Oh, Meebo.

Thomas Ptacek | April 27th, 2006 | Filed Under: Bitching About Protocols, Defenses

I *heart* Meebo, which is a free AJAX-style, browser-based client for AIM, MSN, Yahoo, AIM, GTalk, and AIM. I have no actual complaints about the service, which is my lifeline to the outside world when I’m on web-only networks and need help from the team.

So I’m going to complain about it.

Apparently people are concerned about the security of their IM’s. I gather this because Meebo has taken to reassuring its users that it keeps their IM logins secure, using “1024 bit RSA keys”.

Unfortunately, this does not mean SSL. SSL for AJAX-style apps is “slow”, because for any one HTTP hit a Web 1.0 app makes, a Web 3.0 app makes 9,883,103. All of them have to be over HTTPS. Because of security.

So what Meebo does is, they implement RSA in Javascript, and have the browser “manually” encrypt the IM login before sending it back.

Which is to say, what Meebo does is, nothing.

We don’t even need to get into the details of trusting whatever key the browser thinks is coming from Meebo’s site, and how public key encryption is not as simple as transmitting a public key and then just using it. Because you’re not retrieving that login page over a trusted channel.

What RSA ostensibly does is, the bad guys can’t sniff logins out of traffic. Ok, they can’t. But they can sniff TCP sequence numbers, and they can send TCP packets, and the same attacker that RSA addresses can completely replace Meebo’s secure login with an insecure version of same, minus the encryption.

Does RSA hurt anything here? No. But is there a serious threat model that it helps with? No. Meebo actually provides an https login, which is great (though frankly, when I get https hiccups, I just say “fuck it” and log in “insecurely”. It’s just AIM, and it’s all going to OSCAR anyways).

Security is hard, mmkay?

9 Comments so far

  • sandy

    May 2nd, 2006 5:09 am

    Hi Thomas,

    The basic idea was to prevent someone with passive access to your communication channel from easily grabbing your information. While someone could still actively spoof meebo, which is harder, at least the data is not sent across the wire in the clear. We know it’s not an end-to-end solution like HTTPS but it’s a reasonable win, and one that we think is important enough to have pursued.

    Now that we’ve got a bit more time and resources, we’re looking into how to provide a more complete solution — it’s an ongoing process but it’s definitely something we’ve been thinking about and prioritizing. I appreciate your feedback!

    sandy

  • Dino Dai Zovi

    May 5th, 2006 2:40 am

    The way I look at it, even logging into meebo over SSL is not enough (yes, my AIM credentials are just that important ;) ). Meebo just uses my password to log in as me into OSCAR, which uses an MD5 challenge/response authentication protocol. So my password never needs to leave my browser. It’d be really cool if Meebo would pass the challenge to my browser, which would create the challenge in Javascript and POST it back to Meebo. It’d be a little slower to log in, but definitely more secure.

    Nascent security-conscious web 2.0 startups take note: I’d also really like a slick web 2.0 site that used my own IMAP server but used my browser for the CRAM-MD5 authentication.

  • Dave G.

    May 8th, 2006 5:22 pm

    Thats becaues Dino’s AIM credentials are the same as his luggage combination. Interesting fact: The lock on Dino’s luggage is 32 digits long, and supports upper ASCII.

  • jimmy

    October 13th, 2006 12:09 pm

    check out http://www.koolim.com

  • mark

    October 31st, 2006 1:57 pm

    Check out http://www.koolim.com

    Its a great web based messenger.

    It supports AIM, ICQ, MSN, Yahoo!, IRC, Jabber, Sametime and others.

    Have a great day.

  • warl0ck

    September 12th, 2007 8:28 pm

    That’s why one finds the protocols (ex. key exchange) before
    the cipher’s in the schneier’s book and other good cryptography books.

  • Thomas Ptacek

    September 12th, 2007 8:36 pm

    You know what’s sad? Despite the fact that even the author of that book agrees that it did grevious harm to the industry, you didn’t even cite it properly: key exchange comes almost dead last in _Applied_. Sorry. Something about references to That Book just gets my blood boiling.

  • Christian Heinrich

    October 25th, 2007 5:05 am

    @Thomas Ptacek

    You have to consider that meebo implemented RSA with a “1024-bit Key” to exploit the psychology of its end users whose study of Cryptography is stunted by “Applied Cryptography”.

  • kL

    November 22nd, 2007 7:04 am

    Passive access only? That seems more like a corner case.

    DNS spoofing? Rogue proxy or infected Winsock (spyware)? Hacked router (public wi-fi, wi-fi honeypots)? All give full access.

    • Leave a reply