Security News > 2001 > August > Too much time on their hands up in the North Woods

Too much time on their hands up in the North Woods
2001-08-06 08:18

Forwarded by: "Jay D. Dyson" -----BEGIN PGP SIGNED MESSAGE----- Courtesy of Cryptography List. Hmmm! - ---------- Forwarded message ---------- Date: Fri, 3 Aug 2001 07:19:33 -0400 From: "R. A. Hettinga" To: Digital Bearer Settlement List , dcsb () ai mit edu, cryptography () wasabisystems com Subject: Too much time on their hands up in the North Woods - --- begin forwarded text Date: Thu, 02 Aug 2001 23:15:54 -0700 From: Paul Harrison Subject: Too much time on their hands up in the North Woods To: rah () ibuc com Reply-to: pth () ibuc com The boyz at Dartmouth's PKI Lab have been playing with JavaScript. The results are troubling in an "E-Qold" kind of way. http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf By painting over the location and status bars of typical wintel browsers, and using javascript's pop-up window capability they are able to spoof an SSL session, without even duping Verisign into giving them a bogus cert. The effort is painstaking but the results apparently slick. Picks up from Felton's seminal work (since deprecated). I like this for Verified by Visa 3-D Secure applications: "Hello, this is the FleetBankBoston VISA Verifier popup. Please type your password in this secure window now.....Thank you, and remember, NEVER share your password. Have a nice day!" Not discussed, but important to the discerning bad-guy's tool kit is the "proxy-spoof." This is a webserver which has a home page which looks like, say, Amazon.com but isn't. For every click you make it runs off to Amazon, gets the page, replaces all the Amazon links with spoofed links to itself, then forwards the page on to you. In this fashion, you get theAmazon experience right on through until you click "Buy" and whip out your credit card. The attacker has been in charge of your connection for the entire site visit, but only then does it get smart and start rendering ersatz images. - --- end forwarded text - -- - ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo () wasabisystems com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO2rxSrlDRyqRQ2a9AQFYMgP+OGig00W5GZOOqYgSkPGngt16p5nWAzEw 7jgeWWoxnIn0napsUMiwGHr0TfY1bWt8d1gFNSHRgzxoEnzzjoE+Udaci9+OXiWB I7AwEbCqrTKjCeyzgHfgaw+Wg4P385lUY7EJ+zCAF1H5SmPPhNJCVzuyh2tLhiht KbGYwHNeE2w= =XZkK -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.


News URL

http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf