Firefox Plug-in Warns of Compromised Internet Connection

Status
Not open for further replies.

geoffs

Distinguished
Oct 24, 2007
103
0
18,630
0
Good idea, in theory. My questions are about the implementation.

Are the "notaries" vetted or certified in some manner? If not, what is to stop the attackers from creating thousands of fake notaries using a bot-net and zombies that they control?

Are the "notaries" accessed using DNS? If so, then if the attackers can poison your DNS, they can direct you to a "notary" they control and again, you gain nothing.

If they've addressed those issues, then this could be a very useful approach. Not perfect, but security never is. Good security uses layers of security, such that an attacker must compromise multiple independent systems and/or layers to mount a successful attack. This could be one more layer.
 

geoffs

Distinguished
Oct 24, 2007
103
0
18,630
0
[citation][nom]geoffs[/nom]Are the "notaries" vetted or certified in some manner?[/citation]

I just found the answers to my questions on the Perspectives site at www.cs.cmu.edu They do have a vetting process for notaries, currently they're all at CMU, but they're looking to expand. They don't rely upon DNS, they have a notaries file that uses IP address and a public key.

An attacker could still compromise it by capturing traffic to/from the list of notaries, by changing the notaries file, or similar approaches, but those are much more difficult attacks to apply remotely. And if they can do that, they could simply install a key logger and get the same info.
 

gm0n3y

Distinguished
Mar 13, 2006
1,549
0
19,730
0
The problem I see is that this is just a way to make companies pay to use the notary service. Its bad enough that they have to pay to register their SSL certificates (even though that accomplishes nothing other than making a browser happy), now they'll have to pay for this notary service too? For small companies (my company has about 15 employees and runs 5 websites that use SSL), the thousands of $ a year that this costs is a major pain.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
R Streaming Video & TVs 0
W Streaming Video & TVs 0
P Streaming Video & TVs 1
Alex Cranz Streaming Video & TVs 1
G Streaming Video & TVs 0
G Streaming Video & TVs 0
G Streaming Video & TVs 14
G Streaming Video & TVs 0
G Streaming Video & TVs 1
G Streaming Video & TVs 6
G Streaming Video & TVs 0
JMcEntegart Streaming Video & TVs 8
exfileme Streaming Video & TVs 8
exfileme Streaming Video & TVs 4
exfileme Streaming Video & TVs 18
Z Streaming Video & TVs 6
Z Streaming Video & TVs 2
Z Streaming Video & TVs 16
exfileme Streaming Video & TVs 6
Z Streaming Video & TVs 35

ASK THE COMMUNITY