Comments: MITM spotted in Tor

for topic drift ... i mention here
http://www.garlic.com/~lynn/2007u.html#74

in a thread about using on-screen visual keyboards (CAPTHAs obscured)
http://www.garlic.com/~lynn/2007u.html#66

and mouse clicks as countermeasure to PC virus/trojans capturing online banking userid/passwords.

this is PC virus/trojan that waits until the session has been initiated ... and then executes fraudulent transactions w/o the person's knowledge

New Trojan Attacks Clients At Four Worldwide Banks
http://www.crn.com/security/204803106
Sophisticated Trojan loots business bank accounts
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053018
Botnet-controlled Trojan robbing online bank customers
http://www.networkworld.com/news/2007/121307-zbot-trojan-robbing-banks.html

the original thread had drifted into topic that the threats/vulnerabilities had been well-studied and understood by at least the mid-90s ... along with the current spate of kneejerk, simple-minded, point solutions for each individual exploit that appears, rather than addressing underlying infrastructure weaknesses.

in the case of the online banking visual keyboard scenario ... it is obviously a countermeasure to compromised PC ... then where does it say that a ompromised PC will only be limited to keylogging.

one could claim that the original SSL design (before the mid-90s) was countermeasure to hostile environment ... not only did the session have to be authenticated ... but everything related to the session had to also be armored.

if the environment is really hostile, then it is much better going to individual armored transaction instead of assuming that everything within a session boundary is secure ... somewhat discussed in old thread here last summer on naked transactions
http://www.garlic.com/~lynn/subintegrity.html#payments

comments about the culture of kneejerk simple-minded point-solution reaction to exploits
http://www.garlic.com/~lynn/2007e.html#12 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007i.html#66 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007j.html#67 open source voting
http://www.garlic.com/~lynn/2007k.html#55 My Dream PC -- Chip-Based
http://www.garlic.com/~lynn/2007o.html#10 IBM 8000 series
http://www.garlic.com/~lynn/2007u.html#53 folklore indeed
http://www.garlic.com/~lynn/2007u.html#55 folklore indeed
http://www.garlic.com/~lynn/2007u.html#57 folklore indeed
http://www.garlic.com/~lynn/2007u.html#62 folklore indeed
http://www.garlic.com/~lynn/2007u.html#63 folklore indeed
http://www.garlic.com/~lynn/2007u.html#67 folklore indeed
http://www.garlic.com/~lynn/2007u.html#68 folklore indeed

Posted by Lynn Wheeler at December 15, 2007 11:05 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55d5eafe6c30) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.