Home page logo

dailydave logo Dailydave mailing list archives

Re: tubes clogged
From: Petja van der Lek <lek () xs4all nl>
Date: Mon, 29 Dec 2008 19:54:57 +0100

Drat! A JPEG image. We all know that censored documents are *supposed*
to be created using the Acrobat mark up tool, right? It's not fair.

But, guesses are free, so here's mine.

"...their research required massive computational resources that had to
be utilized within a specific window of time": indicates some form of
brute-force cryptokey cracking.

"a practical attack that affects the security of all Internet users":
crypto technology in use by *all* Internet users would be SSL. So we'd
likely be talking about HTTPS or possibly some (vendor specific) SSL-VPN

"The main result of our proof of concept attack is that we are in the
possession of...": indicates a disclosure vulnerability, rather than
anything DoS-like.

"Their research combined a known weakness in one area with a massive
resource investment in another...": more clues, leading to the
conclusion below.

So, I'd say we're looking at some sort of transparent MITM SSL snooping
attack. Traffic would be intercepted using your garden-variety BGP
trickery, and some brute-force cracking is used to exploit an OpenSSH
flaw or a vendor-specific SSL-VPN implementation bug. As proof, Alex and
Jacob will be putting John Chambers' emails on display.

Any points scored?


H D Moore wrote:
On Monday 29 December 2008, Alexander Sotirov wrote:
I hereby grant the security community permission to freely speculate
about the details of our latest research:


Less speculation and more justification for the secrecy:

Dailydave mailing list
Dailydave () lists immunitysec com

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]