Re: Revealed: The Internet's Biggest Security Hole
Nothing will change. You think DNSSEC is hard? Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area. Marc ------Original Message------ From: Gadi Evron To: Frank Cc: NANOG list Sent: Aug 27, 2008 20:54 Subject: Re: Revealed: The Internet's Biggest Security Hole hehe "new". hehe Maybe something will change now' though, it was a great and impressive presentation, hijacking the defcon network and tweaking TTL to hide it. On Thu, 28 Aug 2008, Frank wrote:
http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed<http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html>a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.
"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and
------Original Message Truncated------ -------------------------- Marcus H. Sachs Verizon 202 515 2463 Sent from my BlackBerry
On Wed, 27 Aug 2008 marcus.sachs@verizon.com wrote:
Nothing will change. You think DNSSEC is hard? Try getting support for the deployment of S-BGP or soBGP. Without a trust anchor and lots of community support it will remain largely an academic interest area.
I guess it will just remain a "cool" presentation than, and boy was it cool. You were there, any special impressions? Gadi.
Marc
------Original Message------ From: Gadi Evron To: Frank Cc: NANOG list Sent: Aug 27, 2008 20:54 Subject: Re: Revealed: The Internet's Biggest Security Hole
hehe "new". hehe
Maybe something will change now' though, it was a great and impressive presentation, hijacking the defcon network and tweaking TTL to hide it.
On Thu, 28 Aug 2008, Frank wrote:
http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed<http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html>a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.
"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and
------Original Message Truncated------
-------------------------- Marcus H. Sachs Verizon 202 515 2463
Sent from my BlackBerry
participants (2)
-
Gadi Evron
-
marcus.sachs@verizon.com