Home > General Rants & Raves > The Most Hysterical “Security by Obscurity” Example, Evah!

The Most Hysterical “Security by Obscurity” Example, Evah!

Upsidedownebay
For those of you living under a rock for the last 15+ years, you may not have heard of Bruce Schneier.  He’s a brilliantly opinionated cryptographer, privacy advocate, security researcher, businessman, author and inadvertent mentor to many.  I don’t agree with everything he says, but I like the buttons he pushes.

I love reading his blog because his coverage of the issues today are diverse and profound and very much carry forth the flavor of his convictions.  Also, it seems Bruce really likes Squids…which makes this electronically-enabled Cepholopod-inspired security post regarding the theft of someone’s wireless connection that much more funny.

Here’s the gist: A guy finds that his neighbor is "stealing" his wireless Internet access.  Rather than just secure it he "…"runs squid with a trivial redirector that downloads images, uses
mogrify to turn them upside down and serves them out of it’s local
webserver."  Talk about security by obscurity!

That’s just f’in funny…so much so, I’m going to copy his idea, just like I did Bruce’s blog entry! šŸ˜‰

Actually the best part is the comment from one "Matthew Skala" who performs an autopsy on the clearly insecure and potentially dangerous implementation of the scripts and potential for "…interesting results."  He’s just sayin’…

I don’t know all the details of how Squid interfaces to redirection
scripts, but I see that that redirection script passes the URL to wget
via a command line parameter without using "–" to terminate option
processing. It first parses out what’s supposed to be the URL using a
regular expression, but not a very cautious one. I wonder if it might
be possible to request a carefully-designed URL that would cause wget
to misbehave by interpreting the URL as an option instead of a URL. I
also see that it’s recognizing images solely by filename, so I wonder
if requesting a URL named like an image but that *wasn’t* an image,
could cause interesting results. Furthermore, it writes the images to
disk before flipping them – and I don’t even see any provision for
clearing out the cache of flipped images – so requesting a lot of very
large images, or images someone wouldn’t want to be caught possessing,
might be interesting.

Posted by: Matthew Skala  at August  4, 2006 08:42 AM

Read the whole thing (with configs.) here.

Chris

Categories: General Rants & Raves Tags:
  1. No comments yet.
  1. No trackbacks yet.