Watch for the sharks, they may be after your AS/2
Last week I was sitting in the lobby of one of my regular clients whose office overlooks the beach on Florida's Panhandle. I was contemplating doing a little fishing from the beach, but after reading the headlines about the recent shark attacks on unsuspecting surfers and fishermen I decided against it. It seems that the area had considered itself relatively immune from shark attacks, not having had one in several years.
Deciding I'd rather "buy than build", I was checking Yahoo! for local seafood restaurants, and received an instant message from an anonymous EDI Consultant struggling with implement security in a new AS/2 installation. The conversation went something like this:
"Nobody seems to want to discuss the network security issues around AS/2. I'm working with highly sensitive data, and there are some serious security issues."
I asked him for specifics, and he continued on.
"Even though the encryption algorithms are very strong, the theft of the certificates and keys is simple. There are products that are easily hacked by exploiting some simple designed-in functionality..."
The IMer went on to describe two scenarios, one in which he was able to obtain the certificate and key, and another in which he was able to fool the AS/2 system into sending login information based on an external request for admission to the system.
"The underlying problem is with the AS/2 protocol itself. It has no way to achieve nonrepudiation."
My messenger logged out and left me with lots more questions than answers, but my mind drifted back to the shark attacks and how serene the waters look as I gazed out across the beach. My contact was describing one particular implementation as well as a vulnerability inherent in a widely used protocol. He wisely kept the specifics to himself, though he did say that the issues he described were easily demonstrated.
I checked with two knowledgable people for their opinions on the possibility of this kind of security breach, and they both said they were certain it would not be possible without first being able to hack into the network itself and gain access to the system console. Of course that has little to do with AS/2 since once at the console, the hacker would have free access to the entire system. Nevertheless, just because these folks can't imagine it, that doesn't mean it can't happen.
So for now I'll get my fish fully cooked at the local restaurant and let the professional fishermen find my dinner from the safety of their boats. I'll also look more carefully at the AS/2 implementation spec with a hacker's eye and see if I'm able to find the same thing my IM pal warned me about. Maybe you should do the same. An old surfer told me "You can't see the sharks until its too late." Good advice.
Until next time...