[liberationtech] Firesheep: Making the Complicated Trivial

Chris Palmer chris at eff.org
Fri Oct 29 11:50:05 PDT 2010 

On 10/27/2010 02:03 PM, Uncle "The Dod" Zzzen wrote:

> There's no guarantee, but (if I understand correctly) it will be cheaper
> to snoop on *some* of your traffic if you *don't* use tcpcrypt.

Even active man-in-the-middle attacks are cheap and easy enough to be
funny pranks:

http://www.ex-parrot.com/pete/upside-down-ternet.html

and serious enough to make the nice people at PayPal security angry:

http://www.thoughtcrime.org/software/sslstrip/

And there's this trusty tool, too:

http://www.oxid.it/cain.html

Active network attacks are so close to being as cheap as passive network
attacks --- it doesn't get much cheaper than gratis and open source
tools --- that I don't see much point in spending resources trying to
defend against only one of the two classes of attack. I think this
especially since mechanisms that defends against these and other attacks
(HTTPS and SSH) are already developed, deployed, effective, widely
supported, and affordable.

The HTTPS performance slide deck I posted earlier also shows an example
of active MITM used as a sustainable, above-board business model.

I'm not saying that in the heat of battle you shouldn't throw whatever
cruft you can at the problem (as long as it's cheap).

I'm saying that as security engineers planning new projects we should
take a deep breath, figure out what the true problems are, and develop
systems that actually address the problems. Investigation shows that
although we have nice mechanisms for defense against (some) relevant
threat models already, our systems tend to have poor usability (not just
for users, but also deployers and even developers). The usability
problems hamper people's ability to actually achieve the most that our
mechanisms can accomplish, so we should focus our efforts on improving
usability.

I'd rather we spent our time improving the usability of HTTPS than on
developing a mechanisms which completely punts on usability while also
not providing end-to-end security.

http://docs.google.com/present/view?id=df9sn445_206ff3kn9gs


-- 
Chris Palmer
Technology Manager, Electronic Frontier Foundation

More information about the liberationtech mailing list