Re: Can encryrpted packets be cracked by middle man?

Re: Can encryrpted packets be cracked by middle man?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Re: Can encryrpted packets be cracked by middle man? Alun Jones 10-04-2005
Posted by Alun Jones on October 4, 2005, 7:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> This is a question about how secure encryption is.
>
> I've allowed several users to install LogMeIn (web based remote access
> tool. I suppose it's similar to GoToMyPC.) on their local computers. I
> have one particular question about the security of their connection (which
> uses 128 or 256 bit encryption & SSL & proxy servers.);
>
> Would it be at all possible for someone who has complete control of their
> servers to intercept and read the encrypted packets between client PCs
> (for example by cracking the passwords)?

I'm not familiar with LogMeIn, but I'll presume for purposes of discussion
that it works something like this:
1. You go to one of your PCs and log it on to the LogMeIn service as a
"server". [Their name may be something else]
2. You go to another PC, and log it on to the LogMeIn service as a "client",
and ask it to connect to your "server".
3. Both of these connections are secured through SSL.

> I assume they it's virtually impossible. But someone brought it up at the
> office and I'm not able to clearly and definitively prove them wrong.

I don't know where you get that assumption. Managers have been known to get
me to write excellent code for them by telling me they think it's
impossible; there are people out there who just live to prove that the
impossible can be done quite easily.

You should always assume that something is possible until someone has
demonstrated reasons why it is not.

In this case, you are setting up a man in the middle - your SSL
communications are secured only between your PC and LogMeIn in each
instance, not between the two PCs. The LogMeIn server is seeing a 'clear'
version of your network traffic, because it is the end-point of both SSL
sessions.

As a result, a "rogue administrator" could grab everything you send and
receive off the wire - passwords, files, etc. Don't forget that such a
rogue could also likely go ahead and fetch data off your server PC without
you needing to be connected.

Of course, your most likely protection in this case is that the LogMeIn
service has no interest in doing so, and would stand to lose more if found
doing so than they could possibly benefit. If that's not the case, then you
need to look at strongly vetting the LogMeIn service and its staff.

Alun.
~~~~



Posted by on October 4, 2005, 10:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>In this case, you are setting up a man in the middle - your SSL
>communications are secured only between your PC and LogMeIn in each
>instance, not between the two PCs. The LogMeIn server is seeing a 'clear'
>version of your network traffic, because it is the end-point of both SSL
>sessions.

Actually, this is not true in this case. (Granted, Alun seems to know
his SSL, but that does not mean he's 100% correct.) LogMeIn runs with a
modified SSL stack on the host side - the traffic is end-to-end
encrypted between the browser and the computer being accessed. You can
verify this with any packet logger - simply capture a remote session on
both the browser and the host side. The first few kilobytes (SSL
session negotiation) will definitely differ, but then the data stream
will become identical after a short while. This would not be possible
if the LogMeIn service were decrypting and re-encrypting the traffic.
The modified SSL stack allows the service to mediate the initial
connection and then lets the server (host) take over with its own
re-negotiated keys.

LogMeIn also includes a peer-to-peer layer based on UDP NAT traversal
that kicks in a few seconds into the connection. When this happens the
(still SSL-encrypted) traffic simply avoids the LogMeIn datacenters and
flows directly between the ActiveX/Mozilla plugin in the browser and
the computer being accessed.

>Of course, your most likely protection in this case is that the LogMeIn
>service has no interest in doing so, and would stand to lose more if found
>doing so than they could possibly benefit. If that's not the case, then you
>need to look at strongly vetting the LogMeIn service and its staff.

I guess this also applies to any sort of Internet-enabled software you
decide to install on your computer.


Similar ThreadsPosted
Re: Can encryrpted packets be cracked by middle man? October 4, 2005, 1:33 am
Re: Can encryrpted packets be cracked by middle man? October 4, 2005, 12:11 pm
Microsoft Genuine Advantage cracked June 23, 2005, 4:24 am
Windows login packets / events March 10, 2006, 2:26 am
how to block network packets using Java March 19, 2008, 4:22 pm
Scaperl: send handcrafted packets and sniff November 6, 2006, 7:00 am
Windows Firewall Dropping Return UDP Packets March 6, 2008, 3:22 am
man in the middle March 17, 2008, 12:38 pm

The site map in XML format XML site map

Contact Us | Privacy Policy