North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Revealed: The Internet's Biggest Security Hole
Nothing will change. You think DNSSEC is hard? Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area. Marc ------Original Message------ From: Gadi Evron To: Frank Cc: NANOG list Sent: Aug 27, 2008 20:54 Subject: Re: Revealed: The Internet's Biggest Security Hole hehe "new". hehe Maybe something will change now' though, it was a great and impressive presentation, hijacking the defcon network and tweaking TTL to hide it. On Thu, 28 Aug 2008, Frank wrote: > http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html > > Two security researchers have demonstrated a new technique to stealthily > intercept internet traffic on a scale previously presumed to be unavailable > to anyone outside of intelligence agencies like the National Security > Agency. > > The tactic exploits the internet routing protocol BGP (Border Gateway > Protocol) to let an attacker surreptitiously monitor unencrypted internet > traffic anywhere in the world, and even modify it before it reaches its > destination. > > The demonstration is only the latest attack to highlight fundamental > security weaknesses in some of the internet's core protocols. Those > protocols were largely developed in the 1970s with the assumption that every > node on the then-nascent network would be trustworthy. The world was > reminded of the quaintness of that assumption in July, when researcher Dan > Kaminsky disclosed<http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html>a > serious vulnerability in the DNS system. Experts say the new > demonstration > targets a potentially larger weakness. > > "It's a huge issue. It's at least as big an issue as the DNS issue, if not > bigger," said Peiter "Mudge" Zatko, noted computer security expert and ------Original Message Truncated------ -------------------------- Marcus H. Sachs Verizon 202 515 2463 Sent from my BlackBerry
|