The Internet's Biggest Security Hole Revealed 330
At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.
Re:Fun fun fud (Score:5, Insightful)
SSL (Score:5, Insightful)
I hope that all of those people who thought that getting users to blindly accept self signed certs was a good idea are starting to feel a bit stupid now...
An SSL cert signed by a trusted central authority isn't the absolute solution to all mitm attacks, but it's a whole lot closer to 'safer' than not.
Re:Fun fun fud (Score:5, Insightful)
Re:Scary Much? (Score:5, Insightful)
Why this is not an issue: (Score:5, Insightful)
BGP is almost always setup manually, at least when first configured. Network admins: DO NOT PUT UNTRUSTED PEERS IN THE ACLs. Joe smith running BGP on 123abcxxxhost.nl has no business being in your tables. If you're accepting adverts from any AS you deserve what you get.
The routing on the Internet has always been hierarchical: get updates from your upstreams. If they send you bad info you're SOL anyway, just like SSL certs and Verisign's root certs.
Comment removed (Score:5, Insightful)
Re:SSL (Score:1, Insightful)
Despite trying to, you still haven't made a case for a "trusted central authority." People don't read cert warnings, they blindly click "ok" and soldier on.
Your best bet (in an organization) is to distribute the correct CA cert for your sites, even if it is self-signed, and tell people to stop accepting cert warnings, period. That way even if the traffic is sniffed and your users are redirected to a poser site, there's no way he can generate a cert that doesn't raise the warning flag.
Wait, you're telling me.... (Score:5, Insightful)
Wait, you're telling me that they taught US intelligence agencies and the National Security guys how to attack the internet with man-in-the-middle attacks and exploits to fool routers into re-directing data to an eavesdropper's network...
and they didn't do anything to end the interception and eavesdropping problem???
I am shocked.
-
Sigh... (Score:3, Insightful)
'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.'
For a hacker he's pretty dumb. Everyone knows that the best way get attention directed to an exploit is to publish the entire kiddie-porn-folder of the person who can fix it, using the exploit in question.
Re:The man in the middle (Score:3, Insightful)
Lucky you. The article is still on Slashdot's main page [slashdot.org].
Re:Fun fun fud (Score:2, Insightful)
Nah, all important white house email gets sent through private servers anyway..
Re:SSL (Score:5, Insightful)
What should be done is that self-signed certs should be acceptable, with the right handling. The way ssh does this is a good one; it alerts you when you initially connect, and throws up an extremely loud and nasty warning if the host's cert has changed from the last time you connect.
That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat. Which means they have just as much a chance of picking the unsafe choice as they do the safe choice. So Firefox's solution has been make it hard to pick the unsafe choice. Make it so that you pretty much have to understand what's going on in order to even get the chance to pick the potentially unsafe choice. That seems like a pretty good policy to me.
Re:The man in the middle (Score:5, Insightful)
Yeah.. That's funny. Nice observation there...
Just one thing though... You sound like the teenage boys who always claim they want to grow up to be a gynecologist. Problem with that is that gynecologists usually see the worst looking, diseased, and nasty vagina. Not the good looking, sweet smelling, celebrity vagina.
So the guy who has all the internet porn is going to have quite a collection of goatse and things that will make you WANT to go back to looking at goatse.
ESES is mature? (Score:5, Insightful)
I've seen implementations of ISIS, and have deployed it myself in both IP and ATM environments. I've never seen an actual deployment of ESES, and I've never heard of one either. I've encountered ISIS adjacencies which don't form correctly, and come up as ESIS, though.
What hardware supports ESES?
Re:SSL (Score:5, Insightful)
Properly signed certs should be given higher priority, but a self -signed cert is still vastly better than nothing. The problem is that current browsers treat self-signed certs as being the worst of the three, when in reality they're much better than a naked HTTP connection.
Exactly. I certainly don't want to sign on to my online banking for the first time and find that it's using a self-signed certificate. On the other hand, if I had to choose between a self-signed certificate and transmitting login information in plain-text, there's no contest.
I'm of the opinion that encryption should be encouraged in order to stop simple snooping, even if it doesn't prevent more complex attacks. It's not as though certificate authorities are all that diligent in their identity verification anyhow.
What did he expect? (Score:5, Insightful)
Great, give the very people who want to abuse this the most the inside details, then show shock when it isn't fixed.
this is one of those exploits (Score:5, Insightful)
that requires one teensy weensy detail to work (in other words, one huge wonking detail)
here, it is to be a bgp level peer
kind of like i can empty a bank of all of its money
all i need is the key to the safe
yeah, minor detail
so do i panic now?
Re:Fun fun fud (Score:5, Insightful)
Re:SSL (Score:3, Insightful)
This whole debate would be better centered if Firefox put up the same scary boxes for unencrypted .htaccess as it does for self-signed certs. How could one be worse than the other?
Unless you use a password generator (such as apg on OpenBSD) and have a photographic memory, passwordsafe, and never suffer hang-overs, most people re-use similar password structure even if the careless passwords and careful passwords are significantly different (which I doubt is the norm).
What do you think the entropy is on the average person's bank password after half a dozen samples of their unencrypted throw-away passwords have been sprayed around the internet by a bunch of imperioed BGP routers?
And that's not even counting the occasion where you lose the marble momentarily and discover you've just typed your most uber secure password into a login field the wrong tab, which means it now needs to be burned, but who does?
Passwords passed around the internet in plain text just as tainted as any self-signed SSL cert, and twice as self-inflicted. Brought to you by the same grey beards who engineered open SMTP relays.
Re:The man in the middle (Score:5, Insightful)
plus goatse has fewer gaping assholes
So *That's* How They Do It (Score:3, Insightful)
So these guys go and convince the spooks that the Internet can be hijacked for comprehensive but totally stealth eavesdropping. And the spooks "don't do anything about it".
Except they do, don't they. The spooks go ahead and snoop the entire Internet. For the last 10 years.
I'm surprised at only the fact that the L0pht guys and others are still alive and running around loose to tell anyone that the spooks have known how to do this for this whole time.
Why is it taking so long for all Internet traffic to be encrypted end to end by default?
Not really the unsafe choice. (Score:3, Insightful)
> So Firefox's solution has been make it hard to pick the unsafe choice.
Except they really haven't. They've made it hard to make the sorta-kinda-theoretically-less-safe choice, the one that might result in a MITM attack, but in doing so they discourage SSL use generally.
Do you think that hypothetical user you're talking about is going to notice whether the page is using SSL or not? I doubt it. And a lot of companies seem to agree, and use plain old HTTP for all sorts of stuff when they shouldn't (we just had an FPP on this a few days ago, in fact).
As script-kiddyable as MITM attacks may get, they're never going to be as easy as just sniffing unencrypted traffic, and any time you make encryption difficult or complicated, that's the alternative people use.
Re:Oh, just great! (Score:3, Insightful)
Not exactly weird. If cracking networks, etc., is your bag, and somebody offers you a high-paying, stable job where you can not only spend your time doing that, but doing it without fear of prosecution, that could be kind of hard to turn down.
brilliant (Score:3, Insightful)
One Word (Score:3, Insightful)
End-to-end encryption prevents eavesdropping.
Re:Fun fun fud (Score:1, Insightful)
There are lots of ISPs without their own ASN. It shouldn't be too hard. I bet there are several listed in your local phone directory.
BGP = virtually no authentication or encryption ... so what?
If you can't trust your neighbor what are you doing processing data from them at all?
The real problem as TFA pointed out really has to do with enforcing reasonable topologies between peers. Possibilities for this crap would diminish greatly if upstreams were better at filtering their downstreams advertisements. Use of some very secure trusted registry out-of-band from BGP is a good way to get there.
The paper embelishes the problem by relying on non-allocated blocks for some of its figures and plays to the BGP is not secure ignorance as if thats a contributing factor when it clearly is not. I agree with the general sentiment however.
Re:SSL (Score:5, Insightful)
For those people, who are the majority, those messages don't mean squat.
Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.
The real problems that need to be fixed are:
That seems like a pretty good policy to me.
It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.
Programmers complain incessantly about users ignoring messages. Almost always it's the programmer's fault for not designing their user interface for their target audience. Why on earth should a user take any notice of messages that
---
"Advertising supported" just means you're paying twice over, once in time to watch/avoid the ad and twice in the increased price of the product to pay for the ad.
Re:SSL (Score:4, Insightful)
Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.
Consider this - how often is a neophyte going to connect to a site with a self-signed certificate that actually has important information to keep encrypted but without any special instructions given ahead of time? Now how often is a neophyte going to connect to a spoof site (of a site which, by definition has important information, else it wouldn't be spoofed) with the use of a self-signed certificate?
I think the second case is going to be a lot more common than the first.
It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.
Talk about missing the point. Neophytes will NEVER know what to do with a pop-up of highly technical nature like this one. So better that the pop-up guide the neophyte into the default safe case while still providing information and choice to cognizant users. That's exactly what firefox does now.
Re:Fun fun fud (Score:3, Insightful)
I think not (Score:5, Insightful)
A man-in-the-middle attack on BGP would require that you intercept and re-write BGP data. The only place to do that is if you can insert some hardware on the physical route between two BGP-speaking routers. That is, on the cable between two ISPs that are peering with each other or have a transit agreement. While the BGP protocol could, in theory, be routed across the internet, my understanding is that in practice it never is.
Add to that that to successfully perform such an attack, you would need appropriate (expensive) network interfaces and hardware capable of speaking fast enough, and this "attack" becomes something that needs a *lot* of resources to pull off. Sure, governments and big corporations can do it, maybe big organised crime could too, but yer average bedroom cracker couldn't.
And why would the big boys bother anyway, when they can just announce bogus routes [renesys.com]?
Re:Fun fun fud (Score:4, Insightful)
Isn't this why PGP was integrated into many email clients years ago? Since when have people considered the Internet safe from eavesdropping? Since I started using the internet in 1995, I have been warned many times by countless posts and websites informing people of the potential for eavesdropping on the internet. Haven't you seen any of these warnings? This is nothing new.
Re:SSL (Score:3, Insightful)
whoa whoa whoa... what is the programmer doing designing the user interface??
I kid, I kid. I know it happens all the time, even I do it. But in the cases of companies like MS or even larger organizations like Mozilla, I'm not really joking..
Re:SSL (Score:3, Insightful)
And that never happened in this case either.
Eight years ago a group of hackers applied for two code signing certificates for microsoft.com. During the issue process it was discovered that the application was fraudulent and that the certificates had already been issued. A bug in the issue processing software had allowed a single operator to issue the certificate, the process is meant to require two.
The issue was immediately reported to Microsoft and a public statement made. The certificates were also placed on the certificate revocation list. The certificates expired many years ago and there is no evidence that they were ever used.
That is two process failures out of something like 400,000 SSL certificates issued each year.
The system is actually designed to cope with some failures, that is one reason we have CRLs and now OCSP.
Re:SSL (Score:5, Insightful)
That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.
And you know, teenage kids who "just want to drive the damn car" are also responsible for a substantial portion of collisions. Coincidence?
The fundamental mistake of computer security is assuming that it can be made easy for the lowest common denominator. It can't. Sorry, I've got no clever analogy for this one -- but it's true. There is simply no way that you can design a system that can retain its security in the face of a user that is both ignorant and has no desire to learn how to properly use the tools at his disposal. You just can't do it. Warnings will be ignored, errors will be bypassed, and someone who wants to remain ignorant will, no matter how many hoops he has to jump through to do it. Most users aren't just ignorant -- they revel in it: how many times have you heard someone say "Oh, I'm just hopeless with computer stuff", followed by a smirk and a giggle? There ain't enough crypto in the world can protect that user.
Designing a security measure around the lowest common denominator will make everyone less secure, all in the name of making someone who wants to remain ignorant slightly more comfortable. And for the benefit of all of us who want real security, this is a very, very bad idea.
Re:Fun fun fud (Score:2, Insightful)
Except that quite a bit of this particular White House's email communications weren't going over SIPR, they were going through GOP servers and Blackberries. Which means it was on the public internet.
Security only works when people use it.
(Former Navy communications nerd, now in the private sector.)
Re:SSL (Score:3, Insightful)
This is a false dilemma. If your bank's web site presents a self-signed certificate, then you shouldn't log into your account.
Well, yeah, that was my point. If it's my bank then I want a certificate from a real CA. However, if my friend is running a private forum and he wants to use a self-signed certificate rather than paying for one, I'd probably rather he do that than leave my login information as plain-text.
The problem, in my mind, is that login credentials should *always* be encrypted, but we shouldn't require that every website pay someone else for a certificate that they can generate themselves. Since most sites aren't going to get complex phishing and man-in-the-middle attacks, it's probably not that big of a deal. The security of the key exchange should be roughly proportional to the required security of the site, but logins should always be encrypted.
If anything, the glut of certificates granted by careless CA who don't bother to verify identities is fostering a false sense of security.
Re:The man in the middle (Score:2, Insightful)
Yeah, I'm going to get a few more like this. And I deserve them. You're right. Let's all lighten up a little, ok?