At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network."Note that the US Government knows since 1998 how to eavesdrop without being noticed.
Webtapping refers to the practice of logging the IP addresses of users that access certain websites. Though it is allowed by the PATRIOT Act, it is considered by many to be at the very least a questionable practice, if not an all-out violation of civil liberties. [edit—WikiPedia] This blog discusses privacy and security matters in the era of Social Networking, Blogging, WiFi, hosted emails and files and the Patriot Act and the Great Firewall of China.
Wednesday, 27 August 2008
The Internet's Biggest Security Hole Revealed
Slashdot runs the following story:
No comments:
Post a Comment