The Community for Technology Leaders
RSS Icon
Subscribe
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISBN: 0-7695-2461-3
pp: 245-253
John Black , University of Colorado
Martin Cochran , University of Colorado
Martin Ryan Gardner , University of Colorado
ABSTRACT
The Internet Chess Club (ICC) is a popular online chess server with more than 30,000 members worldwide including various celebrities and the best chess players in the world. Although the ICC website assures its users that the security protocol used between client and server provides sufficient security for sensitive information to be transmitted (such as credit card numbers), we show this is not true. In particular we show how a passive adversary can easily read all communications with a trivial amount of computation, and how an active adversary can gain virtually unlimited powers over an ICC user. We also show simple methods for defeating the timestamping mechanism used by ICC. For each problem we uncover, we suggest repairs and draw conclusions on how to best avoid repeating these types of problems in the future.
INDEX TERMS
null
CITATION
John Black, Martin Cochran, Martin Ryan Gardner, "Lessons Learned: A Security Analysis of the Internet Chess Club", ACSAC, 2005, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2005, pp. 245-253, doi:10.1109/CSAC.2005.36
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool