Example Sins

TCP/IP

The Internet Protocol (IP) and the protocols built on top of it, namely Transmission Control Protocol (TCP)/IP and UDP, do not provide any guarantees for basic security services such as confidentiality and ongoing message authentication. TCP does do some checksumming that can provide integrity, but it is not cryptographically strong and can be broken.

IPv6 does address these problems by adding optional security services. Those security services (known as IPSec) were considered so useful that theyve been widely deployed on traditional IPv4 networks. But today, theyre generally used for corporate Virtual Private Networks (VPNs) and the like, and are not used universally , as originally envisioned .

E-mail Protocols

E-mail is another example where protocols have traditionally not protected data on the wire. While there are now SSL-enhanced versions of SMTP, POP3, and IMAP, they are rarely used and are often not supported by many popular e-mail readers, though some do support encryption and authentication at least for internal mail transfer. You can often put a sniffer up on a local network and read your coworkers e-mail.

This is one concern when using e-mail for password distribution during account creation. Typically what will happen is that users will forget their passwords, click on a button on a web site, which will then e-mail a password (often a new, temporary password). This would be a reasonable out-of- band authentication mechanism, except for the usual lack of security on e-mail.

All in all, this might not be the greatest risk in a system, but there are certainly more effective ways to perform password resets. The secret question technique can be effective, but you need a pretty sizable set of fairly uncommon questions. For example, its usually easy to social engineer someone out of their mothers maiden name. As an extreme example, fans of reality TV all knew the name of Paris Hiltons favorite pet, and thats supposedly how someone broke into her T-Mobile account.

E*Trade

E*trades original encryption algorithm was XORing data with a fixed value. Thats a really easy approach to implement, but its also really easy to break. A good amateur cryptanalyst can figure out that this is whats going on just by collecting and examining enough data that goes out on the wire. It doesnt take much data or time to figure out what the so-called encryption key is and completely break the scheme. Plus, to make matters even worse , this scheme doesnt even hope to provide ongoing message authentication, so it was easy for skilled attackers to launch pretty much every attack weve talked about in this chapter.