Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
From: David Farber <dave () farber net>
Date: Thu, 28 Aug 2008 05:45:34 -0400



Begin forwarded message:

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: August 27, 2008 8:19:18 PM EDT
To: dave () farber net
Subject: Re: [IP] Re: The Internet's Biggest Security Hole | Threat Level from Wired.com

On Wed, 27 Aug 2008 18:44:14 -0400
David Farber <dave () farber net> wrote:



Begin forwarded message:

From: "Patrick W. Gilmore" <patrick () ianai net>
Date: August 27, 2008 6:18:06 PM EDT
To: dave () farber net
Cc: "Patrick W. Gilmore" <patrick () ianai net>
Subject: Re: [IP] The Internet's Biggest Security Hole | Threat
Level from Wired.com

On Aug 27, 2008, at 5:14 PM, David Farber wrote:

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

I agree Alex & Anthony deserve major kudos, if for no other reason
than doing it at Black Hat in real time.  Way to go guys!  However,
this is not amazingly new information, it has been discussed for
over a decade.  At least I know I made my first attempt in 1998, and
I am pretty damned certain I wasn't the first.

Indeed -- this is an old attack.  The update page --
http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html -- gives
more of the history.  It goes back at least as far as my 1989 paper
(see http://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf for the
annotated version from 2004) and Radia Perlman's 1988 dissertation on
routing security.  As I told Wired, "the good guys have been warning
about this for 20 years, and nothing has happened!"



                --Steve Bellovin, http://www.cs.columbia.edu/~smb




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]