blog.wired.com — Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency. The demonstration is the latest attack to highlight fundamental security weaknesses in some of the web's core protocols.
Aug 27, 2008 View in Crawl 4
jrobbioAug 27, 2008
Don't you think this ties in nicely to the fact that Obama's selected VP is opposed to encryption? They may not have exactly designed the system to be snoopable, but they haven't done anything to patch it up either. I remember on an ethical hackers course that I went on being alarmed out how easy it was to listen to unencrypted traffic without anyone noticing there was a problem.A certificate system sounds like a bad idea because it could kill the flexibility of the internet if it wasn't managed properly. Or am I wrong?
s5s5s5Aug 27, 2008
If anyone needs a summary of the article;You go to your postman and say that there is a shortcut through your driveway to where he is going. He blindly trusts you. As he is going through your driveway, you take a peek at all the postage. He goes on his merry way and no one is the wiser.
madharveyAug 27, 2008
who?
rootxploitAug 29, 2008
THIS IS NOT NEW! We've always assumed that major ISPs were trusty to learn routes from."Pilosov and Kapela use a method called AS path prepending", EVERYONE in routing knows about this, it isn't anything new either.MANY years ago this was known and SBGP was the replacement. That will never be implemented, because it is expensive and there has never been an intentionally malicious case of this happening because you have to be an important ISP to successfully pull this off.Also this is more of an issue of authentication and not really encryption. We need to trust the data not necessarily conceal it."Anyone with a BGP router" - WRONG, anyone TRUSTED with a BGP boarder router. There are things in routers called route filters which allow you to block the advertised routes from untrusted entities.This is a great article for 1990, terrible for 2008. Either Wired reported on a very old not newsworthy issue or they misrepresented the idea. Either way TERRIBLE article. They should not compare this to a REAL attack like Kaminsky's!
hojibujiSep 13, 2008
This article has nothing to do about the quality or security of the code... the problem resides with lazy/uneducated network engineers at ISPs not properly configuring their BGP routers...
t1n0m3nJan 7, 2009
hojibuji: And if you comprehended my post, you will notice that I didn't call "ARP" a traffic model.LERN TO RED <---- (Intentionally misspelled for the retards actually reading this.)