KLASSP Secure Proxy for password security

http://research.microsoft.com/pubs/69368/acsac06.pdf

Hi All,

See link above. Anyone know if this system has actually been implemented 
anywhere? I did some googling and didn't find anything.

Appears to be a nice solution to thwart keyloggers on public computers.

Cheers,

Tom
0
Tom
2/17/2010 12:16:58 AM
grc.security 16608 articles. 3 followers. Follow

10 Replies
1007 Views

Similar Articles

[PageSpeed] 56

Tom C wrote:

> http://research.microsoft.com/pubs/69368/acsac06.pdf
> 
> Hi All,
> 
> See link above. Anyone know if this system has actually been implemented 
> anywhere? I did some googling and didn't find anything.

Interesting document. A few points that occur to me:

Some of the obfuscation techniques they mention seem rather weak. Some 
malware is known to capture the screen around the pointer as you click, 
so it would be able to see which images/symbols you clicked on. 
Therefore, I would say only a one-time password system is good enough, 
such as Steve's "Perfect Paper Passwords":

<https://www.grc.com/ppp.htm>

The techniques they describe would only guard against malware that 
captures passwords for use later. It would not protect against malware 
that interacts with the site right then while you are authenticated. For 
example, some malware is known to make banking transactions while you 
are logged into your banking site and then alter the statement page to 
hide the fraudulent transactions.

To use the system they propose you'd have to pass your most sensitive 
traffic through their proxy, or otherwise run your own proxy. Given that 
you wouldn't wish to trust a third party, you'd have to install and run 
your own proxy, and defend it against compromise itself.

Given the weaknesses and complexity of this system, you might as well 
simply avoid using public machines, or boot your own live CD so as to 
use the physical hardware without using the compromised operating 
system. As I mentioned in the other thread, you just can't trust an 
infected system, so just shut it down and boot your own CD.

-- 
James Taylor
0
James
2/17/2010 7:21:13 AM
In article <hlg5d8$r6u$1@news.grc.com>, 
infosec@oakseed.demon.co.uk.invalid says...

No offense, but any group of public pc shouldn't even allow you to boot 
to a liveCD. The BIOS should be set to only boot to the hard drive, and 
obviously the BIOS should be password protected, thus using a public pc 
to use a liveCD would be pointless. I think James point in his other 
thread that if you MUST do your banking in a public place, use your own 
dedicated netbook/laptop and boot to a liveCD. 

-- 
Marriage is the triumph of the imagination over intelligence...
                                                    --Anonymous
0
Philip
2/19/2010 4:08:16 AM
 Philip V. Boccia wrote...
> 
> In article <hlg5d8$r6u$1@news.grc.com>, 
> infosec@oakseed.demon.co.uk.invalid says...
> 
> No offense, but any group of public pc shouldn't even allow you to boot 
> to a liveCD. The BIOS should be set to only boot to the hard drive, and 
> obviously the BIOS should be password protected, thus using a public pc 
> to use a liveCD would be pointless. I think James point in his other 
> thread that if you MUST do your banking in a public place, use your own 
> dedicated netbook/laptop and boot to a liveCD. 

I have our public PC set up to disallow access to all drives except user 
USB devices and those devices cannot be used to boot the system. No CD 
or floppy can be used to boot the system.
0
Ronald
2/19/2010 4:22:33 AM
Philip V. Boccia wrote:

> No offense, but any group of public pc shouldn't even allow you to boot 
> to a liveCD.

Why not? It a perfectly reasonable thing, so why try to prevent it?

Indeed, arguably it would be arrogant of an Internet cafe owner to 
insist that all customers must use his choice of operating system in his 
(probably poor) security configuration, and with his (probably poor) 
level of patch maintenance, etc. I've never encountered such a thing 
but, if I did, I'd chastise the owner and not give him my business.

> The BIOS should be set to only boot to the hard drive, and obviously
> the BIOS should be password protected, thus using a public pc to use
> a liveCD would be pointless.

Well, I can tell you that in all my travels I've never encountered a 
locked BIOS on any public PC. People just don't bother with that. I make 
frequent use of live Linux CDs in Internet cafes, and I certainly 
wouldn't use those machines without booting a known clean environment.

> I think James point in his other thread that if you MUST do your
> banking in a public place, use your own dedicated netbook/laptop

Your own computer is certainly better (and more convenient) then using 
someone else's, and is the only reasonable protection against hardware 
keyloggers, etc. But if your only worry is software based spyware on 
poorly maintained Windows PCs, then booting a live CD is sufficient.

> and boot to a liveCD.

I see little motivation to boot a live CD on your own netbook unless you 
normally run Windows on that netbook and feel the need to keep banking 
off Windows (not a bad idea). Personally I run Linux on my netbook and 
so I feel fairly safe using it directly.

-- 
James Taylor
0
James
2/20/2010 9:51:13 PM
Ronald wrote:

> I have our public PC set up to disallow access to all drives except user 
> USB devices and those devices cannot be used to boot the system. No CD 
> or floppy can be used to boot the system.

Can you describe the situation and purpose of your "public PC"?

What is your rationale for not allowing people to run their own choice 
of OS? Can you guarantee your own security measures are definitely 
better protection for the users than running a live CD would be?

I certainly wouldn't trust a public machine running Windows no matter 
how security minded the owner was. I'd insist on running a live CD or 
not using the computer at all.

-- 
James Taylor
0
James
2/20/2010 9:56:35 PM
In article <hlplgf$dnp$1@news.grc.com>, 
infosec@oakseed.demon.co.uk.invalid says...
> Philip V. Boccia wrote:
> 
> > No offense, but any group of public pc shouldn't even allow you to boot 
> > to a liveCD.
> 
> Why not? It a perfectly reasonable thing, so why try to prevent it?
> 
Allowing the public to boot off an optical drive would just allow them 
to erase the contents of that hard drive. These machines don't belong to 
you, so yes, policy trumps convenience. Your travels notwithstanding, 
anybody in charge of public machines should know you don't ever let 
anyone access to the bios to change boot order, then its no longer your 
machine, its theres. I can't speak for anyone else but my 'poorly 
patched' windows machines unfortunately were voted against me (I wanted 
a linux solution - I also wanted the public machines to be on a separate 
network than the staff machines but that was just too fucking hard for 
them to comprehend) so of course now half of my time is spent making 
those stupid windows machines are patched and up to date. And thank YOU 
so much for reminding me. WHY DONT YOU JUST GIVE ME A PAPER CUT AND POUR 
LEMON JUICE ON IT!    :D

-- 
Marriage is the triumph of the imagination over intelligence...
                                                    --Anonymous
0
Philip
2/21/2010 8:43:00 PM
In article <MPG.25eb64df23b8976c98972e@news.grc.com>, fairlane32
@verizon.net says...
> In article <hlplgf$dnp$1@news.grc.com>, 
> infosec@oakseed.demon.co.uk.invalid says...
> > Philip V. Boccia wrote:
> > 
> > > No offense, but any group of public pc shouldn't even allow you to boot 
> > > to a liveCD.
> > 
> > Why not? It a perfectly reasonable thing, so why try to prevent it?
> > 
> Allowing the public to boot off an optical drive would just allow them 
> to erase the contents of that hard drive. These machines don't belong to 
> you, so yes, policy trumps convenience. Your travels notwithstanding, 
> anybody in charge of public machines should know you don't ever let 
> anyone access to the bios to change boot order, then its no longer your 
> machine, its theres. I can't speak for anyone else but my 'poorly 
> patched' windows machines unfortunately were voted against me (I wanted 
> a linux solution - I also wanted the public machines to be on a separate 
> network than the staff machines but that was just too fucking hard for 
> them to comprehend) so of course now half of my time is spent making 
> those stupid windows machines are patched and up to date. And thank YOU 
> so much for reminding me. WHY DONT YOU JUST GIVE ME A PAPER CUT AND POUR 
> LEMON JUICE ON IT!    :D
> 
> 
Forgot to mention that we also use time management software and letting 
you use your liveCD on one of the machines would let you sit there all 
day - not happening sweetie.  ;)
-- 
Marriage is the triumph of the imagination over intelligence...
                                                    --Anonymous
0
Philip
2/21/2010 8:55:09 PM
Philip V. Boccia wrote:

> Allowing the public to boot off an optical drive would just allow them 
> to erase the contents of that hard drive.

Not if the drive is read only.

My nearest Internet cafe has a special hard disc interface in every 
machine. Each hard disc has two partitions on the drive, one is the 
known clean installation of Windows and this is read only, the other is 
a space for the runtime changes and user files. Simply rebooting the 
computer resets the changes partition and thus instantly restores the 
computer to a known clean state. Not only does this guarantee to rid the 
computer of any malware or misconfiguration that may have befallen it in 
the course of the day, but it also removes the footprints left by each 
user thus ensuring user privacy.

Windows must have some kind of driver that presents this as a single 
writeable disc. When I boot my Linux CD on those machines it can see the 
two partitions, but I am unable to write to the Windows partition.

For making legitimate updates to the read only partition the admin can 
enter a password to temporarily unlock the read only protection.

Even without this special disc interface, I would question how likely it 
is that mindless vandals would try to damage an Internet cafe computer 
in the first place. Surely a backup would be sufficient protection 
against this unlikely threat.

> These machines don't belong to you, so yes, policy trumps convenience.

Well, policy stinks and your Internet cafe wouldn't get my business, but 
then you probably wouldn't care about losing just one customer.

> Your travels notwithstanding, anybody in charge of public machines
> should know you don't ever let anyone access to the bios to change
> boot order, then its no longer your machine, its theres.

I think you have the wrong security model. Let people use the computer 
to run whatever OS they like. Just don't let them alter the OS you 
provide as standard. Use a read only hard disc partition to protect it.

> I can't speak for anyone else but my 'poorly patched' windows
> machines unfortunately were voted against me (I wanted a linux
> solution - I also wanted the public machines to be on a separate 
> network than the staff machines but that was just too fucking hard
> for them to comprehend) so of course now half of my time is spent
> making those stupid windows machines are patched and up to date.

I sympathise with your plight. They certainly should be on separate 
networks. Why on earth was that too hard? You could set it up yourself 
over the weekend and they could only express gratitude.

Windows has 95% market share so it is probably a sensible default OS to 
offer people, but that's no reason not to offer Linux too, and no reason 
not to let people run whatever they like on the machines (portable apps, 
live CDs, games, trial copies of photoshop, the driver for their digital 
camera or ipod, etc). You should think of it in terms of renting the use 
of the machine and Internet connection, and not in terms of specific 
operating systems or applications.

> Forgot to mention that we also use time management software and letting 
> you use your liveCD on one of the machines would let you sit there all 
> day - not happening sweetie.  ;)

I have encountered an Internet cafe that used time logging software, but 
that was a long time ago back in the UK. They had a lot of machines 
(maybe 100) spread out in multiple rooms and floors of the building and 
there was only one guy at the reception desk where the login tokens were 
collected on the way in and paid for on the way out. Such a system made 
sense in that case. These days so many people have Internet access at 
home that such large Internet cafes no longer exist as there's simply no 
demand for them.

All the Internet cafes I have encountered in my travels in the last five 
years have just had the receptionist jot down the start time in a 
notepad against the number of the desk she allocates to you. Some use 
separate stopwatches, but such accuracy is hardly necessary. A notepad 
is low tech, but it works just fine. Even some quite large places with 
say 30 machines in a single room use this method.

How many public access computers do you run?

-- 
James Taylor
0
James
2/21/2010 10:29:24 PM
In article <hlsc44$2lgc$1@news.grc.com>, 
infosec@oakseed.demon.co.uk.invalid says...


James,
	Let me break it down for you  (and anyone else who cares to be 
bored :D )

I don't work at an Internet Cafe, (judging by what you've replied, if I 
did it would be so much easier for me LOL) 

I work at a public library in Long Beach NY and we have 17 public access 
machines to serve our taxpayers. Long ago when we were getting raped in 
printing costs and having to deal with patrons who wouldn't get up to 
leave because someone else had an appointment (yes, you're idea of pen 
and notepad sent shivers of old nightmares coming back) we had to get 
some time and print cost recovery solution. To sum up, it sucks - bad. I 
tried to get a linux solution but maybe back then linux was the red 
headed stepchild of the library world. I voted for Discoverstation by 
Userful but it was expensive (our library's budget is around 2-3 million 
serving over 46,000 people) and they settled on Comprise's SAM 
(worthless garbage) 

Anyway our library is part of a Consortium of 50 libraries in the county 
that is run from a central location in another town. The main networking 
is done off site and each library's Internet is set up with a router 
that isn't accessible by in house systems technicians/librarians
(me)/outside vendors. I only have access to securing the pc's that are 
on the network and maintaining them. 

I use a reboot to restore option (Deep Freeze) in conjunction with 
Winblows Steady State to lock down the machines, and hope that our 
time/print management software doesn't croak, or crash or whatever. I 
supply Office, and Internet. That's it. No scanners (people break them). 
No, you can't download iTunes on our machines. No, you can't plug in 
your digital camera or mobile phone, usually because it requires 
software that the library doesn't provide, and you can't just install 
what you want, the public profiles are limited accounts. Because of Deep 
Freeze and SS, I don't run AV/AS software, since their definitions 
wouldn't stick, and Faronics hasn't gotten a script to work - yet.  :D

The fact that the public machines are on the same network WITHOUT AV 
software, I get nervous about folks bringing in who-knows-what on their 
flash drives. I do have Autoplay turned off, and File and Print Sharing 
disabled since they all print to a network printer or two with their own 
IP address, but still, who knows. When a fellow colleague who knows more 
about the networking side than me (I come from a hardware/gamer 
background - which is why I listen to you guys and SN :D) suggested to 
the higher ups about separating the library's public networks from the 
staff networks, it was as if we killed someone's dog. Responses like "Do 
you know how much of a project that is?"  to "What for?" were thrown 
around, and I knew I had an uphill battle. My response? HELLO? TO 
PROTECT THE PRIVACY AND INTEGRITY OF PATRON RECORDS? BING BONG!!!

To make matters worse, the library Directors (who know nothing about 
security or technology) make these decisions that don't make any logical 
sense to us "techies", and our Consortium Director makes it sound like 
our recommendations are pointless, unfounded, and she only answers to 
Library Directors who bow to her whim). I'm sure you don't want to hear 
about that vicious cycle. 

Recently I became the chairperson of our Technology Committee for the 
county and a few of us have a plan to rebel against this Time/Print 
solution in favor of another one. Unfortunately our powers and cries 
fall on deaf ears. (maybe I should work in the UK, you blokes are much 
nicer :D)  Feel free to visit  :D
-- 
Marriage is the triumph of the imagination over intelligence...
                                                    --Anonymous
0
Philip
2/22/2010 3:32:43 AM
In article <MPG.25ebc4ebab6c0d71989735@news.grc.com>, fairlane32
@verizon.net says...
> In article <hlsc44$2lgc$1@news.grc.com>, 
> infosec@oakseed.demon.co.uk.invalid says...
> 

I forgot to mention; for the Staff side of the network, I vehemently 
opposed a windows environment for obvious reasons, but alas - DE NIED!
Why? The Consortium Director's response was that users know windows and 
not linux. Basically it in a nutshell. Now, OK, with 50 libraries that 
she's got to oversee with our circulation software (another piece of 
garbage) I can understand her concern. Low level clerks and 
librarians/directors etc, are more apt to know windows than say a Linux 
distro. But what about security? For a consortium director whose, 
supposedly, main concern is the protection of the network and patron's 
records, why trade off on user skill vs security? As someone else here 
stated a while ago, "The days of linux being an obscure solution are 
long gone, maybe its time to reconsider it."

 Well, that was my counter arguement to my director but like always, in 
my industry, things move slower than molasses in winter, so I'm thinking 
by the time they decide the move to linux for the county, there will be 
too many viruses around for it to be a consideration anymore  :D

-- 
Marriage is the triumph of the imagination over intelligence...
                                                    --Anonymous
0
Philip
2/22/2010 3:51:58 AM
Reply:

Similar Artilces:

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Security Now : Passwords and Cybercafe
Hello, My Name is Jean-sebastien OpdeBeeck, from Belgium. I'm new on this (great) newsgroup. I've just listen ALL SN podcats ... in some days ... cool and great quality. About password, and cybercafe, if you are afraid about key log. Why don't recommand two factor authentication ??? In my company we implement this (Vasco, RSA, SecureID, ...), so user has to put into his SSL VPN connection LOGIN and his TOKEN challenge+ PIN code. So you never can replay the sequence, because it's one time password. Yes I know, you need money for this, but maximum security i...

Security: Show Passwords MAJOR SECURITY RISK
Name: Mx Email: mklein01atgmaildotcom Product: Firefox Summary: Security: Show Passwords MAJOR SECURITY RISK Comments: The ability of anyone to view saved passwords is a major security risk. PASSWORDS should be ENCRYPTED WITH A USER SELECTED PASSWORD Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.mozilla.org/ ...

How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)
Hello, Many thanks to R. Joseph Newton, Motherofperls, essential quint and Chuck Fox for answering my questions, however it is still not what I was asking about. My previous posts were long and maybe unclear so I'll try to get straight to the point this time, adding more details at the bottom of my post. It is actually an extremely common situation: There is a CGI script written in Perl. It is a frontend to an SQL database. The script has to connect to the database so it has to send a password. I need that password to be secure. I am not interested in security through obscurity. T...

Netstorage Secure then UN-Secure
Have a problem with Netstorage: I log in under the secure website of https://ipaddress:51443/oneNet/NetStorage and then after drilling down to folder, the secure web site changes to http://ipaddress:51443/oneNet/NetStorage/Documents. Why??? does it go to the unsecure site? Claudia, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com...

Web resources about - KLASSP Secure Proxy for password security - grc.security

One-time password - Wikipedia, the free encyclopedia
A one-time password (OTP) is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are ...

Oregon To Consider Bill Blocking Employers From Demanding Applicants’ Facebook Passwords
The Oregon House of Representatives will hear a bill Friday that would prevent employers from demanding that job applicants reveal their passwords ...

Keeping Passwords Secure
The Facebook Security team has always kept a close eye on data breach announcements from other organizations. Theft of personal data like email ...

New Facebook Security Features: One-Time Passwords, Security Info
Facebook has launched two new security features to help users stay in control of their accounts. Users can now receive a one-time password from ...

Newest ransomware pilfers passwords before encrypting gigabytes of data
A new wave of crypto ransomware is hitting Windows users courtesy of poorly secured websites. Those sites are infected with Angler, the off-the-shelf ...

Some Amazon passwords may have been exposed— here's how to make your account as safe as possible
Amazon has sent an email to an unknown number of users warning them of a potential leak and forcing them to reset their passwords, Zack Whittaker ...

Deutsche Bank is considering killing passwords to making online banking safer
Deutsche Bank is considering scrapping traditional passwords in favour of thumbprint technology, facial recognition, and smart tech that knows ...

Old database dump from Nexus Mods circulating in criminal circles: Change password
Nexus Mods, a gaming site which has mods for 216 games , warned users about a “ potential database breach ” after a Reddit user was alerted by ...

Report: Amazon Resets Some Users’ Passwords Over Concerns They May Have Been Compromised
If you found Amazon has force-reset your account password, you aren’t alone: according to a new report, many customers have reported that the ...

Amazon Data Breach Forces Mandatory Password Resets
Amazon reset the passwords for customers after it discovered a data breach.

Resources last updated: 12/12/2015 5:28:35 AM