[cap-talk] Firefox breaks the principle of identifiability
Ian G
iang at systemics.com
Tue Feb 8 13:23:27 EST 2005
Ben Laurie wrote:
> I can figure that one out. I still want to know how I get my first
> introduction.
... The solution being
proposed uses a divide-and-conquer approach,
a la SSH model. The first intro is something to
clean up later. It just so happens that in the
major danger areas of phishing, the user always
has a 'first intro' already established - it's her
bank.
> BTW, I saw a domain spoofing attack today that did not attempt to
> subvert an existing trust relationship. It was trying to get people to
> post their pictures to a spoofed HotOrNot site. Frivolous, I'll admit,
> but nevertheless, an example of an attackable transaction with value
> that does not rely on an existing trust relationship and so cannot be
> prevented by petnames (at least, not in the way described).
That's a correct assessment. I think the view that
"phishing is based on name conflation" is flawed,
it is the same set of errors that the original SSL
designers fell into. For them, it went something
like "hear about a problem, think about how to
define it in terms that are tractable, solve that
problem, then present the solution as applicable
to the original problem."
Phishing is tricking users into handing info over
to people they shouldn't do so with. Names are
just one way to do that.
As this is security, we can't just develop a theory,
try it and hope it works. The active aggressor has
an ability to change our security by hitting our
assumptions. It's unlike physics where the bridge
we build today has to face the same wind and rain
in 10 years time as today.
A much better approach is to work with small
changes in what we have available. For example,
the simple change to Firefox 1.0 that makes the
URL bar yellow on SSL will (IMHO) do more to
defend against phishing than the more complete
approaches developed here - simply because it
is there, and in the hands of users.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list