[nSLUG] Netscape

Stephen Gregory nslug at kernelpanic.ca
Mon Jan 19 14:03:56 AST 2009


Richard Bonner wrote:
> 
> ***   Chebucto's shell server is https compliant; would it not have 
> to have security in place in order to be so?

Not really. HTTPS/SSL protects the data sent between two computers. It
does nothing to protect endpoints. There are many hardware and software
pieces between your keyboard and when the data is encrypted. Any one of
those pieces could be subverted. The data is not encrypted until just
before it is sent out the the remote site. It is decrypted almost as
soon as it arrives from the network.

Encryption often looks easy but it is actually a hard problem. Using the
algorithms is trivial. Using the algorithms correctly and securely is
considerably harder[1]. There are many little pieces that need to be in
place to ensure that the data is actually secure. Far too often
encryption is seen as magic added to make data secure. Encryption is
just a little piece of the security puzzle. HTTPS handles the
encryption, and some of the extra little pieces, but that is all.


>     As for their volunteers, none are far enough up in the organisation 
> that they would have access to personal accounts.

According to the about page all of the Chebucto staff are volunteers.
This includes the system administrator who has access to everything.
Regardless a minimally trusted volunteer would not need access to
personal accounts. They would only need access to the system. There are
many ways that a volunteer could gain that access. It is affectively
impossible to keep a malicious volunteer out. Once the minimal amount of
trust is gained to become a volunteer an attacker would have all the
time required to slowly gain any access wanted to subvert the system.

This is hardly unique to Chebucto. All organizations have this problem.
At least if it is a person at the bank then the bank is liable for the
fraud. A malicious worker at an ISP is going to have a harder time as
the traffic seen by the ISP is already encrypted.

Security is all about trade offs. By using Chebucto to access your bank
you reduce some of the risks, but you gain other risks. When using a
Chebucto shell account (or a computer in a library, coffee shop,
neighbour's house, etc.) you must trust the integrity of that system.
You must trust the system administrators. You must trust the casual
office staff.


> ***   How might I get such a virus? It can't come down the shell 
> server pipe unless I manually download and run an infected executable.

I naively assumed that you only used Chebucto for banking and similar.
If you use the Chebucto shell account for all of your Internet needs and
never connect your computer any other way to the Internet, then you need
not worry (or worry less). Only targeted malware could effectively
export any data from your computer.


I am not looking to scare people. I use my Ubuntu Linux system to access
my bank accounts online using Firefox. I believe it is secure enough. My
job is to improve computer system security. I am passionate about these
types of problems because there is a lot more to consider then the
common problems of software bugs and viruses. Computer security problems
are often solved with a locked door, a security camera, and better pay
for staff.

-- 
sg




More information about the nSLUG mailing list