Sunday, May 30, 2004

Protecting Against Kerberos Attacks on Windows

WindowsDevCenter is carrying an interesting article on Kerberos security in the Windows context.

The closer I look at Kerberos, the more I'm driven to wonder why it is the SixApart people didn't look at this as a template for their efforts, both as an example of how federated authentication systems can be implemented, and as a guide to what not to do. Did the Trotts bother to read the extensive literature on this topic beforehand, or did they fall victim to the "NIH" syndrome that is so common amongst hackers and codewriters?

ADDENDUM: I've just discovered this intriguing post by Krishnan Nair Srijith, author of the OpenPGPComments plugin for MT, in which he subjects the TypeKey protocol to a fair bit of rigorous scrutiny; like me, he also relates the TypeKey proposal to the Kerberos protocol, and the conclusion he comes to is fairly unsurprising:

In simple English, if you look at the steps involved in the process, you will see that as long as anyone can get hold of the URL sent from your browser to blog server after you have entered your username and password, that person can easily impersonate you in all the blogs that accept TypeKey authentication, for a fixed period of time (which can be a long period). Since this step occurs without any encryption involved, anyone with the right tools and in the right place can easily sniff the packets to get the "required" information. After that - *goodbye security*.
As I've said before, TypeKey is merely a way of making MT users feel that "something is being done", and is actually worse than useless as a practical matter, insofar as it inspires in people a false sense of certainty that people are who they claim to be.


Post a Comment

<< Home