Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: BJ Terry <email@hidden>
- Date: Mon, 29 Mar 2004 10:53:18 -0800
On Mar 29, 2004, at 4:43 AM, John C. Welch wrote:
How about a javascript that started ALL the default, apple-shipped
applications...not just in /Applications...but Classic Startup,
etc..that
would pretty much be a DOS attack.
Agreed, that would be a DOS attack. Luckily, attacks like that are
merely annoying during my home browsing, and virtually unsolvable, as
someone could DOS me simply by knowing my IP address.
Security through obscurity refers specifically to cryptographic
algorithms. If something is acting as a password, as it is in this
case, then it isn't subject to the same rules that a cryptographic
algorithm is. Security through obscurity doesn't work with algorithms
because one can break them by reverse engineering the executable, or
using statistical analysis techniques on the output of the algorithm.
Gee...because on all the security seminars I've attended, that's called
"cryptography", and security through obscurity refers to the computer
version of hiding the keys to the house under to the front doormat.
Security through obscurity can refer to either hiding known holes in
your system, or using algorithms which aren't proven secure, but are
unknown to most people. Security through obscurity isn't a valid attack
on a password type system. In the seminar I attended most recently on
cryptography, it was used in the sense I referred to, an algorithm
which wasn't proven cryptographically was used by private vendors as an
ad hoc solution, and was quickly broken. Example: DeCSS.
My password/protocol name is secure because I'm the only person who
knows it. If I changed my protocol name to JHKSFkdalDS3129, no one
would ever, ever, ever, ever, ever be able to guess it. Nor would they
be able to attack it with brute force. Why? Because I don't leave my
web browser pointed at websites barraging it with attempts to link to
various URLs like a:/Applications/iCal, b:/Applications/iCal. They
only
way a hacker could ever find out my protocol name is to either hack
into my system, reading my preferences, or to physically sit at my
computer and check it. I'm not worried about either of those
situations.
For everyone like you, there's going to be someone who leaves it to the
defaults. Should they be punished for not changing a protocol name? If
that's security, then there's nothing wrong with Windows XP shipping
with a
dozen ports open, because the USER should know to turn them all off.
Again,
there are some VERY simple things that can be done within missing link
to
make it FAR more secure by default than it is now. Requiring the USER
to
make up for a lack of security thought is as unacceptable on the Mac
as it
is on windows.
I agree that it doesn't make it secure, but it does make it securable.
That part you seem to ignore in your posts.
Because it doesn't make you IMMUNE. It makes you a tad harder to find.
And, quite honestly, if someone wanted to bad enough, there's an
EXTREMELY
simple way to suss out the protol name you DO use...
Two words:
Packet Sniffer
This isn't really a possibility, as I would have to be accessing my
pages from another source on my network. In reality, Missing Link is
used on your local machine, and no amount of packet sniffing can find
it. That method is not EXTREMELY simple, nor is it foolproof. In the
vast majority of cases, it would be impossible for someone to ascertain
the average Missing Link user's protocol name through packet sniffing.
This is a possibility on a corporate network (and in that case the
network would have to be unswitched, I believe. Of course, whether that
statement is accurate or not, my point stands), but in that case, one
probably shouldn't be using Missing Link, as that isn't it's intended
audience.
Unless EVERY html page you use ML with PHYSICALLY lives on your local
hard
drive or on a mounted filesystem connected by an encrypted link, any
script
kiddie with a packet sniffer can have your "magicallly immune" protocol
name.
You make it sound so unlikely...
In reality, there are really two cases for use of Missing Link, one
secure, one insecure.
In the secure case, you change your protocol name to a random string,
only access pages with your protocol name in them from your own hard
drive or through encrypted channels. In this case, Missing Link isn't
the weakest link in the security chain, that falls on other
applications. This is secure even in the corporate environment (as long
as each computer has a unique protocol name, and you can't look at
other people's files, in other words, the system has to be secure in
the normal ways already).
In the insecure case, you use defaults and access pages across the
network. Though this method isn't theoretically secure, the fact of the
matter is, no one will ever go through the trouble of putting up a live
web site to hack your computer, since you'll be one of only a handful
of missing link users, and there would be a nearly zero percent chance
that any of you would happen to browse to the Missing Link hack page.
In this case you are still extremely safe from attack, merely from
being marginal, even though your system is insecure. I wouldn't
recommend this for corporate users, however, as there an employee
probably would have enough power to cause problems with Missing Link.
Are you misrepresenting the issue, causing it to seem much larger than
it really is? Yes. Is improvement possible? Sure. Is it really
necessary? Not for my personal use, and not for the personal use of
many others. No one ever keys my car, tags my house, or kills me, but
there is little stopping them (Most murders are caused by people
related to the target, the rest go unsolved, usually. I trust that if
the hacker is someone close to me, then can do something suitably bad
to my computer whether or not Missing Link is installed.).
BJ
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.