50 attacks on Netscape - please send the check

[Dr. Frederick B. Cohen]

50 Attacks: a.k.a. Why Not to Run Hot Java in your netscape (or other) browser:

Concept 1 - Hot Java code that, once started, takes and retains control
of the viewer.  It includes hot buttons, etc.  that let you use common
resources on the net, store favorite places, etc.  When you push any
button in this window, it simulates Hot Java within its own code, but
all reads and writes contain code to restart the program (such as the
"remember favorite places" button, etc.).

	Attack 1 - It records all entries and sends them to an unfriendly.
	This includes credit card numbers, etc.

	Attack 2 - It reroutes all traffic through a known site to record
	information about all of your accesses.

	Attack 3 - It selectively multiplies dollar values on purchases up
	by a factor of 10 when you authorize purchases through their store.

	Attack 4 - It reroutes all purchases through their intermediary and
	adds 20% for the service, thus becoming the middle person in all
	your transactions.

	Attack 5 - It replaces select information from select sites with
	false or misleading information - particularly about the competition.

	Attack 6 - It reports certain sites as down, thus damaging the reputation
	of those sites.

	Attack 7 - It sends requests to sites and ignores their answers to increase
	hit rates on key vendors that pay for their W3 sites based on usage.

	Attack 8 - It gets dirty pictures using your credit card information
	and sends it to another recipient.

	Attack 9 - It implements an anonymous remailer for smut, thus making
	you the smut capital of the network.

	Attack 10 - It waits till you save another Java code from the
	net and replaces the code with its own code and a pointer to the
	code you thought you got.

	Attack 11 - It waits till you save a file and overflows your disk with
	garbage.

	Attack 12 - It sends displays that flash on the screen at a rate that
	causes epilectic seizures.

	Attack 13 - It puts up subliminal messages to cause you to
	accept its subsequent request to overwrite a .com file onto your
	disk.

	Attack 14 - It analyzes your typing style to determine psychological
	factors and stores that information in a database.

	Attack 15 - It analyzes your typing style to determine psychological
	factors and, if you are a child, connects you to child pornography
	rings.

	Attack 16 - It sends requests for URLs to numerous addresses on
	your network, records results, and returns a network map to the
	attacker.

	Attack 17 - It uses spare time when you are not computing to participate
	in codebreaking activities, including the breaking of netscape codes.

	Attack 18 - It sends massive quantities of email to mailing lists
	creating the impression that you are not a nice person (a spammer)

	Attack 19 - When it recieves incoming email, it sends copies to
	newsgroups who now have access to all your personal incoming mail.

	Attack 20 - When you send outgoing email, it sends copies to
	newsgroups who now have access to all your personal outgoing mail.

	Attack 21 - When you send outbound email, it adds insulting or
	abusive humor to the end of your signature line.

	Attack 22 - It is used to send and receive email as part of a
	right wing group's coordination activities aimed at overthrowing the
	government.

	Attack 23 - It slowly fades your screen till you think the
	display is going bad, forcing you to buy a new display.

	Attack 24 - It slowly degrades performance causing you to think you need
	a faster computer.

	Attack 25 - It sends threatenning email to the President under
	your name, getting you arrested.

	Attack 26 - It sends embarassing email to the New York Times getting
	you fired.

Concept 2 - Hot Java code that sends all of your messages through my computer
and gets the results back from my computer by rewriting URLs on-the-fly.

	Attack 27 - Attack 3 from above, but with more intelligence so that
	amounts are changes less obviously.

	Attack 28 - Attack 4 from above, but it also changes the costs on incoming
	information so that you can't detect the price change in the process.

	Attack 29 - Attack 5 from above, except that it is more sophistocated -
	like creating misspellings or poor formatting or moving the locations
	in maps so that when you push on one part of a map, it sends a different
	part to ther server.

	Attack 30 - Attack 6 from above, except that instead of reporting servers
	down, it makes them seem very slow, or misses lines of pictures, etc. to
	make them look bad but without causing trouble reports.

	Attack 31 - Records all credit card transactions and forward information
	to services that pay to know what you buy.

	Attack 32 - Determines whether you look at dirty pictures and, if so,
	sends the information to criminals to use against you in shakedowns.

	Attack 33 - Replaces legitimate calls to children's pages with child
	pornography - including solicitations for where you can become a star.

	Attack 34 - Adds subliminal messages to sound files that cause you to
	enter a murderous rage (as in the claims about acid rock a few years
	back).

	Attack 35 - Adds dirty pictures to video files causing you to become
	sex-crazed and commit sex crimes and have bad dreams.

	Attack 36 - Causes simulated waviness on the screen, resulting in
	dizziness and increased sick time at work.

	Attack 37 - Introduces high frequency buzzing that irritates people
	and causes them to become more violent and less cooperative.

	Attack 38 - Introduces low frequency beating (similar to the tactics used
	against the Branch Dividians and in Viet Nam) to weaken your resolve and
	then asks you to confirm the upload of a program.

	Attack 39 - Creates subliminal feedback to your use of the Web to get
	you to tend toward particular services and away from others.

	Attack 40 - Adds background advertising to all your pictures.

	Attack 41 - Replaces the background information provided by Web sites
	with the attackers background advertising.

	Attack 42 - Shifts frequencies of sound files from select other sites
	so they seem off-pitch and don't reflect well on those companies.

	Attack 43 - Reroutes all of your Web requests through the NSA and CIA
	so they can do better intelligence.

	Attack 44 - Causes select Web sites to require User ID and Password
	information before use (particularly company Web sites) so as to get
	you to reveal your UIDs and passwords.

	Attack 45 - Renames Web sites so that your remembered sites only
	work for a few days and then the pointers appear to go away.

	Attack 46 - Puts a lot of really interesting things on your screen, thus
	making you believe that the Web is really great, and then removes them
	from accessibility when you try to get them again.

	Attack 47 - Universally replaces the work AND with OR in all Web information.

	Attack 48 - Randomizes all 5-digit numbers sent via the Web, thus confusing all
	zip codes contained in address fields.

	Attack 49 - Sends a series of high frequency sounds combined with screen
	flashes designed to cause permanent brain damage.


Concept 3 - There is a chosen plaintext attack against the RSA (published in the
1980s in a Crypto conference (IACR?).

	Attack 50 - Use your Hot Java capability to sign selected
	message after message till the attacker derives your private key.
	I think this takes one or two messages per bit of private key.

	Bonus Attack (no extra charge) - If they use your PGP random
	number information, they get your PGP key too!


Netscape: Please send your check for US$50,000 to the address below.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236