Re: The Internet's Biggest Security Hole | Threat Level from Wired.com

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Patrick W. Gilmore" <patrick () ianai net>
Date: August 27, 2008 6:18:06 PM EDT
To: dave () farber net
Cc: "Patrick W. Gilmore" <patrick () ianai net>
Subject: Re: [IP] The Internet's Biggest Security Hole | Threat Level  
from Wired.com

On Aug 27, 2008, at 5:14 PM, David Farber wrote:

> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

I agree Alex & Anthony deserve major kudos, if for no other reason  
than doing it at Black Hat in real time.  Way to go guys!  However,  
this is not amazingly new information, it has been discussed for over  
a decade.  At least I know I made my first attempt in 1998, and I am  
pretty damned certain I wasn't the first.

It was very nice proof of concept though, especially the hop-erasure  
(which sounds trivial but can be screwed up in an amazing number of  
ways if you are not careful).  And I don't know if it has been done by  
using communities & prepending before.  In the past people have used  
no-export (at least people I know), but that requires a network with  
the right connections in the right places.

So congrats to Alex & Anthony for doing it in new and interesting ways

But to be clear, this is neither the Internet's biggest security hole,  
nor its newest.  The DNS bug, the SSH key-gen on Debian, and others  
are far, far, far worse.

IMHO, of course.

--
TTFN,
patrick





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com