Re: [perpass] A reminder, the Network is the Enemy...
Bjoern Hoehrmann <derhoermi@gmx.net> Thu, 21 November 2013 04:00 UTC
Return-Path: <derhoermi@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6AC1AE09B for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 20:00:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SV49DL8UxZ6 for <perpass@ietfa.amsl.com>; Wed, 20 Nov 2013 20:00:38 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id B6D931ADBCC for <perpass@ietf.org>; Wed, 20 Nov 2013 20:00:37 -0800 (PST)
Received: from netb.Speedport_W_700V ([91.35.13.37]) by mail.gmx.com (mrgmx102) with ESMTPA (Nemesis) id 0MHrk1-1Vfm0C3q5V-003f0U for <perpass@ietf.org>; Thu, 21 Nov 2013 05:00:26 +0100
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Ted Lemon <mellon@fugue.com>
Date: Thu, 21 Nov 2013 05:00:12 +0100
Message-ID: <92lq89dapmn0u21t519plhamifqcdjfv80@hive.bjoern.hoehrmann.de>
References: <9B79CCC3-853E-42F4-8390-ED0EE019C275@icsi.berkeley.edu> <B4A3135B-1391-4794-BE23-D823962C294C@fugue.com> <dbeq89lhsqj0krnes41rnrodc6sjmcecr8@hive.bjoern.hoehrmann.de> <55D41CD1-7D56-4DF5-98A5-8EFFBF86C42A@fugue.com>
In-Reply-To: <55D41CD1-7D56-4DF5-98A5-8EFFBF86C42A@fugue.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:ydozInnOj3d0E1Gs38Cjeox2pzCGoq3hrlhVBI9fg/NILZ68luS +s3SkJW/ifqvSlT4l7jkpwsyjAT1kUHqqbGxngDePPXK7KLa9mvnHNqmwtHmett8gpk/ShQ Q2TMN4ZEqTh6i6ZJtiMQeIE5K9/P/EvrZ1CESqoO8m0YhXTWrADycwPXloGvB5wAU1xW5/X A5Nb4G9V0wNa6CJGfJ+BA==
Cc: perpass <perpass@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>
Subject: Re: [perpass] A reminder, the Network is the Enemy...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2013 04:00:40 -0000
* Ted Lemon wrote: >On Nov 20, 2013, at 5:43 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: >> Online advertisers are happy to help you identify your targets and put >> code on their computers, <http://en.wikipedia.org/wiki/Malvertising>. > >Malvertising is a scattershot approach, not a targeted approach. If >you have access to a lot of demographic data, you may with some >difficulty be able to target an attack to an individual, but scraping >the HTTP at the server is a _lot_ easier. Making that impossible >increases the cost of this type of attack significantly. Modern ads are complex computer programs running on your computer with access to information the ad network associates with "you", information associated with the page the ad is on, and the ability to probe your computer for more information. Instead of scanning through the network traffic the attacker would use these data sources to identify you and attack once identified. Silly example: let's say the ad can know which page it is loaded on and it can persist information that is available when the ad is loaded from the page by the user again. Now that page is https://example.com/~user and the ad is shown to all who visit that page. After some time the ad knows (perhaps through a synchronising server) which user has visited that page most frequently and can infer that's the actual user "user". If an attacker wanted to target someone attending the most recent IETF meeting they might start with booking ads for "People who normally reside in X but are on visit in Vancouver" during the first week of November 2013. Someone with an interest in internationalisation, Uni- code and all that stuff? Probe the system for unusual fonts. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
- [perpass] A reminder, the Network is the Enemy... Nicholas Weaver
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Bjoern Hoehrmann
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Bjoern Hoehrmann
- Re: [perpass] A reminder, the Network is the Enem… Ted Lemon
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer
- Re: [perpass] A reminder, the Network is the Enem… Nicholas Weaver
- Re: [perpass] A reminder, the Network is the Enem… David Conrad
- Re: [perpass] A reminder, the Network is the Enem… Matthäus Wander
- Re: [perpass] A reminder, the Network is the Enem… Randy Bush
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… David Conrad
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… Russ Mundy
- Re: [perpass] A reminder, the Network is the Enem… Phillip Hallam-Baker
- Re: [perpass] A reminder, the Network is the Enem… Stephane Bortzmeyer