GNSO Email Archives: [ga]

ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>> <<< Thread Index >>>

[ga] The Internet's Biggest Security Hole Revealed

To: Ga <ga@xxxxxxxxxxxxxx>, ALAC NA Discuss <na-discuss@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [ga] The Internet's Biggest Security Hole Revealed
From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
Date: Wed, 27 Aug 2008 02:27:51 -0700

All,

  As if some of us for years didn't already know...

  Again this was discussed on several occasions in the old DNSO
and some of us felt and likely still feel that the severity of this long

known security hole was downplayed or ignored by ICANN and
at that time, especially the IANA.  Here we are nearly 10 years
later, and still ICANN hasn't yet even recognize this security hole
as a significant safety and stability issue.  One has to wonder why...

See:
At DEFCON, Tony Kapela and Alex Pilosov demonstrated a
 http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html drastic
weakness in the Internet's infrastructure that had long been rumored,
but
wasn't believed practical. They showed how to hijack BGP (the border
gateway protocol) in order to eavesdrop on Net traffic in a way that
wouldn't be simple to detect. Quoting: "'It's at least as big an issue
as
the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer

security expert and former member of the L0pht hacking group, who
testified to Congress in 1998 that he could bring down the internet in
30
minutes using a similar BGP attack, and disclosed privately to
government
agents how BGP could also be exploited to eavesdrop. 'I went around
screaming my head about this about ten or twelve years ago... We
described this to intelligence agencies and to the National Security
Council, in detail.' The man-in-the-middle attack exploits BGP to fool
routers into re-directing data to an eavesdropper's network." Here's the

PDF of
https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
Kapela and Pilosov's presentation.

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827

<<< Chronological Index >>> <<< Thread Index >>>