Slashdot Mirror
Security Skins: Single Sign-On with Images
Appol writes "Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate."
I knew a non-evil use for the goatse image would be found eventually. I might as well use that image, since it is burned into my brain forever anyway. Plus it has the added advantage of punishing shoulder surfers.
I Am My Own Worst Enemy
So we just have to visually confirm that Natalie Portman is hot? That's easy!
Because when a webpage is spoofed, the skin will make it look like the gates of hell, and when it's legit, you see a kitten frolicking in a meadow.
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Graduate School at UC Berkeley : 100,00$ .8 MB file downloaded 100,000 times in the course of twenty minutes, taxing your web server extensively because you set it up there as a PDF, making you look like mildly silly because you're DOING INTERNET RESEARCH : Priceless, except for the bandwidth.
Summer spent researching anti-spyware : 1,000$ after grants
Doing the world a favor : 0$ in debt
Getting publicity for doing the world a favor among those who care : See Below
Having your
That said, it's quite an interesting approach. The notification style for a hash is quite an interesting idea.
My little site.
...whether Passport or some open-source solution. The task of typing some stuff into a form field is not so onerous we need a complicated solution for a non-problem. Most browsers support various ways to locally remember form fields that take care of these problems simply. And this wont stop phishing.
Isn't this a lot like Netcraft's new Anti-Phishing plugin? I'm glad that all these people are finally taking initiative against phishers, even though it's almost definitely due to the heightened media attention that phishing is currently getting.
In practice though, I think the only way this would really work is if it's shipped by default in Firefox. The peoplen that would install this anti-phishing plugin aren't usually the people that would get tricked by phishing scams anyway.
- dshaw
Note: This is all IMO; and yes, I understand that some scams are so realistic that anyone could get caught in their webs.
There are people who are blind what do they do ? Stare at the screen hoping there eye sight comes back?
Not a good over all solution, you need a seperate medium/channel to display such pictures.
Anyone computer-savvy enough to be using firefox, downloading addons, making pet names, and then remembering to check won't be caught by a pisher anyway... Having said that, it would help anyone who has an FNG (friendly neighbourhood geek) to install. Which is pretty likely, this is slashdot.
I've always used the same password, "pa55w0rd", so this part is easy.
Whoops, did I say that out loud? Good thing I didn't mention that my image is a kitten.
Oh shoot...
*what if they're colour blind?*
They'll pick a black and white image?
Pulp Audio Weekly - Geek News and Reviews
SSL certificates are pretty expensive for someone setting up a secure hobby website. You can go the route of FreeSSL, or generate your own, but this gives browser warnings/errors. I'm wondering how much this method would cost if you got it from GeoTrust/Thawte/etc. and what the lifetime of that would be (good for a year, two years, etc.)?
As a side note, after 8 years of tech support, I find users trust what their browsers trust, and as long as people use browsers like IE and just click on email links, nothing will be secure at the users end.
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
Using an SO would be a bad idea; if you ever break up just think about how dumb you would feel if you ever find another significant other (sort of like an online version of the embarassing tattoo). Better to pick a cute puppy or something like that instead.
I Am My Own Worst Enemy
Or even... what if I use Lynx? I have to check the image names?
- Your stupidity got you into this mess, why can't it get you out? -Will Rogers
You must be new here.
That sounds like a good idea. However, it may be like asking the average citizen to spot counterfiet money. And after a few times of being asked to compere images, the user may get annoyed and every time afterward, they will just confirm everything to get done quickly.
Tired of Apathy? http://apathyonline.net
Of course, if you've already written the paper, it takes minimal effort to print/export it to PDF, whereas if you export to HTML you have to do all kinds of double-checking to make sure it's formatted correctly, and probably have to mess with the code some.
Plus, if you really are running that slow a system, it's possible whatever HTML they use *won't* quite be so universal. If you're using an old browser that doesn't render tables quite right or somesuch, the HTML might just be a bigger hassle.
Warning: Apple/Nintendo fangirl. Likes her electronics cute & cuddly. May be rabid.
I skimmed the article, and I noticed the adware section, but it didnt really answer my question: If the secure aspect is the local picture and the local picture needs to be pulled from the local machine by the page then what is to stop an adware program from grabbing that api and using the secure picture on a insecure site?
is that banks and credit issues have lost over 1.2 billion dollars in 2003, according to TFA, yet they are not the ones actively pursuing something that would help protect their users from this sort of fraud. I think it's great that someone is doing something about this issue for the general public.
Worse than goatse... http://slashdot.org/article.pl?sid=00/08/24/182322 5&tid=99&tid=16 -- seriously - what the hell????
I've often thought that a similar thing should exist for md5 hashes and a whole slew of authentication schemes. The actual hash number can be transformed into an "abstract art" image via a combinatorial algorithm. The image could be some overlapping strange-looking lines and shapes, with the exact shapes, colors, and so on all based on the hash. Even a small change in the hash or authentication code would lead to a very big difference in the final image.
So when you download a file, they show you a picture of the expected visual-hash. When the file finishes, you take a quick look at the visual-hash your computer just generated, and see if they match.
Similarly for all secure websites and key exchanges. When you SSH into a server, why not show an image (or ASCII art if you prefer) based on its unique key? I think anti-phishing is just one of many usese for this kind of technology.
Dear valued ebay customer,
You may be aware of a new technology to synch a picture with a web page to ensure it is legitimate, please click this link to download an executable to synch the picture you selected with our server to better provide you with secure transactions.
Anyone that sees this as a phishing scam, doesn't need this technology, Anyone that does need this technology is just as likely to fall for this.
Acutrust http://www.isblanket.com/services/online/acutrust/ is a much better approach to the problem. It uses an encrypted image to prove the site is authentic. The unique thing about this product is that is does not require the user-base to install any special software.
/ faq/
Acutrust FAQ http://www.isblanket.com/services/online/acutrust
I'm with you until this bit:
But what the hell - send them all new ones by e-mail.
If the site changed domain the user would have to re-register, or at least visit the site and provide a new hash, I don't see any way around that.
The other thing, of course, is that this relies on user co-operation to install new software, and also implies complete trust in that software. If you're going to force people to install new software, why not just use personal certificates? You also missed a vulnerability - the hashes given to the webserver include a reasonable amount of known (and specified) plain text. This makes an attack of the hash algorithm much easier. Given the value of discovering the master password (it will unlock the users entire online life, including banks etc) it's not hard to imagine people committing serious resources to breaking the hashes.
All of this reminds me of Schneier's Law:
"any person can invent a security system so clever that she or he can't think of how to break it."
I'm not saying I can think of a way of breaking it, but personally I'd go with something well tested in the real world.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Yes you have hit all the major faults right on the head. However let's see if i can point out why they aren't so bad
:P) and this could be taken into account by keeping both domains/uri's live long enough for users to transfer their account across somehow. Maybe indicating a move and asking the user to accept it, in which case it simply uses the old and new domain string sequentially to accomplish the changeover. Obviously this could be exploited and leads to a new form of phishing - but would be rare - Probably the biggest problem :(
Change of uri/domain -
A fairly uncommon event for most well established websites (obviously not torrent sites
Installation of new software -
* Using extensions or bookmarklet like buttons (that keep javascript out of the scope of other scripts in the webpage) which are now pretty commonplace and native to browsers.
* You can even use javascript within the website html itself, although much more risky, it can viewed by the user in the page source and cheating webmasters risk exposure. This is no different from dodgy webmasters not chosing to store passwords as hashes automatically now.
* Some kind of signed javascript (.jar file) which can't be tampered with (don't know how feasible that is) which verifies that the script in use is from a source that everyone knows about, is open source, and has been checked for bugs by a large number of people.
Hash weakness -
I have no idea how much weaker a hash with a known constant, for example in MD5, is. Is xxxxxxxCCCCC where CCCCC is a known string as difficult to break as xxxxxxx alone (which would be ideal)? It is an issue given that webmasters could have access to thousands of hashes with the same string constant. But then again now they have your password in plaintext while being processed.
Do the benefits outway the risks of this idea though?
* The webmasters task of stealing plaintext passwords directly is made much much more difficult.
* Having to crack hashes with a constant string in them might not provide much advantage over hashes without..i would guess it depends on the hashing algorithm - i'm obviously no expert.
* Websites without HTTPS still benefit because passwords aren't sent across the wire (talking authentication here not content privacy remember) in the clear.
I love that Schneier quote, anything devised is always going to be exploitable somewhere by somebody much smarter than yourself. I have no delusions that it will be perfect but I think it moves some of the risks about and might be interesting to try out.