Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
From: David Farber <dave () farber net>
Date: Wed, 27 Aug 2008 18:44:14 -0400



Begin forwarded message:

From: "Patrick W. Gilmore" <patrick () ianai net>
Date: August 27, 2008 6:18:06 PM EDT
To: dave () farber net
Cc: "Patrick W. Gilmore" <patrick () ianai net>
Subject: Re: [IP] The Internet's Biggest Security Hole | Threat Level from Wired.com

On Aug 27, 2008, at 5:14 PM, David Farber wrote:

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

I agree Alex & Anthony deserve major kudos, if for no other reason than doing it at Black Hat in real time. Way to go guys! However, this is not amazingly new information, it has been discussed for over a decade. At least I know I made my first attempt in 1998, and I am pretty damned certain I wasn't the first.

It was very nice proof of concept though, especially the hop-erasure (which sounds trivial but can be screwed up in an amazing number of ways if you are not careful). And I don't know if it has been done by using communities & prepending before. In the past people have used no-export (at least people I know), but that requires a network with the right connections in the right places.

So congrats to Alex & Anthony for doing it in new and interesting ways

But to be clear, this is neither the Internet's biggest security hole, nor its newest. The DNS bug, the SSH key-gen on Debian, and others are far, far, far worse.

IMHO, of course.

--
TTFN,
patrick





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]