Services/Sync/P2P Key Exchange And Rotation: Difference between revisions

Jump to navigation Jump to search

Services/Sync/P2P Key Exchange And Rotation (view source)

Revision as of 00:46, 29 October 2015

733 bytes added ,  29 October 2015
Added vulnerabilities
(Clarified registration protocol)
(Added vulnerabilities)
Line 329: Line 329:
}
}
</pre>
</pre>
===Vulnerabilities===
On deeper inspection of eXfio Peer v2 there are two vectors of attack that present themselves, a honeypot and a targeted phishing attack.
====Honeypot====
An adversary could set up a sync server and invite users to join with say an offer of unlimited stage. When the user registers the hostile sync server initialises the storage with a fictitious authorised device, thus giving the impression that the user had previously registered with the service. The user could be presented with an authcode to enter on their device this transferring a pre-generated master key, known by the server, to the newly registered device.
'''Countermeasures'''
TODO
====Targeted Phishing====
TODO
'''Countermeasures'''
TODO


=== Registration Protocol v2 ===
=== Registration Protocol v2 ===
Nickel chrome
113

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1103139"

Navigation menu