[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Internet Flaws

> Jeff Weinstein wrote:
> > Paul A Gauthier wrote:
> > > Patrick Horgan wrote:
> > > > > From: "K. M. Ellis" <[email protected]>
> > > > >
> > > > I'd love to see something in there about most commercial sites being behind
> > > > firewalls without nfs access across the firewall.  This greatly reduces the
> > >
> > >   It might also be worth noting that people accessing the net
> > > via an ISP from home do not typically use NFS either.
> > >
> > 
> > They don't often have the skill/knowledge/concern to verify a PGP checksum
> > to ensure someone didn't patch their browser, either.
>   I don't believe that my posting of PGP signed checksums last night
> is a final solution that will make the world safe for all end users.
> I'm rather insulted that you imply that I do.

That's not what I was saying. The implication of the comments I was
responding to was that "firewalls and ISP users w/o NFS make this whole
issue a non-problem". And I think we all know that's not true. Presumably
if you have a firewall, sure, you have a sysadmin who will check the
integrity of the executable when it is installed behind it.

But ISP users w/o NFS are exactly the unparanoid unwashed masses who would
be perfectly targetted for this type of attack, and even worse would be
the least likely to do checksumming to protect themsevles. That is
the only point I was trying to make.

> your disk, then you may be in trouble.  The point is that you and a
> few reporters are running around yelling at the top of your lungs
> that internet commerce is totally doomed because it is possible for
> users to infect their systems with viruses.

In our post I don't believe there was any yelling, or any serious
doom and gloom. Mainly we just were trying to prod people to internalize
that these old protocols we're all still using are soon going to come under
heavy attack now that there is financial incentive to do it.

>   Perhaps you have a solution to offer to this whole problem?

So I am actually quite fond the idea of a company becoming a well-known
distributor of checksums. Users could either subscribe to a quarterly
bootable CD-ROM which checks out their system. Or a bootable read-only
floppy which causes their modem to call "1-900-CHEKSUM" and download
the needed checksums on demand.

This would be low-cost thing for the user, doing it once every few months
it would be pretty low hassle. Spoofing the phone line is a risk that I
can live with, as can I live with the risk of someone spoofing these
CD-ROMs that are mailed out 4 times a year.

And please, cypherpunks, don't start talking about "oh, but your CMOS
could have a trojan in it", and "do you really trust your boot code
in your SCSI". Because, yes, I sure do trust those things. And I think
it's entirely reasonable to trust them for the purposes we're discussing.

There are of course ways to minimize these attacks through crypto.
If you do have the correct CD-ROM/bood disk it can easily authenticate
the party on the other side of the phone. No phone spoofing.

To minimize the chances of getting a spoofed copy of the disk in
the mail, inclose a magic cookie inside the box. The magic cookie
must appear on the mailing label of the next box otherwise the user
is suspicious. Some other random sugar and now the user can tell if
they are getting legit disks as long as their first disk was legit,
and someone isn't opening their mail in a specific attempt to attack