Interesting People mailing list archives
Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
From: David Farber <dave () farber net>
Date: Wed, 27 Aug 2008 18:44:14 -0400
Begin forwarded message: From: "Patrick W. Gilmore" <patrick () ianai net> Date: August 27, 2008 6:18:06 PM EDT To: dave () farber net Cc: "Patrick W. Gilmore" <patrick () ianai net>Subject: Re: [IP] The Internet's Biggest Security Hole | Threat Level from Wired.com
On Aug 27, 2008, at 5:14 PM, David Farber wrote:
http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
I agree Alex & Anthony deserve major kudos, if for no other reason than doing it at Black Hat in real time. Way to go guys! However, this is not amazingly new information, it has been discussed for over a decade. At least I know I made my first attempt in 1998, and I am pretty damned certain I wasn't the first.
It was very nice proof of concept though, especially the hop-erasure (which sounds trivial but can be screwed up in an amazing number of ways if you are not careful). And I don't know if it has been done by using communities & prepending before. In the past people have used no-export (at least people I know), but that requires a network with the right connections in the right places.
So congrats to Alex & Anthony for doing it in new and interesting waysBut to be clear, this is neither the Internet's biggest security hole, nor its newest. The DNS bug, the SSH key-gen on Debian, and others are far, far, far worse.
IMHO, of course. -- TTFN, patrick ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 27)
- <Possible follow-ups>
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 27)
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)
- Message not available
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)
- Message not available
- Message not available
- Message not available
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)