Anon asks:
> ian: I never understood why you insist on using HTTPS for the blog... maybe you can shed light ?
Fair question, and often I ask myself whether it is worth the extra effort. As succinctly as I can put it, it is because of the fundamental principle:
This principle is not so well understood in today's Internet security business, so I'll explain. Whenever a system has two modes, there is always weakness as it switches from one mode to another. In security systems, we get security weakness as we switch from unsecured mode to secured mode.
A very basic problem with security is that attackers are intelligent and active and users are distracted and passive. Not exactly dumb, but just paying attention to other things. So attackers will search out weaknesses, and users will not notice weaknesses, and therefore attacks at the weaknesses.
Then, attackers will attack at the switch in mode, and users won't really notice. Easy to say, but how does this work in practice? Consider browsing. You go to the website of your bank by typing the name into the google bar on the top right of google (ok, *you* might not, but you have a friend who will...) and clicking on the top result [1]. Or you could do it any number of other ways. Whichever, you end up at a website. Then you click around looking for the place to type your password and username.
The session started out "insecure", and ended up "secure". Hopefully. Normal users will pay attention at the beginning, but their attention wanes with each click. So in general, they won't notice when they switched into secure model. Which also means they won't notice who they switched too, which in turn leads to an easy attack: around the time the user is not paying attention, switch somewhere else that looks like what they expect.
Hence, phishing, in all its variations.
The fundamental flaw here is that we browse insecurely and then switch to secure mode for something important. We can eliminate a whole class of attacks here by being secure always. Never having to switch. Hence the principle; in that *if* you are doing anything that requires security, you are a million times better off if you *always* do everything secure [2].
Financial Cryptography is using HTTPS to remind people doing serious security work of that principle: you should design your systems to be always secure. Every time you click on the FC website and see that it is in HTTPS, I want you to remember that the application known as secure browsing is fundamentally broken, because it breaches the 3rd hypothesis: There is only one mode, and it is secure [3].
You, and your friend, are at risk because of that. To paraphrase an old saying, you enter a state of sin when you design a system with a security switch in it. It follows that, if we want to do anything that involves security on the web, then, everything should be in HTTPS, not just this blog. All blogs, all wikis, all websites, all the REST, everything.
[1] I was looking for an example, so I googled Bank of America. The first link took me straight to a https site (via a redirect). Outstanding!
Clicking around from the second link on google, I found that it switched me (via North Carolina) across to a login box in HTTPS with this site: https://businessconnect.ebanking-services.com/nubi/signin.aspx . Firefox says (oddly) "This web site does not supply identity information." .... but the certificate says it is Metavante Corporation ... ok, so this is a bad example, even I am totally confused by what is happening here...
[2] What "secure" means and how you do that are other questions that can only be answered with reference to the specific circumstances. E.g., for browsing, secure means that you are talking to the right site, and nobody else.
[3] How we got to this state of affairs, where practically everyone on the planet believes that insecure browsing is normal, should be considered as a research question.
Posted by iang at June 21, 2008 07:19 AM | TrackBackHow come it shows as a certificate error in Internet Explorer? A man-in-the-middle attack from www2.futureware.at?
Posted by: Peter at June 21, 2008 01:01 PMFor me it is difficult to say, as I know nobody who uses IE so I can't check.
New versions of IE threatened to turn certificates from unrecognised CAs into a solid warning, and not let session through at all, but I'm not sure if they carried forward with that restriction.
Posted by: Iang at June 21, 2008 04:10 PMThe Blogshares image on the right is also on http .. I am gonna keep pissing you off till you move all to http or to HTTPS :P
Also , it seems you have made a cert for www2.futerware.at for this site hahaha .. so I don't think even adding a CACert root cert will solve the issue ... IE is right Peter ! Finally IE is doing it right. ..
Posted by: anonymous at June 21, 2008 08:42 PMBlogshares: yeah, I think the idea is that I'm not supposed to copy their logo. I suppose I could and tell them that "anonymous" says it is more secure that way.
The certificate is a SubjectAltNames one, which means it has multiple names in it. In this case the name is shared between a half dozen different sites, you can examine that in the cert.
The real solution for this is TLS/SNI, which is by far the biggest improvement due in TLS because it makes it usable in this situation ... unfortunately we are still waiting on the web servers (Apache https, Microsoft IIS) to generate this. So meanwhile we are waiting on that, and maybe InternetExplorer can't handle the SubjectAltName certs?
It was supposed to be able to. I guess I'll hunt around for a techie who has IE and ask him to do some checks on versions to narrow down what has gone wrong with IE.
Posted by: Iang at June 22, 2008 07:00 AM>I suppose I could and tell them that "anonymous" says it is more secure that way
My point was I have seen demonstrated attacks in which the user clicks on "show insecure item" in say the gmail inbox/yahoo inbox view and his messages are cracked/mails sent on his name etc. So as a matter of practice I encourage people not to click on that button.
I don't think there is anything particularly wrong in IE , it also says that Root Cert is untrusted (same as firefox), I just can't find the UI to add an exception. I think both IE and firefox detect SubjectAltNames (although I dont seem able to! :) )
And btw, I have heard another tip recommended for security. Use another firefox profile for say banking , paypal , credit card info...and a different profile for day to day surfing. This reduces the attack surface even more as your cookies etc. all are inaccessible from the day-to-day profile.
But it is not only one mode.
http://financialcryptography.com/ should generate a 301, but fails to do so.
http://financialcryptography.com/ fails to redirect to https://financialcryptography.com/
Posted by: James A. Donald at June 23, 2008 03:56 AMHey Jim, yes, clearly the blog completely and utterly fails to actually reach "one mode". That's mostly a reflection of the difficulty of doing secure browsing and indeed this is the message: those who believe in "secure browsing: should reflect that it is extremely difficult, and a false god. Indeed, I could do all those things suggested, and there would still be problems, serious problems that I could never fix.
I do not intend to spend my life trying to rectify this blog... for that once-in-a-lifetime expenditure, I prefer to rectify something important. The question I have to wrestle with is whether the HTTPS experiment does more damage to spreading the word than it is worth?
Especially as we are now moving into a period where IE might actively promote against FC. Do I desire to be the martyr?
Posted by: Iang at June 23, 2008 08:53 AMFirefox 3.0 makes it difficult and scary for anybody to read your blog via the https:// links.
Posted by: Brian Smith at June 23, 2008 04:32 PMThis is an eye opener. I never understood this vulnerability exist. But this post explained the points in a lay-mans language that I can easily relate with . Thanks for sharing.
Posted by: Naijaecash at June 30, 2008 03:50 AM