[cap-talk] an attack on the pet name tool bar

Ian G iang at systemics.com
Sat Feb 12 11:16:07 EST 2005 

David Hopwood wrote:

> Ian G wrote:
>
>> David Hopwood wrote:
>>
>>> The problem here is obviously the "false petname bar".
>>> It almost goes without saying that the petname bar must not
>>> be spoofable (e.g. by always displaying it at the top of
>>> all windows that can be used for browsing, and preferably
>>> by distinguishing those from all other windows). Isn't this
>>> true of the security-related GUI elements for any possible
>>> solution, including the TrustBar?
>>
>>
>> Yep.  But how does a phisher ask for the logo?
>
>
> He knows which logo will be used by most users because it's the
> one provided by the website. *If* there were an attack based
> on the attacker knowing the logo, that would be sufficient. But
> what's the attack? I don't see one.


Well, my attack was predicated on the user
actually choosing a somewhat random petname
or logo.  It highlighted a difference between
treatment between words and logos.

Now, it seems that both the petname toolbar
and the trustbar logo bar will suggest and
default to a nickname/logo, if they can work
one out.  Under those conditions, yes, the
phisher has an obvious line of attack (use
the default and mimic or replace the toolbar).

The question that needs to be kept in mind is,
in the face of all these niggling flaws (including
?!ng's excellent list), does the system still go
on to provide useful protection in a sufficient
number of cases?  Security is a probabilities
game.  If the system can still hold its own
against most probable circumstances, it is still
worth doing.

It's especially worth doing if we can get some
minimal set of protections out there and then
refine them as more experience comes in.  The
real challenge is to find the sweet spot of just
enough protection and just low enough cost to
the user such that it becomes wildly popular,
but leaves enough room for later upgrades
when the weaknesses become exploited.  As no
security tool really gets attacked until there
is a lot of it out there, there is a phony war
period where it is thought that what you
have is insecure;  that's wrong, it has just not
been attacked yet.

Anyway, enough rambling!

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/

More information about the cap-talk mailing list