RE: Security flaw found in Microsoft Web browser

[InfoSec News <isn () c4i org>]

Forwarded from: Jason Coombs <jasonc () science org>

The only reason worms haven't incorporated DNS poisoning techniques
yet is that their programmers weren't looking to be MITM.

The AlterNIC attack didn't rely on a worm, but it DID accomplish
possibly the largest known DNS hijacking attack to date -- allowing
automatic redirection of visitors attempting to reach the authentic
InterNIC servers. The AlterNIC wasn't attempting to be a MITM, either,
but easily could have, and on a large scale.

Before anyone dismisses the MITM as an insignificant threat they need
to provide proof that the Web sites they've visited in the past were
served to them from the authentic servers and routed to them by way of
trustworthy routers without the "help" of an unauthorized MITM: a
malicious router that hat hijacked a route, a malicious proxy server
that had hijacked DNS, or an authentic router or server that was
compromised.

Particularly now that it has been discovered that SSL NEVER WORKED for
server identity authentication under Microsoft Windows, NOBODY can
provide that proof about past network security.

The chances are so high as to be nearly 100% certain that SOMEBODY,
SOMEWHERE, has already been impacted by a MITM attack and they didn't
know it then and they don't know it now. A successful MITM attack
leaves no trace and gives the end user no reason to think they've been
compromised.

Can YOU prove that your past use of Internet Explorer wasn't
compromised by a MITM?

Sincerely,

Jason Coombs
jasonc () science org


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org]
On Behalf Of InfoSec News
Sent: Thursday, August 15, 2002 1:13 AM
To: isn () attrition org
Subject: Re: [ISN] Security flaw found in Microsoft Web browser


Forwarded from: Mark Hahn <MHahn () TCBTech com>

At 05:34 AM 8/14/2002, InfoSec News wrote:

> The eminent Mr Schneier must have been misquoted. What this permits
> is an MITM attack, the most obscure and unlikely of the scenarios.
> Passive listening is presumably unaffected, by orders of magnitude a
> greater danger.  I.e., say Yes to Mallory, say No to Eve.
>
> MICROSOFT DOWNPLAYS REPORT
>
> Not that anyone will believe them, but in this case, it is indeed
> appropriate to assure that MITM attacks are hard. This doesn't mean
> that they shouldn't fix the bug, but this flaw is more embarressing
> than devastating;  the fact that it took so long to find also points
> out the relative lack of popularity that Mallory has in the real
> world.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.