Cybersecurity Project: Difference between revisions

From Cyberlaw: Difficult Issues Winter 2010
Jump to navigation Jump to search
No edit summary
Line 25: Line 25:
SafeWord begins with a simple proposition: online passwords should be strong and different for different sites, and your browser should help you acheie that goal. Studies continue to show that most users use very simple passwords; see, for instance, [http://www.nytimes.com/2010/01/21/technology/21password.html this] ''New York Times'' that gets right to the point. "If your password is 123456," reads the headline, "just make it HackMe." Moreover, most users also fall into the "dirty habit" of using the same password across multiple online accounts, which can lead to a disaster if only one of the accounts is able to be compromised. An extremely detailed analysis of a 2009 attack that compromised many online accounts of Twitter employees is [http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/ here], but here's a fairly scary summary of what can happen if users use the same password at multiple important sites:
SafeWord begins with a simple proposition: online passwords should be strong and different for different sites, and your browser should help you acheie that goal. Studies continue to show that most users use very simple passwords; see, for instance, [http://www.nytimes.com/2010/01/21/technology/21password.html this] ''New York Times'' that gets right to the point. "If your password is 123456," reads the headline, "just make it HackMe." Moreover, most users also fall into the "dirty habit" of using the same password across multiple online accounts, which can lead to a disaster if only one of the accounts is able to be compromised. An extremely detailed analysis of a 2009 attack that compromised many online accounts of Twitter employees is [http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/ here], but here's a fairly scary summary of what can happen if users use the same password at multiple important sites:


  1. HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
# HC [the hacker's alias] accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
  2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
# HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
  3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
# HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
  4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
# HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
  5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
# HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
  6. Even at this point, Twitter had absolutely no idea they had been compromised.
# Even at this point, Twitter had absolutely no idea they had been compromised.

Revision as of 21:02, 28 January 2010

Saying that cybersecurity is a "difficult problem" is like saying that reversing global warming is a difficult problem: it's true, but it doesn't quite capture how devilishly complicated and multifaceted the problems really are. There's no single reason why creating a more secure global network is so difficult; it in part has to do with the radically-distributed architecture of the Net, in part with some deep flaws computer software, and in part just from its sheer size and importance to our daily lives. (For more on this, see the nice Cybersecurity backgrounder.)

So we came in not with the goal of providing a magical elixir that would make all credit card transactions magically secure and make it impossible for hackers to compromise Gmail's security. Instead, we wanted to offer suggestions with minimal implementation headaches and maximal benefit to users, from novices to experts. This page has a short video overview of the ideas, explains some of the details of our proposal, and even has an alpha-release Firefox plugin that you can download and try out (thanks to Elance for this, by the way).

Overview

We discussed this topic at length in an in-class presentation on January 19. This 9-minute video summarizes and extends the presentation we gave that day.

Specific Proposals

Public Service Announcement

We created a Public Service Announcement for generating public awareness for the cybersecurity problem, and showed in class on January 19. It's online here but is password-protected. Please email us if you were in the class and would like the password. In sum, we don't think a direct public awareness campaign will be very effective. We want to nudge users and change their behavior by changing the way browsers and websites work, not by scolding people.

SafeWord

What is SafeWord?

SafeWord is a real, working FireFox plugin designed to nudge users into keeping safer and more unique passwords, though it's too unstable and unrefined to be considered anything buy alpha software. It's available for download here. To install, save that file to your disk, select File --> Open in Firefox 3.5 or above, and install it. You will need to restart Firefox before it takes effect. Thanks to Elance for helping with the coding on very short notice.

We have created a video demonstration of one of the key features of SafeWord here.

What Are The Goals of SafeWord?

SafeWord begins with a simple proposition: online passwords should be strong and different for different sites, and your browser should help you acheie that goal. Studies continue to show that most users use very simple passwords; see, for instance, this New York Times that gets right to the point. "If your password is 123456," reads the headline, "just make it HackMe." Moreover, most users also fall into the "dirty habit" of using the same password across multiple online accounts, which can lead to a disaster if only one of the accounts is able to be compromised. An extremely detailed analysis of a 2009 attack that compromised many online accounts of Twitter employees is here, but here's a fairly scary summary of what can happen if users use the same password at multiple important sites:

  1. HC [the hacker's alias] accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
  2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
  3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
  4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
  5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
  6. Even at this point, Twitter had absolutely no idea they had been compromised.