iang at iang.org
Sat Sep 24 05:55:59 EDT 2011
>>>> And further, you should have a client app on your computer for
>>>> dealing with
>>>> shared secrets, which is only capable of attempting a visa payment
>>>> with an
>>>> entity trusted by Visa.
> On 2011-09-24 4:06 AM, John Levine wrote:
>> I don't see how to do that in a useful way without non-programmable
>> hardware. We've seen PC-based malware do pretty much any MITM attack
>> you can imagine.
Most PC malware succeeds in controlling an application . These days,
more OS support attention is going into stopping a breached app from
allowing a hop. This is Android's sandboxing for example.
Hence, the current advice for phishing is "use another browser," as an
So, people use Firefox for their general work, and reserve Safari for
online banking, only . I have actually succeeded in teaching this to
my mother, who at 70 or so is quite incapable of dealing with computers
at any geek level, but she does follow a script written out on 4 pages
to review her bank account. What's more, she has succeeded in teaching
the grandchildren that they can use her laptop but they are banned from
On 24/09/11 11:45 AM, James A. Donald wrote:
> Most computers are not controlled by malware, and the malware argument
> is as much an argument against existing ssl/https/pki as it is against
> any alternative to ssl/https/pki
Right, exactly! It's pretty easy to counter any argument by throwing in
some theoretical grenade.
"But wait, all trusted hardware is controlled by the state who
perverts the chip makers...."
"But wait, China manufactures all the chips now, so our state is
perverted by their state..."
Experimentation cuts this Gordian Knot. In this sense, the google CA
pinning hack is just what the doctor ordered. That technique was
obviously easily destroyed in argumentation by any number of theoretical
grenades. But, code rebuilds what committees destroy.
Which points to a further problem. As the lifecycle of a crypto system
matures, the security apparatus takes on a less fluid form. In the
extreme, as all security decisions require approval from external
committees , the security model becomes concrete, allowing attackers
to easily walk around it, on top of it, or through it where the door was
The way to understand why this doesn't work is to look up OODA loops.
The consequences of this will destroy a number of myths about security
and the Internet...
 Dealing with phishing is all about risks, not about theoretical
binary security thinking. For most part that's because the vendors have
really not dealt with it, so the users have increased risks, and have
had to learn to deal with it using ad hoc methods.
 Or, IE, v.v. I've taken to using Chrome a lot lately but only for a
specific purpose. It's great for gmail, but horribly sugary for
news.google.com. I don't know how anyone can put up with that sort of
 The specific construction in concrete here is that browser vendors
look to PKIX for security guidance, and the latter focus on arcane bugs
in SSL which have never been exploited in the wild, but really tease the
cryptominds in the committees. So, the blind leading the blind.
More information about the cryptography