more on Big holes in net's heart revealed

[David Farber <dave () farber net>]

Begin forwarded message:

From: brett watson <brett () the-watsons org>
Date: April 30, 2006 11:31:37 AM EDT
To: dave () farber net
Subject: Re: [IP] Big holes in net's heart revealed

hi dave,

your readers that are not on the dns-operations list might find the  
following thread an interesting read related to the cornell project  
discussed in this article.  the first posting begins here:

http://lists.oarci.net/pipermail/dns-operations/2006-April/000504.html


-b



On Apr 30, 2006, at 5:32 AM, David Farber wrote:

> Something "well known" but not advertised till now. djf
>
>
> Begin forwarded message:
>
> From: Dewayne Hendricks <dewayne () WARPSPEED COM>
> Date: April 30, 2006 5:11:08 AM EDT
> To: Dewayne-Net Technology List <dewayne-net () WARPSPEED COM>
> Subject: [Dewayne-Net] Big holes in net's heart revealed
> Reply-To: dewayne () WARPSPEED COM
>
>  Big holes in net's heart revealed
> By Mark Ward
> Technology Correspondent, BBC News website
>
> Simple attacks could let malicious hackers take over more than one- 
> third of the net's sites, reveals research.
>
> The finding was uncovered by researchers who analysed how the net's  
> addressing system works.
>
> They also found that if the simple attacks were combined with so- 
> called denial-of-service attacks, 85% of the net becomes vulnerable  
> to take-over.
>
> The researchers recommended big changes to the net's addressing  
> system to tackle the vulnerability at its heart.
>
> Site seizing
>
> When you visit a website, such as news.bbc.co.uk, your computer  
> often asks one of the net's address books, or domain name servers,  
> for information about where that site resides.
>
> But the number of computers that have to be consulted to find the  
> computers where that site is located often makes sites vulnerable  
> to attack by vandals and criminals, found Assistant Professor Emin  
> Gun Sirer and Venugopalan Ramasubramanian from the Department of  
> Computer Science at Cornell University.
>
> Professor Sirer told the BBC News website that, on average, 46  
> computers holding different information about the components of net  
> addresses are consulted to find out where each dotcom site is  
> actually hosted.
>
> But, he said, this chain of dependencies between the computers that  
> look after the different parts of net addresses creates all kinds  
> of vulnerabilities that clever hackers could easily exploit.
>
> "The growth of the internet has caused these dependencies to  
> emerge," said Professor Sirer. "Instead of having to compromise one  
> you can compromise any one of the three dozen."
>
> All the information gathered and analysed by the researchers has to  
> be publicly available to keep the net's addressing system working.  
> The research analysed information about almost 600,000 computers.
>
> The research also revealed that 17% of the servers that host the  
> net's address books are vulnerable to attack via widely known  
> exploits.
>
> "Because of these dependencies about one-third of the net's names  
> are trivially compromisable by script kiddies," he said.
>
> One site vulnerable in this way was run by the FBI, said Professor.  
> Sirer. Although the five computers that act as the first reference  
> point for the fbi.gov domain were secure, one of the five that  
> connect to these has yet to install a patch for a well-known bug.
>
> That computer was fixed after the Cornell team reported its  
> findings to the FBI, but hundreds of thousands of sites suffer from  
> similar problems.
>
> The most vulnerable net domain found by the survey was that of the  
> Roman Catholic Church in the Ukraine.
>
> Criminals such as phishing gangs would be interested in re- 
> directing traffic from well-known sites so they can grab key login  
> and personal details that would help them de-fraud web users.
>
> [snip]
>
> Story from BBC NEWS:
> <http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4954208.stm>
>
> Published: 2006/04/28 13:58:07 GMT
>
> Weblog at: <http://weblog.warpspeed.com>
>
>
>
> -------------------------------------
> You are subscribed as brett () the-watsons org
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/