[ISN] Too much time on their hands up in the North Woods

From: InfoSec News (isnat_private)
Date: Mon Aug 06 2001 - 01:18:13 PDT

  • Next message: InfoSec News: "[ISN] NSA Picks Information Technology Contractor"

    Forwarded by: "Jay D. Dyson" <jdysonat_private>
    
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    Courtesy of Cryptography List.
    
    Hmmm!
    
    - ---------- Forwarded message ----------
    Date: Fri, 3 Aug 2001 07:19:33 -0400
    From: "R. A. Hettinga" <rahat_private>
    To: Digital Bearer Settlement List <dbsat_private>, dcsbat_private,
        cryptographyat_private
    Subject: Too much time on their hands up in the North Woods
    
    
    - --- begin forwarded text
    
    
    Date: Thu, 02 Aug 2001 23:15:54 -0700
    From: Paul Harrison <pthat_private>
    Subject: Too much time on their hands up in the North Woods
    To: rahat_private
    Reply-to: pthat_private
    
    The boyz at Dartmouth's PKI Lab have been playing with JavaScript. The
    results are troubling in an "E-Qold" kind of way.
    
    http://www.cs.dartmouth.edu/~pkilab/demos/spoofing/tr.pdf
    
    By painting over the location and status bars of typical wintel browsers,
    and using javascript's pop-up window capability they are able to spoof an
    SSL session, without even duping Verisign into giving them a bogus cert.
    The effort is painstaking but the results apparently slick. Picks up from
    Felton's seminal work (since deprecated).
    
    I like this for Verified by Visa 3-D Secure applications: "Hello, this is
    the FleetBankBoston VISA Verifier popup. Please type your password in this
    secure window now.....Thank you, and remember, NEVER share your password.
    Have a nice day!"
    
    Not discussed, but important to the discerning bad-guy's tool kit is the
    "proxy-spoof." This is a webserver which has a home page which looks like,
    say, Amazon.com but isn't. For every click you make it runs off to Amazon,
    gets the page, replaces all the Amazon links with spoofed links to itself,
    then forwards the page on to you. In this fashion, you get theAmazon
    experience right on through until you click "Buy" and whip out your credit
    card. The attacker has been in charge of your connection for the entire
    site visit, but only then does it get smart and start rendering ersatz
    images.
    
    - --- end forwarded text
    
    
    - -- 
    - -----------------
    R. A. Hettinga <mailto: rahat_private>
    The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
    44 Farquhar Street, Boston, MA 02131 USA
    "... however it may deserve respect for its usefulness and antiquity,
    [predicting the end of the world] has not been found agreeable to
    experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
    
    
    
    - ---------------------------------------------------------------------
    The Cryptography Mailing List
    Unsubscribe by sending "unsubscribe cryptography" to majordomoat_private
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBO2rxSrlDRyqRQ2a9AQFYMgP+OGig00W5GZOOqYgSkPGngt16p5nWAzEw
    7jgeWWoxnIn0napsUMiwGHr0TfY1bWt8d1gFNSHRgzxoEnzzjoE+Udaci9+OXiWB
    I7AwEbCqrTKjCeyzgHfgaw+Wg4P385lUY7EJ+zCAF1H5SmPPhNJCVzuyh2tLhiht
    KbGYwHNeE2w=
    =XZkK
    -----END PGP SIGNATURE-----
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 03:11:35 PDT