Phorm, mitm, and https

bealoid

{x-posted to alt.privacy and alt.computer.security}

A number of UK ISPs have signed up for Phorm. This is, IMO, pretty bad.

Phorm say that they ignore anything going over https. For the purposes of
this thread, image a rogue, black-hat, Phorm.[1] Or even a rogue, black-
hat, ISP.

Ann, at her pc, logs into her internet "bob's Bank" bank account.

What are the steps involved between Ann's browser and the Bob's web page?

Is there anyway for EvePhorm to mount a serios mitm attack?

Is there anyway for EveBlackHatISP to mount a serious mitm attack?

I'm only really interested in attacks that allow Eves to either see the
financial data, or worse. I'd be interested to know what kind of mild data
leaks would be available.

Many thanks for any replies.

nemo_outis

bealoid <.uk> wrote in
news:Xns9A4D94296AC6FYAsfKJXSTO@194.117.143.37:

You need to read up on SSL.

Simplifying a bit, as long as:

1) the bank (or other destination site) has properly implemented its pages
(doesn't mix http & https, doesn't switch away, etc.), and
2) you actually *check* its SSL certificate to make sure it's for whomever
you're trying to connect to,

you're bombproof.

Regards,

PS This assumes, of course, that your computer is not infested with
spyware, Trojans, and the like and that you practice safe computing by
securing your browser, flushing caches and cookies, etc. or even signing
off after a secure session. In short, SSL protects communications in
transit, it doesn't protect against compromise (and stupid mistakes) at
either end point, especially by a user unreflectively clicking on stuff he
shouldn't (slightly misspelled URLs, etc.).

bealoid

"nemo_outis" <> wrote in
news:Xns9A4D5BFC23FD9pqwertyu@64.59.135.159:

> bealoid <.uk> wrote in
> news:Xns9A4D94296AC6FYAsfKJXSTO@194.117.143.37:
>
> You need to read up on SSL.

I know! I've got the RFCs and such now.
>
> Simplifying a bit, as long as:
>
> 1) the bank (or other destination site) has properly implemented its
> pages (doesn't mix http & https, doesn't switch away, etc.), and
> 2) you actually *check* its SSL certificate to make sure it's for
> whomever you're trying to connect to,
>
> you're bombproof.

I really thought this was the case. I'm having a gentle argument in a
virginmedia supprt newsgroup.

>
> Regards,
>
> PS This assumes, of course, that your computer is not infested with
> spyware, Trojans, and the like and that you practice safe computing by
> securing your browser, flushing caches and cookies, etc. or even
> signing off after a secure session. In short, SSL protects
> communications in transit, it doesn't protect against compromise (and
> stupid mistakes) at either end point, especially by a user
> unreflectively clicking on stuff he shouldn't (slightly misspelled
> URLs, etc.).

Well, yes. The number of machines that get trojaned by users clicking
the "yes, please instal malware" buttons isn't re-assuring. :-(

ugh

128k SSL is crackable, with considerable time and effort.

Sebastian G.

ugh wrote:

> 128k SSL


128k? Don't you mean 128 bit?

>


Some illiterates talking about things they don't know and don't understand.

>

That's obviously a 40 bit key, dude!

Anonymous

ugh wrote:

> 128k SSL is crackable, with considerable time and effort.

Please... get your information about cryptanalysis from some source
other than random clueless rubes posting to some Yayhoo forum and/or
learn to read for comprehension.

First of all it's "bits", not "k".

Second of all, if you combined the computing power of every digital
device on the face of the planet and directed that effort toward
cracking a single 128 bit SSL session it would take you significantly
longer than the Earth has existed to crack it, and generate enough heat
to vaporize this corner of the Galaxy in the process.

The mathematics behind that is undeniable. Modern strong encryption is
virtually uncrackable. Period. If any weaknesses exist they're going to
be in the implementation, not the crypto itself.

nemo_outis

"Sebastian G." <> wrote in
news::

> ugh wrote:
>
>> 128k SSL
>
>
> 128k? Don't you mean 128 bit?
>
>>
>> 124032
>
>
> Some illiterates talking about things they don't know and don't
> understand.
>
>>
>
> That's obviously a 40 bit key, dude!
>

Exactly right, Sebastian!

Regards,

Ari

On Sun, 24 Feb 2008 21:52:34 -0500, ugh wrote:

> 128k SSL is crackable, with considerable time and effort.

I should say lol
--
An Explanation Of The Need To Be "Anonymous"

Ertugrul Söylemez

On Sun, 24 Feb 2008 23:13:56 +0100 (CET)
Anonymous <> wrote:

> The mathematics behind that is undeniable. Modern strong encryption is
> virtually uncrackable. Period. If any weaknesses exist they're going
> to be in the implementation, not the crypto itself.

Unfortunately this is very inaccurate. The mathematics are deniable,
because there are no security proofs. There is strong evidence towards
good security, but nothing is proven here. So currently, we can only
assume security, not take it for granted.


Regards,
Ertugrul.


--

bealoid

Ertugrul =?UTF-8?B?U8O2eWxlbWV6?= <> wrote in news:fpu314$9u4$02
$:

> On Sun, 24 Feb 2008 23:13:56 +0100 (CET)
> Anonymous <> wrote:
>
>> The mathematics behind that is undeniable. Modern strong encryption is
>> virtually uncrackable. Period. If any weaknesses exist they're going
>> to be in the implementation, not the crypto itself.
>
> Unfortunately this is very inaccurate. The mathematics are deniable,
> because there are no security proofs. There is strong evidence towards
> good security, but nothing is proven here. So currently, we can only
> assume security, not take it for granted.

I agree, but the evidence is very strong for some versions algorithms, no?

And, until someone does factorisation, cracking an encrypted message is
almost always going to rely on the implementation of the algorithm in
software, the deployment of software on the machine, human weaknesses in
picking good passwords etc.