As you say, U2F is extremely secure, including against ordinary MITM attacks, but it is not air-tight.
The main case it does not protect against is if this is malware on the user's machine, tampering with their web pages after U2F has made the login. If you are worried about that case, maybe get a chromebook (which works with U2F).
The liFIDO / U2F systems (aka the little usb/wireless tokens) were not compromised by this attack! Yay technical security advance!
We really could use less all-over-the-map branding for U2F.. is called FIDO, FIDO2, Atlas? In fact many times it's called "Yubikey" which is pretty wrong.
What's great about U2F is that the user can be directed to the phishing, site and click the login button on the token and.. nothing bad happens. The system does not depend on the user for vigilance.
One big problem with 2FA is that they can phished. U2F is the neat solution in this space (I'm not not affiliated with them, just impressed with it). It's a little hardware key that...
-not fooled by phishing -each site just gets a big random number at registration, so no user tracking from U2F -integrates SSL to resist MITM -it's a free standard and the devices are cheap -Chrome supports it, Firefox is now in beta. Microsoft has made noises about support. Apple is.... Apple is a no-show thus far.
Just to clarify, the problem here is the phone number linked SMS, which customer-service can be badgered into changing. 2FA that stores the secret on the phone are not susceptible to this, with Google Authenticator/TOTP being the most prominent example.
When you upgrade your phone, it all switches around: SMS 2FA convenient just keeps working since it goes with the number, but TOTP is now kind of a pain since you have to set it up again.
If you really want it locked down, U2F (2FA device standard) is the way to go. Currently only supported by technically leading sites: google, facebook, github, but jeez it's such a huge improvement over passwords or password managers.
One neat side effect of U2F is that with it in place, the password can be super simple, since with U2F the password is not very important.
See the U2F FAQ: https://medium.com/@nparlante/...
"Chip-and-pin is no more secure than magswipes, it contains the same data"
Just a point of fact: the above is 100% false. The EMV transaction includes some info, but less than the full magstripe, so it cannot be used to make a "Target" style fake magstripe card. This is why all the Target style breaches have been in the pre-EMV USA.
1. For the "card present" case, like swiping or using your Google Wallet or Apple Pay in person, the BANK pays for the fraud (so long as the merchant has the right equipment, saves the signatures etc. etc... not hard).
2. For the "card not present" case, like I go to the merchant web site, type in my number etc. etc.. If there's fraud in that case, the MERCHANT eats the cost.
What this tells you is that for card-present case, the banks have a pretty good tech stack, so they are not super worried, and they lose very little money (i.e. they are able to decline the bad purchases before they go through). The card not present, case is much more iffy, and the banks shift the costs onto the merchant, and the merchant can make up their own policies about which transactions are worth the risk.
Ah, thanks. From a quick read of the doc, it is focused on the MITM case. My read of the quote below is that the MITB case is, in fact, not solved. +1 for being honest and transparent. Still, it's progress for one common class of attacks (like say your government feeding you a fake gmail page). It would probably be better in their docs if they used the "MITB" terminology (hey, it has its own wikipedia page!) to be super clear about what is and is not solved. Ultimately, the MITB solution dongle will probably need a little display on it, as outlined above.
9. Client Malware Interactions with U2F Devices
As long as U2F devices can be accessed directly from user space on the client OS, it is possible for malware to create a keypair using a fake origin and exercise the U2F device. The U2F device will not be able to distinguish 'good' client software from 'bad' client software. On a similar note, it is possible for malware to relay requests from Client machine #1 to a U2F device attached to client machine #2 if the malware is running on both machines. This is conceptually no different from a shared communication channel between the Client machine (in this case #1) and the U2F device (which happens to be on machine #2). It is not in scope to protect against this situation.
Protection against malware becomes more possible if the U2F client is built into the OS system layer as opposed to running in user space. The OS can obtain exclusive access to U2F devices and enforce methods to ensure origin matches.
Well I watched some low-content video, and it mentions the MITM case (I called it MITB, but whatever). However, there was zero actual information.
I guess one way it could work is that the key and google.com have a shared secret, and this is used to bring up a channel between google and the key, and that channel can be secure even if the bad guy controls the browser. But then how is the browser UI resistant against the MITB attack, since obviously the browser is running outside of the key, and outside the keygoogle secure channel. I'm quite curious what they've done there.
Hey Google -- let's have the reassuring video for the normals. But put in 10 more hours to publish the 2 page whitepaper on how this thing actually works against MITB the slashdot/hackernews folks please.
It's great the Google is trying to advance this. The attack to worry about is "Man In the Browser" MITB http://en.wikipedia.org/wiki/M...
MITB is the difficult case, and the way that bank accounts get emptied. The bad guy has malware on the victim computer, and the malware puts up web pages, and of course it can just lie about the url bar. So then the bad guy puts up the fake bank web site, and the victim type in the 2-factor code or whatever, and now the bad guy has it. Obviously Google knows about the MITB case. Does this thing have some sort of MITB mitigation? I'm guessing it does something. Hey Google, what do you say?
The classical solution to MITB is that the little key has its own display, so it can show "Confirm transfer $4500 to account 3456" - showing the correct info to the "victim" even if their laptop is compromised. Basically, keeping the usb key itself from getting malware is feasible, while keeping the laptop or whatever clean is not.
Check out the circuit-gear units. The new "mini" is just $99
http://www.syscompdesign.com/C...
I have the previous generation unit. I've enjoyed it for just hacking around, and it's great for demos, since the computer it's hooked up to can be projected.
The GUI software for it is open-source, so that's neat.
And don't get wrapped around the axle on the cost-benefit for the other party.
Your life will be more pleasant by not being an asshole. Often you will need to do things that benefit someone else... but really you benefit in the end, just in your own psyche.
Are you kidding? Persona solves a whole raft of super common problems
-Say for example kittens.com site you post on is hacked. With Persona the bad guys don't get anything. There is no password stored on kittens.com. It's more akin to certs. That alone will eliminate a whole class of internet disasters that we read about every week on slashdot.
-I don't want to make up yet another stupid username/password recovery question for every site. Now I can just use one of the Persona identities I already have, and I'm done. I also trust Mozilla or Google a lot more to be on top of security than kittens.com
-Unlike, say, facebook connect, this is a federated standard, not dependent on any org. You can run your own identity-provider if you like, not that most people would care to.
Ok repeating myself, but the open, standard, non-one-corp-controlling-it-all solution is Mozilla Persona http://www.persona.org/ -- it's in like alpha state now, should ship for real this year.
You heard it here first!
Note that addition to using a new numbering scheme, each critical Java security update attempts to install the Ask.com toolbar, even if upon the initial install you unchecked the Ask.com checkbox. The latest browser versions include measures to foil the attempted install of the Ask.com, so tech-savvy people tend to be unaware of how bad and intrusive the toolbar is. It mucks up all search results with complete garbage. (details here)
So basically the tech naive types get this thing installed and it thoroughly messes up their internet experience, but they are not sure how it happened... thanks Oracle! I cannot think of a better way of getting nobody to use Java.
I would like Java to thrive and compete with other languages, so I'm trying to make sure Oracle to get all the bad press it deserves for this abusive practice. Heh, every time there's a Java story, I try to post a reminder for people to be super careful when applying Java updates. Posting this warning repeatedly I think means I've satisfied one of the three tests for becoming a certified Internet Crazy Person. I just need to figure out what the other two are and I'm all set!
Suppose that when you first run the java installer, it asks you if you wan to install the ask.com toolbar, naturally you select No Ask.com Malware button, and everything installs nicely. Now later on, for each security update that comes along, there's a nice Install Important Update button.. and what do you suppose that does? It installs the Ask.com toolbar! I know Oracle is supposed to be aggressive with their practices, but I cannot believe they abuse security updates this way to get a few pennies out of Ask.com which is basically a search-result-spam engine.
The reason you have not heard about this more, is that Macs and Firefox/Chrome (not sure about IE) resist the Ask.com installer, so you just don't see it, but the crappy Oracle behavior is in fact going on each time. The result is that naive users are getting this toxic thing installed and it really messes up their whole internet experience.
Hey Oracle: you're pissing away tons of Java goodwill in exchange for pennies form the Ask.com spammers. Who on the heck thought that was a good trade? Like what techie who learns of this behavior is ever going to install Java anywhere? Aren't you trying to make JavaFX into a real client thing?
Warning: the Java installer will install the ask.com toolbar if you click the "yes, please just install my security update" button, even for the original install you declined the toolbar -- really an obnoxious abuse of updates. Here is a
very interesting analysis of the whole back and forth between the ask.com installer and the browsers trying to keep junk out.
Interesting tidbit: apparently the ask.com installer sleeps for 10 minutes, so if you try to "remove" right afterwards, it's not there yet.
This is on Windows, not sure across all platforms.
Oracle taking this little tiny income stream from ask.com in exchange for screwing over tons of users and admins seems like a big mistake by Oracle, and would just sort of bug me if I were an engineer at Oracle spending all this time trying to make Java better.
The next time your are fixing some relative's or co-worker's machine.. think about if maybe everyone would be better off if they had a chromebook.
The point of these things is that, if you just limit things to the web, you can make a very secure, reliable, no-brainer type machine.
It can't do everything, but jeez, it sure can do a lot of what most regular people use their computers for, and that's just going to become more with HTML5 et al. Or a business could hand them out for employees who need some web app to do their jobs. You just have your login to the app (google hosted, or somebody else.. it all works), and if they break the machine, you just hand them another one. Data is cached on the device, but the real data is the cloud. The software on the device is designed deeply to be very secure (easier since it does so much less) so it should be much less vulnerable to "infection" the way a more general computers are.
Android and iOS are trying to not be vulnerable to malware, but it's so much harder when stuff can get installed. The chromebook does not have a native software "install".. it's just the web, so it's a lot easier to nail down right.
The free Stanford CS101 intro-to-computers class is going to start April 23rd, so that's worth a shot:
http://cs101-class.org/
It introduces programming with code and everything, but it's easier than a full programming course. It's a way to get started, warming up to a full programming course later on. Some people can read a book and poke around themselves. However for many having videos/lecture notes/assignments all geared together is an easier way to get started.
Disclaimer: I'm teaching this class!
For live practice problems check out http://codingbat.com/
There's book-learning of programming, but then you also really need practice, and that's what codingbat is about.
Disclaimer: my site, but hey, it's free.
As I a little project I've built out the site http://javabat.com/... it's about having lots of little online problems for code practice. arc
Big architectural ideas are important, but javabat just helps you build the basic but critical loop/logic/array/string skills. There's also a big section on recursion.
Slashdot Mirror
I was too glib and you are correct.
As you say, U2F is extremely secure, including against ordinary MITM attacks, but it is not air-tight.
The main case it does not protect against is if this is malware on the user's machine, tampering with their web pages after U2F has made the login. If you are worried about that case, maybe get a chromebook (which works with U2F).
The liFIDO / U2F systems (aka the little usb/wireless tokens) were not compromised by this attack! Yay technical security advance!
We really could use less all-over-the-map branding for U2F .. is called FIDO, FIDO2, Atlas? In fact many times it's called "Yubikey" which is pretty wrong.
What's great about U2F is that the user can be directed to the phishing, site and click the login button on the token and .. nothing bad happens. The system does not depend on the user for vigilance.
One big problem with 2FA is that they can phished. U2F is the neat solution in this space (I'm not not affiliated with them, just impressed with it). It's a little hardware key that...
-not fooled by phishing .... Apple is a no-show thus far.
-each site just gets a big random number at registration, so no user tracking from U2F
-integrates SSL to resist MITM
-it's a free standard and the devices are cheap
-Chrome supports it, Firefox is now in beta. Microsoft has made noises about support.
Apple is
U2F https://en.wikipedia.org/wiki/...
FAQ: https://medium.com/@nparlante/...
Just to clarify, the problem here is the phone number linked SMS, which customer-service can be badgered into changing. 2FA that stores the secret on the phone are not susceptible to this, with Google Authenticator/TOTP being the most prominent example.
When you upgrade your phone, it all switches around: SMS 2FA convenient just keeps working since it goes with the number, but TOTP is now kind of a pain since you have to set it up again.
The U2F standard gets my vote as the nifty solution to this password madness. I wrote a U2F FAQ: https://medium.com/@nparlante/...
If you really want it locked down, U2F (2FA device standard) is the way to go. Currently only supported by technically leading sites: google, facebook, github, but jeez it's such a huge improvement over passwords or password managers. One neat side effect of U2F is that with it in place, the password can be super simple, since with U2F the password is not very important. See the U2F FAQ: https://medium.com/@nparlante/...
Just a point of fact: the above is 100% false. The EMV transaction includes some info, but less than the full magstripe, so it cannot be used to make a "Target" style fake magstripe card. This is why all the Target style breaches have been in the pre-EMV USA.
1. For the "card present" case, like swiping or using your Google Wallet or Apple Pay in person, the BANK pays for the fraud (so long as the merchant has the right equipment, saves the signatures etc. etc. .. not hard).
2. For the "card not present" case, like I go to the merchant web site, type in my number etc. etc.. If there's fraud in that case, the MERCHANT eats the cost.
What this tells you is that for card-present case, the banks have a pretty good tech stack, so they are not super worried, and they lose very little money (i.e. they are able to decline the bad purchases before they go through). The card not present, case is much more iffy, and the banks shift the costs onto the merchant, and the merchant can make up their own policies about which transactions are worth the risk.
Well I watched some low-content video, and it mentions the MITM case (I called it MITB, but whatever). However, there was zero actual information. I guess one way it could work is that the key and google.com have a shared secret, and this is used to bring up a channel between google and the key, and that channel can be secure even if the bad guy controls the browser. But then how is the browser UI resistant against the MITB attack, since obviously the browser is running outside of the key, and outside the keygoogle secure channel. I'm quite curious what they've done there. Hey Google -- let's have the reassuring video for the normals. But put in 10 more hours to publish the 2 page whitepaper on how this thing actually works against MITB the slashdot/hackernews folks please.
MITB is the difficult case, and the way that bank accounts get emptied. The bad guy has malware on the victim computer, and the malware puts up web pages, and of course it can just lie about the url bar. So then the bad guy puts up the fake bank web site, and the victim type in the 2-factor code or whatever, and now the bad guy has it. Obviously Google knows about the MITB case. Does this thing have some sort of MITB mitigation? I'm guessing it does something. Hey Google, what do you say?
The classical solution to MITB is that the little key has its own display, so it can show "Confirm transfer $4500 to account 3456" - showing the correct info to the "victim" even if their laptop is compromised. Basically, keeping the usb key itself from getting malware is feasible, while keeping the laptop or whatever clean is not.
Check out the circuit-gear units. The new "mini" is just $99 http://www.syscompdesign.com/C... I have the previous generation unit. I've enjoyed it for just hacking around, and it's great for demos, since the computer it's hooked up to can be projected. The GUI software for it is open-source, so that's neat.
And don't get wrapped around the axle on the cost-benefit for the other party. Your life will be more pleasant by not being an asshole. Often you will need to do things that benefit someone else ... but really you benefit in the end, just in your own psyche.
Ok repeating myself, but the open, standard, non-one-corp-controlling-it-all solution is Mozilla Persona http://www.persona.org/ -- it's in like alpha state now, should ship for real this year. You heard it here first!
Mozilla Persona http://www.persona.org/ is the new best one -- not tied to any corp, but without the usability problems of openid
So basically the tech naive types get this thing installed and it thoroughly messes up their internet experience, but they are not sure how it happened... thanks Oracle! I cannot think of a better way of getting nobody to use Java.
I would like Java to thrive and compete with other languages, so I'm trying to make sure Oracle to get all the bad press it deserves for this abusive practice. Heh, every time there's a Java story, I try to post a reminder for people to be super careful when applying Java updates. Posting this warning repeatedly I think means I've satisfied one of the three tests for becoming a certified Internet Crazy Person. I just need to figure out what the other two are and I'm all set!
The reason you have not heard about this more, is that Macs and Firefox/Chrome (not sure about IE) resist the Ask.com installer, so you just don't see it, but the crappy Oracle behavior is in fact going on each time. The result is that naive users are getting this toxic thing installed and it really messes up their whole internet experience.
Hey Oracle: you're pissing away tons of Java goodwill in exchange for pennies form the Ask.com spammers. Who on the heck thought that was a good trade? Like what techie who learns of this behavior is ever going to install Java anywhere? Aren't you trying to make JavaFX into a real client thing?
See http://www.zdnet.com/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates-7000010038/ for lots of details on how the Ask.com installer tries to trick the users and hide itself. It's kind of interesting arms race between the spamming toolbar and the browser vendors.
Warning: the Java installer will install the ask.com toolbar if you click the "yes, please just install my security update" button, even for the original install you declined the toolbar -- really an obnoxious abuse of updates. Here is a very interesting analysis of the whole back and forth between the ask.com installer and the browsers trying to keep junk out. Interesting tidbit: apparently the ask.com installer sleeps for 10 minutes, so if you try to "remove" right afterwards, it's not there yet. This is on Windows, not sure across all platforms. Oracle taking this little tiny income stream from ask.com in exchange for screwing over tons of users and admins seems like a big mistake by Oracle, and would just sort of bug me if I were an engineer at Oracle spending all this time trying to make Java better.
Try "baby picture fun" ... Super simple, free, no ads. Will entertain for a couple minutes.
The next time your are fixing some relative's or co-worker's machine .. think about if maybe everyone would be better off if they had a chromebook.
The point of these things is that, if you just limit things to the web, you can make a very secure, reliable, no-brainer type machine.
It can't do everything, but jeez, it sure can do a lot of what most regular people use their computers for, and that's just going to become more with HTML5 et al. Or a business could hand them out for employees who need some web app to do their jobs. You just have your login to the app (google hosted, or somebody else .. it all works), and if they break the machine, you just hand them another one. Data is cached on the device, but the real data is the cloud. The software on the device is designed deeply to be very secure (easier since it does so much less) so it should be much less vulnerable to "infection" the way a more general computers are.
Android and iOS are trying to not be vulnerable to malware, but it's so much harder when stuff can get installed. The chromebook does not have a native software "install" .. it's just the web, so it's a lot easier to nail down right.
The free Stanford CS101 intro-to-computers class is going to start April 23rd, so that's worth a shot: http://cs101-class.org/ It introduces programming with code and everything, but it's easier than a full programming course. It's a way to get started, warming up to a full programming course later on. Some people can read a book and poke around themselves. However for many having videos/lecture notes/assignments all geared together is an easier way to get started. Disclaimer: I'm teaching this class!
For little live code practice problems in python and java there's http://codingbat.com/
There's Google's complete free python class at http://code.google.com/edu/languages/google-python-class/
For a huge library of cs assignments, try the nifty assignments archive at http://nifty.stanford.edu/
For live practice problems check out http://codingbat.com/ There's book-learning of programming, but then you also really need practice, and that's what codingbat is about. Disclaimer: my site, but hey, it's free.
http://codingbat.com/ -- free little online coding puzzles, just click and go (python and java)
http://code.google.com/edu/languages/google-python-class/ -- a complete basic python class, complete with pretty neat coding problems ready to go
http://nifty.stanford.edu/ -- tons of fun, medium sized coding projects
Disclaimer -- I had a part in creating all of these.
As I a little project I've built out the site http://javabat.com/ ... it's about having lots of little online problems for code practice. arc
Big architectural ideas are important, but javabat just helps you build the basic but critical loop/logic/array/string skills. There's also a big section on recursion.