The Internet's Biggest Security Hole Revealed 330
At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.
The man in the middle (Score:3, Funny)
Must have the world's largest collection of online porn.
Which would figure, actually.
Re:Scary Much? (Score:1, Funny)
I find the thought of this genuinley scary. Correct me if I am wrong, but we would have to change the BGP protocol itself to fix this issue. That isn't going to happen anytime soon I reckon, so I guess there is nothing we can do but encrypt senstive transmissions and hope for the best.
Hell, lets 'fix' SMTP while we're at it... ;)
Re:Fun fun fud (Score:5, Funny)
Depends on how much you value your privacy, Mr. Stephen P Wallagher of 4242 Green Leafy Forest Terrace, Springfield, Ohio 55538, Phone number 1-900-Hot Dude, alias "Lovestospooge."
fixed.
Re:The man in the middle (Score:5, Funny)
How can a title including 'The Internet's Biggest ... Hole' not be kicked off with a goatse joke?
Re:Fun fun fud (Score:5, Funny)
Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?
Note, I've also given you the hint to prevent this bullshit from being a problem.
So we need to destroy the White House?
Re:Fun fun fud (Score:5, Funny)
Yes. Someone had managed to re-open the goatse.cx site again.
if you don't believe me, you know there is only one way to find out
Flaw revealed years ago (Score:3, Funny)
A hacker marauding by the name "Goatse" exposed it quite effectively some years back.
Government is on it. (Score:1, Funny)
... testified to Congress... disclosed privately to government agents... described this to intelligence agencies and to the National Security Council
So in other words, the US government knows about the issue. This is the United States government, people! Obviously there is nothing to worry about. Like, come on, as if the US government would allow eavesdropping on the information highways to even be possible. Like come on, srsly.
Re:Scary Much? (Score:4, Funny)
Re:Fun fun fud (Score:5, Funny)
Monoculture is bad? Good thing Internet Explorer offers a different take on W3C standards...
I kid, I kid.
Re:The man in the middle (Score:1, Funny)
that wouldn't have gotten +5
No, +11 !
Re:Fun fun fud (Score:5, Funny)
Re:Fun fun fud (Score:5, Funny)
No, it gets sent through Dick Cheney's hotmail account.
Re:You can bet good money... (Score:5, Funny)
Home Depot? The store that sells wood is spying on my Internet access?
Let the Rickrolls begin! (Score:2, Funny)
Re:Fun fun fud (Score:4, Funny)
What, you didn't get your secret decoder server?
Re:Scary Much? (Score:3, Funny)
XMPP
Re:You can bet good money... (Score:5, Funny)
If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people.
So they can tell if you have been going to Lowe's?
Re:Fun fun fud (Score:2, Funny)
if you don't believe me, you know there is only one way to find out
I believe you! I BELIEVE YOU!!
Re:You can bet good money... (Score:5, Funny)
He meant the Department of Homeland Depot. It's the privatization of government, don't you know.
Re:You can bet good money... (Score:3, Funny)
SLASHDOT SUX0RZ (Score:5, Funny)
The Internet's Biggest Hole Revealed at http://goatse.cz/ [goatse.cz]
Re:The man in the middle (Score:5, Funny)
Re:You can bet good money... (Score:3, Funny)
Home Depot? The store that sells wood is spying on my Internet access?
Yeah, they really know how to put the thumbscrews on.
Re:The man in the middle (Score:5, Funny)
Having seen (or been subjected to), as we all have, to upskirts of Britney, Paris, etc, I gotta say that "celebrity vagina" is by no means universally "good looking, sweet smelling"...
Re:The man in the middle (Score:5, Funny)
Over +9000!!!
Re:The man in the middle (Score:4, Funny)
So you've never actually seen coverage of the DNC and RNC then? Between the reporters, the candidates and the delegates I doubt a greater mass of gaping assholes was ever assembled.
Re:The man in the middle (Score:3, Funny)
Oops. Sign error. Never mind.
Re:Fun fun fud (Score:2, Funny)
Re:Fun fun fud (Score:4, Funny)
Heay! That's my private info!
I am now sending a federal law DMCA notice demanding you take my information down.
BTW, please don't run a Slashdot front page story on my DMCA takedown notice & info.
-
Re:Fun fun fud (Score:5, Funny)
Whew! Good thing you clicked the "Anonymous Coward" box when you posted that!
-
Re:Fun fun fud (Score:4, Funny)
Why can't I mod something "tragic"?
Re:Fun fun fud (Score:3, Funny)
Comment removed (Score:4, Funny)
Re:The man in the middle (Score:1, Funny)
Re:Fun fun fud (Score:4, Funny)
Yes. Definitely a good idea on my part.
Shit.
Re:The man in the middle (Score:1, Funny)