one doesn't work is the same as
the world where there is no point sending out a Nigerian as you will never
make a penny on it - and yet, Nigerian is still profitable for the con
artists.



Re: An attack on paypal

2003-06-08 Thread Tim Dierks
At 02:55 PM 6/8/2003, James A. Donald wrote:
Attached is a spam mail that constitutes an attack on paypal similar
in effect and method to man in the middle.
The bottom line is that https just is not working.  Its broken.

The fact that people keep using shared secrets is a symptom of https
not working.
The flaw in https is that you cannot operate the business and trust
model using https that you can with shared secrets.
I don't think it's https that's broken, since https wasn't intended to 
solve the customer authentication / authorization problem (you could try to 
use SSL's client certificates for that, but no one ever intended client 
certificate authentication to be a generalized transaction problem).

When I responded to this before, I thought you were talking about the 
server auth problem, not the password problem. I continue to feel that the 
server authentication problem is a very hard problem to solve, since 
there's few hints to the browser as to what the user's intent is.

The password problem does need to be solved, but complaining that HTTPS or 
SSL doesn't solve it isn't any more relevant than complaining that it's not 
solved by HTML, HTTP, and/or browser or server implementations, since any 
and all of these are needed in producing a new solution which can function 
with real businesses and real users. Let's face it, passwords are so deeply 
ingrained into people's lives that nothing which is more complex in any way 
than passwords is going to have broad acceptance, and any consumer-driven 
company is going to consider "easy" to be more important that "secure".

Right now, my best idea for solving this problem is to:
 - Standardize an HTML input method for  which does an SPEKE (or 
similar) mutual authentication.
 - Get browser makers to design better ways to communicate to users that 
UI elements can be trusted. For example, a proposal I saw recently which 
would have the OS decorate the borders of "trusted" windows with facts or 
images that an attacker wouldn't be able to predict: the name of your dog, 
or whatever. (Sorry, can't locate a link right now, but I'd appreciate one.)
 - Combine the two to allow sites to provide a user-trustable UI to enter 
a password which cannot be sucked down.
 - Evangelize to users that this is better and that they should be 
suspicious of any situation where they used such interface once, but now 
it's gone.

I agree that the overall architecture is broken; the problem is that it's 
broken in more ways than can just be fixed with any change to TLS/SSL or HTTPS.

 - Tim