View Full Version : Re: Revealed: The Internet's Biggest Security Hole

08-28-08, 12:50 PM
On Thu, 28 Aug 2008 15:24:23 GMT, Colin B. wrote:

> In comp.security.misc Ari <DROPTheJooseIsLoose@gmail.comcapitalletters> wrote:
>> On Wed, 27 Aug 2008 22:46:04 +0200, Anonymous Remailer wrote:
>>> Two security researchers have demonstrated a new technique to
>>> stealthily intercept internet traffic on a scale previously presumed to
>>> be unavailable to anyone outside of intelligence agencies like the
>>> National Security Agency.
>> That's horseshit right there.
>>> http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
>> OK let's think about this. Where did the Internet come from? Patching
>> together a slopful of open architectures with educational-based,
>> industrial funded computer research departments. Let's not forget
>> D.A.R.P.A who at the time might have been a RAND subsidiary.
>> FF to Summer 2008. Wow, lookkee here, a system based upon the
>> trustworthiness of a slopful of independent machines with dumb (but
>> hackable ala Cisco at Defcon)routers is being exploited? And no one
>> knew?
>> hahahahahaha.
>> Folks have been screaming about these /known/ Internet holes for a
>> quarter of a century. They have been interviewed by every intel agency
>> on the US planet.
> Funniest part of this article is that the researchers keep pointing out
> that this isn't a new attack, or news to anyone.
> Peiter "Mudge" Zatko (...) testified to Congress in 1998
> that he could bring down the internet in 30 minutes using
> a similar BGP attack
> "I went around screaming my head about this about ten or
> twelve years ago.... We described this to intelligence
> agencies and to the National Security Council, in detail."
> And later,
> "Everyone ... has assumed until now that you have to break
> something for a hijack to be useful," Kapela said. "But what
> we showed here is that you don't have to break anything. And
> if nothing breaks, who notices?"
> Isn't that the very _definition_ of a Man in the Middle attack?
> No complaints about the guys doing the work, but the article was a
> sad bit of panic.

Sad bit of panic, well said.