posted on
Oct 22, 2008 09:26AM
Since I pursue my career in an area which includes technical issues of computer security I might happen to have a reason to be paranoid.
When the little paddle lock shows up this means we have a secure link. The software which does this is actually openssl and anyone interested in how this works should visit www.openssl.org
These links are secure and generally cannot be cracked. Man-in-the-middle attacks are possible through social engineering attacks... ie: the connection is directed to a secure server in the middle which is not the one a person thinks he's connecting to. There are safe guards in place for this and it is quite unlikely that a successful hijacking of the connection would be practical.
However, people need to realize that the weakness lies before the data gets to the secure pipe and after it leaves the secure pipe in the destination server.
There is a third weakness in the system in that the control numbers can be generated by a bot net in a short time.
People who work in the area know that as many as 1/3 of the computers in the wild (general public's hands) will have viruses or keyboard loggers on a regualr basis. A few years back I was a member of a small stock club and 60% of our members over a 5 year period of time had logged into our on-line trading account with compromised machines.
This means a black hat could have picked off our log in IDs and passwords and sent them to a database anywhere in the world. IE. We had no security at all.
With what is at stake in this proxy vote I HOPE each and every one who votes via the net KNOWS" their machine is secure. If it is compromised then at the 11th hour a it is technically possible for a server in say China or North Korea to simply log and change your vote.
We already know there are many scoundrels out and about. There certainly is motivation as well. What I am saying is that the ability to do things like this is widely known in the black hat community. The thing is that if something like this were to happen who would know?
Don't take security lightly. Once an exploit is taken advantage of that machine is OWNED. I can provide a list of the IP addresses of more than 44,000 bots which we had to firewall (IE block) and this was just a small bot net attacking one of our domains mail server doing a dictionary attack looking for valid email addresses. There are bot nets with more than 1/4 million machines.
Once a machine is owned they can do ANYTHING they want including reprograming the CRTC registers so the monitor catches on fire, reprogramming the BIOS to automatically re-install the loggers at boot, through to spinning through the hard drive and uploading any files which might look confidential. They clearly are able to log keystrokes and pick up online accounts and passwords.
The little paddle lock that says "secure connection" is irrelevant because these exploits take place before the data even gets to the connection. It takes place between the keyboard and the application.