Re: [perpass] A reminder, the Network is the Enemy...

[Bjoern Hoehrmann <derhoermi@gmx.net>]

* Ted Lemon wrote:
>On Nov 20, 2013, at 5:43 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
>> Online advertisers are happy to help you identify your targets and put
>> code on their computers, <http://en.wikipedia.org/wiki/Malvertising>.
>
>Malvertising is a scattershot approach, not a targeted approach.   If
>you have access to a lot of demographic data, you may with some
>difficulty be able to target an attack to an individual, but scraping
>the HTTP at the server is a _lot_ easier.   Making that impossible
>increases the cost of this type of attack significantly.

Modern ads are complex computer programs running on your computer with
access to information the ad network associates with "you", information
associated with the page the ad is on, and the ability to probe your
computer for more information. Instead of scanning through the network
traffic the attacker would use these data sources to identify you and
attack once identified.

Silly example: let's say the ad can know which page it is loaded on and
it can persist information that is available when the ad is loaded from
the page by the user again. Now that page is https://example.com/~user
and the ad is shown to all who visit that page. After some time the ad
knows (perhaps through a synchronising server) which user has visited
that page most frequently and can infer that's the actual user "user".

If an attacker wanted to target someone attending the most recent IETF
meeting they might start with booking ads for "People who normally
reside in X but are on visit in Vancouver" during the first week of
November 2013. Someone with an interest in internationalisation, Uni-
code and all that stuff? Probe the system for unusual fonts.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/