The Internet's Biggest Security Hole Revealed

At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.

The man in the middle

[symbolset]

Must have the world's largest collection of online porn.

Which would figure, actually.

Re:The man in the middle

[gnick]

How can a title including 'The Internet's Biggest ... Hole' not be kicked off with a goatse joke?

Re:The man in the middle

[zappepcs]

There is one thing about that collection though, they'll end up with 1403 copies of every picture, all with different names. I want a look at the software that detects duplicates and sorts all those files out.

Re:The man in the middle

that wouldn't have gotten +5

Re:The man in the middle

[symbolset]

.... I want a look at the software that detects duplicates and sorts all those files out.

Lucky you. The article is still on Slashdot's main page.

Re:The man in the middle

[EdIII]

Yeah.. That's funny. Nice observation there...

Just one thing though... You sound like the teenage boys who always claim they want to grow up to be a gynecologist. Problem with that is that gynecologists usually see the worst looking, diseased, and nasty vagina. Not the good looking, sweet smelling, celebrity vagina.

So the guy who has all the internet porn is going to have quite a collection of goatse and things that will make you WANT to go back to looking at goatse.

Re:The man in the middle

[newr00tic]

that wouldn't have gotten +5

No, +11 !

Re:The man in the middle

[symbolset]

The only thing that would make me want to go back to looking at goatse would be footage of the the DNC and RNC. Goatse is abhorrent but my morbid curiosity has limits.

Re:The man in the middle

[IMightB]

plus goatse has fewer gaping assholes

Re:The man in the middle

[Bill+Hayden]

He said he doesn't want to see duplicates... why are you sending him to Slashdot's main page?

Re:The man in the middle

[Achromatic1978]

Not the good looking, sweet smelling, celebrity vagina.

Having seen (or been subjected to), as we all have, to upskirts of Britney, Paris, etc, I gotta say that "celebrity vagina" is by no means universally "good looking, sweet smelling"...

Re:The man in the middle

[DrEldarion]

+3?

Re:The man in the middle

Over +9000!!!

Re:The man in the middle

[symbolset]

plus goatse has fewer gaping assholes

So you've never actually seen coverage of the DNC and RNC then? Between the reporters, the candidates and the delegates I doubt a greater mass of gaping assholes was ever assembled.

Re:The man in the middle

[stms]

It would still be a pretty impressive porn collection.... no matter what your fancy.

Re:The man in the middle

[symbolset]

Oops. Sign error. Never mind.

Re:The man in the middle

[symbolset]

How can a title including 'The Internet's Biggest ... Hole' not be kicked off with a goatse joke?

Forgive me here. On slashdot it's all about who gets their comment off first.

sigh.

Re:The man in the middle

You must be new here.

Re:The man in the middle

[bytesex]

I dunno man. I dunno. Two out of three ain't bad, and photos do not report on the smell of their pussy. I say the answer is still up for grabs and that more evidence is needed. I suggest we gather a group of people, ring on those celebrities' doors and ask 'em if we can have a sample. You in ?

Re:The man in the middle

[sowth]

Well old man, don't pretend like you are dispensing insightful observations when you really just an asshole who can't read and likes to insult people to make his statements sound better.

Oh come on! Don't try to discourage such people, otherwise we might end up with insightful, informative articles and debates. Who would want that?

Re:The man in the middle

Jup, I can confirm. Yesterday I came across a page with pictures of an Asian woman having sex with a dead and demolished frog. I kid you not.

Re:The man in the middle

[Alphasite]

Slashdot, the only site in internet where a post titled The Internet Biggest Security Hole can result on a vagina talk.

Correcting myself is the site with the fastest convergence rate to that topic.

Re:The man in the middle

[G0rAk]

... Yesterday I came across a page ...

Ew. I mean, whatever floats your boat and all but, yuck.

Re:The man in the middle

Binary jokes are not funny anymore.

Re:The man in the middle

[karbyn-aceous]

No matter how much I scratched and sniffed those pictures, they never smelled :-(

Re:The man in the middle

[digitrev]

That's ridiculous. That's not even funny.

Re:The man in the middle

You got a link to that?

Re:The man in the middle

oh... then how come every girl I know goes to see gynecologist regularly ? Either you hope the Gynecologists see nasty shriveled vaginas or I'm hanging around with lots of worst looking, nasty vaginas.

Re:The man in the middle

[PacketShaper]

Problem with that is that gynecologists usually see the worst looking, diseased, and nasty vagina. Not the good looking, sweet smelling, celebrity vagina.

Have you seen the tabloid pics of those celebrity vaginas? I think "diseased and nasty" and "celebrity" are synonymous.

Re:The man in the middle

[ConstableBrew]

+5 Insightful

Re:The man in the middle

Your mom and sister are not a big sample to be statically relevant.

Re:The man in the middle

That should probably be 'big enough sample', but i don't proofread until after I submit. I like to live on the edge.

Re:The man in the middle

[packeteer]

A bit of advice: girls will think you're totally hot if you show them your home, and it's not your mom's basement. They'd like a ride in your car, not your best friend's. They're more interested in guys that can hold a Jorb.

You just don't get it do you? Women are not generally not interested in your money. Your money is mostly just a sign of what kind of a person you are. If you are a self made man that is a good thing. Sure you might keep women around beause of your money but they won't actually like you. Thats probably why i have been sleeping with your wife for some time now even though i ride a bicycle everywhere and she picks me up in your car while you are at work. Have fun with the Jorb.

Re:The man in the middle

[symbolset]

Yeah, I'm going to get a few more like this. And I deserve them. You're right. Let's all lighten up a little, ok?

Re:The man in the middle

[shish]

So the guy who has all the internet porn is going to have quite a collection of goatse and things that will make you WANT to go back to looking at goatse.

Speaking as someone who ran a script to monitor several random IRC channels and download any images linked in them, I can confirm that this is very very true :-(

Re:The man in the middle

Here you go http://www.filecabi.net/video/frogp66975.html

Re:The man in the middle

[zobier]

If it's teh exact same file then a simple hash will do the trick.
I'd be interested to see an automated way of detecting the same photo at different resolutions/compression levels/crops.

Re:The man in the middle

[packeteer]

I was just trying to bait some flames. Its a sad day when honest discussion gets modded down and my blatent troll/flamebait gets nothing.

Fun fun fud

Everyone loves sensationalist news headlines. *sigh*
Anyone have any insight as to how serious this ACTUALLY is?

Re:Fun fun fud

[lordsid]

Depends on how much you value your privacy.

Re:Fun fun fud

[QuantumG]

Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?

Note, I've also given you the hint to prevent this bullshit from being a problem.

Re:Fun fun fud

[jd]

Find me an internet provider not using BGP, and I'll show you a European who favours ESES. Yes, this is a major problem, BGP is (almost) the only WAN protocol anyone takes seriously and is the only one meaningfully deployed. I've worried about the possibility of BGP poisoning attacks myself, but only because we have a virtual monoculture and monocultures are generally a Bad Idea. They are dangerous animals.

Re:Fun fun fud

[Kingrames]

Depends on how much you value your privacy, Mr. Stephen P Wallagher of 4242 Green Leafy Forest Terrace, Springfield, Ohio 55538, Phone number 1-900-Hot Dude, alias "Lovestospooge."

fixed.

Re:Fun fun fud

Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?

Note, I've also given you the hint to prevent this bullshit from being a problem.

So we need to destroy the White House?

Re:Fun fun fud

[Tubal-Cain]

I thought his alias was 'lordsid'?

Re:Fun fun fud

[RuBLed]

Anyone have any insight as to how serious this ACTUALLY is?

Yes. Someone had managed to re-open the goatse.cx site again.

if you don't believe me, you know there is only one way to find out

Re:Fun fun fud

[gandhi_2]

One thing about standards...they tend to produce conformity.

Web browsers are a good example of NOT a monoculture. Where almost nothing is really 100% cross-browser compatible.

We should all use 150 different standards when we transmit IP datagrams... nothing will get anywhere, but at least it won't be a monoculture.

Re:Fun fun fud

[techno-vampire]

If Steve Ballmer wanted to be seen as a hero, he'd have the default hosts file for Windows Vista include a line setting goatse.cx to 127.0.0.0. That would be real news for nerds!

Re:Fun fun fud

[kjots]

Anyone have any insight as to how serious this ACTUALLY is?

How serious? This could potentially render the entire Internet inoperable. For real. Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.

What we have here is a basic weakness in one of the fundamental Internet protocols; an assumption of trust that is no longer valid. Think spam but a million times worse.

I'm not usually one to fall prey to 'Imminent Collapse Of The Internet' hyperbole, but this one has me really worried.

Re:Fun fun fud

[Repton]

Nah, all important white house email gets sent through private servers anyway..

Re:Fun fun fud

[Z34107]

Monoculture is bad? Good thing Internet Explorer offers a different take on W3C standards...

I kid, I kid.

Re:Fun fun fud

wooosh!

Re:Fun fun fud

[jd]

Let's see. MPLS, SCTP, STP (Scheduled Transfer Protocol), UDP-over-v4, TCP-over-v4, MPLS, UDP-over-v6, TCP-over-V6, IP-over-ATM, IP-over-SCSI, IP-over-IB, IP-over-power, IP-over-carrier-pidgeon, V6-over-V4, V4-over-V6, V6-over-V6, optional recognition of TOS, optional handling of ECN, scalable reliable multicast, anycast, optional recognition of source-based routing, optional recognition of TCP cookies, optional support for packet dropping (RED, GRED, WRED, BLUE, Stochastic Blue, GREEN, BLACK, PURPLE, WHITE), optional support for enhanced authentication packets, IPv6 extended headers, support for unidirectional links, optional support for transitory addressing schemes, optional support for Mobile IP, optional support within Mobile IP for routing realignment, optional support for NEMO, optional use of any of the experimental protocols defined under the names of TUBA, IPv5 and IPv7, anything-over-IPSEC (tunnel or host), anything-over-SKIP -- I've not bothered to keep count, but my Internet link hasn't fallen over yet from diversity. Pity to hear about yours.

Re:Fun fun fud

[jd]

Heh. Standards should be the starting point, not the end goal (or, in IE's case, the work of fiction based on the screenplay based on a True Story of one man and his chair).

Re:Fun fun fud

No, it gets sent through Dick Cheney's hotmail account.

Re:Fun fun fud

I'm not usually one to fall prey to 'Imminent Collapse Of The Internet' hyperbole, but this one has me really worried.

And the guy's been talking about it for over ten years. Maybe getting "really worried" about this now is kind of stupid. God forbid you actually encrypt your shit.

Re:Fun fun fud

[Hucko]

Me too, I'll have lost my last excuse for staying inside.

Re:Fun fun fud

[davygrvy]

I liked the carrier pigeon reference. Also known as IP over Avian Carriers (IPoAC). Good call.

Re:Fun fun fud

[teh+moges]

The article has a pretty good indication. Its proof of concept now (at least, there could be real world implementations in the government that aren't public).
It can intercept any information going to a targeted address (but not from). That makes it pretty serious.

Re:Fun fun fud

[Grey+Ninja]

Nah, all important white house email gets sent through private servers anyway..

Can you explain that further? Because that just makes no fucking sense.

Re:Fun fun fud

[thegameiam]

Hmm - what percentage of those protocols actually work on a production or consumer network?

I have had a hard time finding an ISP who will offer native IPv6,

Re:Fun fun fud

What, you didn't get your secret decoder server?

Re:Fun fun fud

[Zwicky]

if you don't believe me, you know there is only one way to find out

I believe you! I BELIEVE YOU!!

Re:Fun fun fud

How serious? This could potentially render the entire Internet inoperable. For real. Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.

You obviously don't know the basics of Internet protocols then. Anyone who knows BGP basics knows this problem is inherent in current interdomain routing.

This is not an attack that just anyone can pull off (unlike Dan's DNS vulnerability). You need possess a BGP peering relationship with a provider who doesn't filter the prefixes listed in the NLRI of a BGP update message, as well as any further upstream providers. A _very high_ bar to say the least.

We're seen numerous accidental route leakages over the years and even some malicious hijacking of IP space for nefarious activity as noted in the presentation. Any significant hijacking for the purpose of MITM (hijacking for spam really isn't a priority for ISPs) would be tracked down instantly on the NANOG list and have severe peering repercussions for the offending ISP. Bumping the IP TTL isn't going to do squat for all the BGP anomaly detection systems continually monitoring the routing infrastructure (Renesys, PHAS, etc).

Re:Fun fun fud

[palegray.net]

Sensitive government communications ride on networks that operate separately from the public Internet.

Re:Fun fun fud

[palegray.net]

Yet another case for end-to-end encryption. Folks using the public Internet for sensitive communications without employing crypto, are already in a bad position.

Re:Fun fun fud

[old+and+new+again]

worse thing is, it's there, and the new picture is even worse than goatse

Re:Fun fun fud

Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?

Nope. George W. Bush is on the record as never using email (so there is no record).

And all the good stuff is on the RNC email system so as not to be subject to archival rules.

Re:Fun fun fud

[Grey+Ninja]

How exactly does that keep the white house's email secret when communicating with people outside of that network? For example if you were someone in the White house sending an email to Russian or Chinese government officals?

Re:Fun fun fud

[gandhi_2]

So, we can just list any protocol-over-protocol and call that...what?

On your list alone, how many of them are TCP, IP, and UDP? Doesn't matter if there run on top of another layer or simply encapsulated by another protocol, if someone says there's a big hole in TCP...lets not cry about the TCP monoculture. It has nothing to do with monoculture.

Sometimes, a can-skinning standard is the best way to skin the cat. Sorry if that creates a cat-skinning monoculture.

The whole monoculture thing is a stupid argument. If a CSS rendering flaw shows up in the language standard, you could hear MS go "ha ha" cause their "make my own standard" sidestepped the monoculture.

And you left out Infinite Monkey Protocol Suite, which could be run over PPPoE.

Re:Fun fun fud

[Repton]

Eh, I was trying to make a reference to the big email scandal of a while ago, where it turned out that important stuff was being sent (illegally) from email accounts at gwb32.com or georgewbush.com instead of whitehouse.gov. Slashdot coverage.

Re:Fun fun fud

[palegray.net]

Why would someone in the White House use an insecure communications channel to send sensitive correspondence to a foreign official? End-to-end encryption is used in such situations.

Information transmitted from government installations is compartmentalized according to its classification level. Unclassified systems don't reside on the same networks as those intended for classified purposes.

I'm a Navy communications nerd; this is kinda what I do for a living.

Re:Fun fun fud

[lgw]

In other words, there really is more than one internet.

Re:Fun fun fud

[Tolkien]

You forgot the theatrical production based on the screenplay based on a work of fiction.

Re:Fun fun fud

[Pikoro]

Move to Japan. Nearly all the fiber to the home here is IPv6.

Re:Fun fun fud

[Warll]

Um, yeah: http://www.internet2.edu/

Re:Fun fun fud

[edalytical]

I'll be right on that dude. I've been looking for a way to escape NAT, moving to Japan is the perfect solution!

Re:Fun fun fud

So, you obviously got stuck in a time where SMTP hasn't already used TLS to encrypt the data. I, personally, don't have any email address that I use unencrypted, whether sending or receiving.

Re:Fun fun fud

There are lots of ISPs without their own ASN. It shouldn't be too hard. I bet there are several listed in your local phone directory.

BGP = virtually no authentication or encryption ... so what?

If you can't trust your neighbor what are you doing processing data from them at all?

The real problem as TFA pointed out really has to do with enforcing reasonable topologies between peers. Possibilities for this crap would diminish greatly if upstreams were better at filtering their downstreams advertisements. Use of some very secure trusted registry out-of-band from BGP is a good way to get there.

The paper embelishes the problem by relying on non-allocated blocks for some of its figures and plays to the BGP is not secure ignorance as if thats a contributing factor when it clearly is not. I agree with the general sentiment however.

Re:Fun fun fud

[Pax00]

and all this time I thought that sent smoke signals bombing the hell out of each other to communicate

Re:Fun fun fud

[AnotherUsername]

Why would someone in the White House use an insecure communications channel to send sensitive correspondence to a foreign official?

It was either email or Facebook, but Dubya didn't like the interface of Facebook.

Re:Fun fun fud

[cheater512]

Ideally that is. It wouldnt surprise me if it didnt occur.

Re:Fun fun fud

[ecavalli]

I admit, I looked.

It's a picture of Bill O'Reilly for some reason.

I... think that's an improvement...?

Re:Fun fun fud

I've just learnt that wred and stochastic blue are colors. My shirt is stochastic blue. Sometimes.

Re:Fun fun fud

[gnud]

Whut, fire up w3m?

Re:Fun fun fud

[adri]

Just stuff the AS numbers of the BGP anomaly detection systems into the path you're using to hijack and voila! They'll never see it.

The attack uses spoofed AS paths which include the AS numbers of the ASes in the -return path- of your hijacked traffic. It works because the default eBGP behaviour is to drop routes w/ an AS in the path that matches theirs (loop detection!)

Its not fool-proof, but you -can- reasonably selectively remove ASes from receiving the announcements.

Furthermore, if you know the topology near the network you're hijacking, you could figure out all the exit (transit) ASes, spoof those so the announcement never makes it out to the general internet and hijack the traffic near them. Dense peering relationships at multiple places around the internet == your friend in this method.

Re:Fun fun fud

[Alsee]

Heay! That's my private info!

I am now sending a federal law DMCA notice demanding you take my information down.
BTW, please don't run a Slashdot front page story on my DMCA takedown notice & info.

-

Re:Fun fun fud

[Alsee]

Whew! Good thing you clicked the "Anonymous Coward" box when you posted that!

-

Re:Fun fun fud

[andy.ruddock]

So it's encrypted between the server and your box. What about the other side of the server?

Re:Fun fun fud

[SupremoMan]

I can see it now:

To gwbush@whitehouse.com

Dear Sir or Ma'am,

I wealthy Nigerian business person. I have been very ill and I do not have son or daughter to whom to leave my vast fortune. I decided to leave all my moneys, in sum of 10 million US Dollars to you. All I need to make this possible is for you to give me your bank account and wire transfer number.

Sincerely,

Lord Jimbo Wazuu of Nigeria

Followed by:

To: Jwazu@nigerianhost.com

Listen here Jimbo. I am very excited about your proposition. I have no problem in taking money that does not belong to me. But I will have to talk to Dick to get my bank info. See I don't keep track of all that stuff, I let him handle it, and most of everything else. I'll have him email you shortly.

Yours,

Dubya

Re:Fun fun fud

You shouldn't kid with this. If IE wouldn't be so far from the W3C standards, the other major browsers wouldn't have much interest to try and follow them to roughly - "every browser is a has some differences between their standards and the W3c so we shouldn't really bother that much" OR "Internet Explorer is just awful, let's show them how it's done"

Re:Fun fun fud

[digitig]

Is that you, Ms Streisand?

Re:Fun fun fud

[rbanffy]

Why can't I mod something "tragic"?

Re:Fun fun fud

[sowth]

Isn't this why PGP was integrated into many email clients years ago? Since when have people considered the Internet safe from eavesdropping? Since I started using the internet in 1995, I have been warned many times by countless posts and websites informing people of the potential for eavesdropping on the internet. Haven't you seen any of these warnings? This is nothing new.

Re:Fun fun fud

It would have solved the missing e-mails coverup err i mean technical problem.

Re:Fun fun fud

[jacquesm]

that only happens when the recipient is in the chinese embassy.

http://en.wikipedia.org/wiki/NATO_bombing_of_the_Chinese_embassy_in_Belgrade

Re:Fun fun fud

Let's put it this way. Email right? It's delivered between hosts completely unencrypted.

Unencrypted? Not my email.

There is a standard called STARTTLS for the transmission of email between hosts using strong encryption using SSL. My company has been using it since 2000 or so.

All major email MTAs support the use of STARTTLS. If your ISP doesn't, ask them why.

It's easy to configure and supported by the vast majority of email software, even (shudder) Outlook 97.

Re:Fun fun fud

[Zeinfeld]

How exactly does that keep the white house's email secret when communicating with people outside of that network? For example if you were someone in the White house sending an email to Russian or Chinese government officals?

No such network exists, white house email all travels through the regular Internet. The pentagon has some network capability of its own but that is mostly leased lines. Very few parts are actually pentagon controlled fiber. I have been in countless meetings where the pentagon has proposed building its own independent network.

Some White house email is encrypted. The pentagon has a massive email security project. But that only handles a portion of the traffic.

And the Bush administration have in any case been routing their communications through gwbush43.com which is run by an outside contractor and which must have been penetrated by the Russians, Iranians, Israelis and every other self respecting intel service.

Re:Fun fun fud

[thegameiam]

Do they do autoconf or dhcpv6, or is it dual-stack? I'm curious how you get DNS resolver addresses...

Re:Fun fun fud

[Critical+Facilities]

"Be sure to drink your Ovaltine".

Re:Fun fun fud

[jeebusroxors]

"It's delivered between hosts completely unencrypted."

Yea...except the PGP/GPG encrypted emails, VPNs, etc etc.

Re:Fun fun fud

[Alphasite]

You know Bush is still sitting there, don't you?

The question is not why, but when!!

Re:Fun fun fud

[houghi]

Or so you would think, but they probably monitoring traffic to /. as well, so now they have his IP. Probably he is now at work, but with his login, they will be able to link it to the times he logged in at home.

Then some more cross referencing and he is on his way to Gitmo.

Re:Fun fun fud

Depends on how much you value your privacy, Mr. Stephen P Wallagher of 4242 Green Leafy Forest Terrace, Springfield, Ohio 55538, Phone number 1-900-Hot Dude, alias "Lovestospooge."

fixed.

or Possibly Lordsid ==
  User: lordsid (367959)
Send this user a message

lordsid View all userpics
View all userpics
Name: chris
Location: Wisconsin, United States
Birthdate: 1986-10-30

google :)

Re:Fun fun fud

[omfglearntoplay]

So what happens when you are the network admin at work and from your office you VNC to your home PC, then from the home PC you VPN back to your office onto a server, where you connect to a public proxy server, where you remote back into your home PC where you connect to another proxy and then connect to Team Fortress 2 and join an instant spawn server (no pros to spot you acting weird), where you give the secret hand signal to your "buddy" to post anonymously on Slashdot? Can you evil people track that??! :P

Re:Fun fun fud

[lucifuge31337]

Anyone who knows anything about basic Internet protocols should be shitting themselves right about now.

And those of us who actually do this stuff for a living (who already knew at least most of this) are neither surprised, nor any more paranoid about it. As a matter of fact, this might be the sauce needed to get more providers to properly filter announcements, and possibly more. So making this more public might actually be a good thing.

The ability to hijack space is already very well known to anyone in a position to do it, and most of us have accidentally done so at some point in our careers. I know I haxxored 192.168.0.0 by accident once by announcing it to an upstream. Yeah....it happens. And it never should. TO this day, you'll more often than not see RFC1918 space being announced if you get a full routing table.

BGP routing table entry for 192.168.0.0/16, version 3564
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non per-group peers:
202.10.0.201 202.10.0.202
Local
192.0.2.1 from 0.0.0.0 (192.189.54.221)
Origin incomplete, metric 0, localpref 101, weight 32768, valid, sourced, best
Community: 2764:20

Re:Fun fun fud

[corbettw]

Except that quite a bit of this particular White House's email communications weren't going over SIPR, they were going through GOP servers and Blackberries. Which means it was on the public internet.

Security only works when people use it.

(Former Navy communications nerd, now in the private sector.)

Re:Fun fun fud

[Palshife]

Yes. Definitely a good idea on my part.

Shit.

Re:Fun fun fud

[corbettw]

End-to-end encryption would only solve one part of the problem, keeping a third party from reading your traffic. But it would do nothing to prevent your traffic from simply disappearing, which could be even more disastrous. What if someone targeted Amazon's networks and dumped all traffic in or out into /dev/null? How much would Amazon lose before the problem got fixed (and what would that be worth to Barnes and Noble)? What if someone targeted Wall Street, and cut off the thousands of broker-dealers who submit their orders electronically? It could spell doom for our entire financial system.

There's a lot more at stake here than your emails to your college buddies about the next fishing trip.

Re:Fun fun fud

[spiffyman]

Oh, I don't know, he could be talking about the fact that White House staffers used RNC emails instead of their official accounts and, among other causes for investigation, probably destroyed thousands of emails that should be publicly available.

The fact that this hasn't caused more of an uproar is a sad statement about what we're willing to accept from our government and, in particular, this Administration.

Re:Fun fun fud

[Enki+X]

Yes

Re:Fun fun fud

[The_Wilschon]

So what happens when you ...?

Then you get really really high latency.

Re:Fun fun fud

[Kent+Recal]

Ehm, miss the point much?

Even if your ISP really offered all these protocols on your uplink, which is highly unlikely, then your data would still travel over an IPv4 link after 1-2 hops anyways. And those are mostly orchestrated via BGP.

Furthermore I'm eager to hear how you talk to all those popular internet services over STCP, IPSEC, UDP or, hey, why not IPv7?

Bullshit much?

Re:Fun fun fud

[Gibberx]

if you don't believe me, you know there is only one way to find out

Thank goodness for text-only web browsers.

Re:Fun fun fud

[Lennie]

Your transit does not filter out RFC1918 ? That's pretty sad. If I have any choice, which I probably do, I would not choose them.

Re:Fun fun fud

[k1e0x]

Ever watch CSPAN? Politicians and bureaucrats are always on their blackberry. They use diffrent methods of sending messages but that *is* a data network that goes over the internet.. how hard would it be to intercept traffic sent from AT&T (the carrier or.. it's Level 3 actually) to Blackberry the (provider) or vice versa using BGP attack?

God knows what you could find out.. who is screwing who, what politicians are on drugs, where the crashed flying saucers are stored.. ???

If someone ever did expose all the lies of government, (and we know they are lying to some degree) and gave the people honesty just for once .. what do you think would happen?

I know *exactly* what you mean. Let me tell you why you're here. You're here because you know something. What you know you can't explain, but you feel it. You've felt it your entire life, that there's something wrong with the world. You don't know what it is, but it's there, like a splinter in your mind, driving you mad. It is this feeling that has brought you to me. Do you know what I'm talking about?

-- The most dangerous terrorist in the world.

Re:Fun fun fud

[palegray.net]

True statements, unfortunately. I'm hoping the next administration might do things differently; hopefully nothing truly important was transmitted in the clear.

Thank you for your service!

Re:Fun fun fud

[palegray.net]

These are very good points; denial of service can be as bad for business as improper disclosure.

Re:Fun fun fud

[macdaddy]

I believe that's your provider giving you an easy way to drop BOGONs. Ie, static route 192.0.2.1 to Null0 and turn on uRPF on your peering interfaces. Personally I run my own RTBH on my SP network rather than depend on outside forces that can easily make a mistake and cause me to null route something important.

Also, since you're getting those RFC1918 prefixes, that tells me that you don't have basic sanity checks on your inbound prefixes (unless you know what your provider was handing you from what I said above and were accepting those prefixes so you can null route them). I would highly advise sanity filters. I don't know your skill level (I could be talking to Yakov Rekhter or Kirk Lougheed for all I know, but I doubt it) but I can give you some config to help out if you need.

Re:Fun fun fud

[lucifuge31337]

That wasn't a route view from my network. It was from the first public looking glass I happened to click on in y bookmarks.

Re:Fun fun fud

[macdaddy]

Ah ha. There's your problem!

Re:Fun fun fud

[lordsid]

Which is exactly why I entered fake information in those fields. >:)

SSL

[jamesh]

I hope that all of those people who thought that getting users to blindly accept self signed certs was a good idea are starting to feel a bit stupid now...

An SSL cert signed by a trusted central authority isn't the absolute solution to all mitm attacks, but it's a whole lot closer to 'safer' than not.

Re:SSL

[Free+the+Cowards]

I don't think anyone thinks that self-signed certs should be blindly accepted.

What should be done is that self-signed certs should be acceptable, with the right handling. The way ssh does this is a good one; it alerts you when you initially connect, and throws up an extremely loud and nasty warning if the host's cert has changed from the last time you connect. This gives you the opportunity to verify the cert out of band if you should care to, and forces an attacker to hit you on your very first access to a given site.

Properly signed certs should be given higher priority, but a self -signed cert is still vastly better than nothing. The problem is that current browsers treat self-signed certs as being the worst of the three, when in reality they're much better than a naked HTTP connection.

Re:SSL

[Antique+Geekmeister]

And you actually trust Verisign to be a primary signature authority for SSL? Why? They've cooperated in all sorts of stupidity, such as their temporary insistence on returning their own squatting domain as a valid entry for every non-existent domain in *.com, which was particularly nasty because they own the .com master servers. Do you really think that Verisign is that secure, and wouldn't cooperate in faking keys if a national security agency asked them to?

Re:SSL

Despite trying to, you still haven't made a case for a "trusted central authority." People don't read cert warnings, they blindly click "ok" and soldier on.

Your best bet (in an organization) is to distribute the correct CA cert for your sites, even if it is self-signed, and tell people to stop accepting cert warnings, period. That way even if the traffic is sniffed and your users are redirected to a poser site, there's no way he can generate a cert that doesn't raise the warning flag.

Re:SSL

[jd]

They gave away Microsoft's private keys to someone who called them, a while back, in a rather infamous case that forced Microsoft to change their entire update system and their collection of "secure" sites. If they've done it once, it can clearly happen again, and the lack of publicity may simply be evidence of better media management. I'd be very wary of trusting them with anything and would be skeptical of any institution that relied on Verisign for any kind of critical proof-of-identity situation, though they're probably reasonable enough for personal certs.

Re:SSL

[moderatorrater]

I hope that all the people who thought that spandex was a good idea are starting to feel a bit stupid now...

I like the non-sequitur game! Your turn.

Re:SSL

[jamesh]

I hope that all the people who thought that spandex was a good idea are starting to feel a bit stupid now...

Stupid is in the eye of the beholder in that case... a stupid idea is only a stupid idea to the people who didn't make money off it.

Re:SSL

[Jah-Wren+Ryel]

What should be done is that self-signed certs should be acceptable, with the right handling. The way ssh does this is a good one; it alerts you when you initially connect, and throws up an extremely loud and nasty warning if the host's cert has changed from the last time you connect.

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat. Which means they have just as much a chance of picking the unsafe choice as they do the safe choice. So Firefox's solution has been make it hard to pick the unsafe choice. Make it so that you pretty much have to understand what's going on in order to even get the chance to pick the potentially unsafe choice. That seems like a pretty good policy to me.

Re:SSL

[nine-times]

Properly signed certs should be given higher priority, but a self -signed cert is still vastly better than nothing. The problem is that current browsers treat self-signed certs as being the worst of the three, when in reality they're much better than a naked HTTP connection.

Exactly. I certainly don't want to sign on to my online banking for the first time and find that it's using a self-signed certificate. On the other hand, if I had to choose between a self-signed certificate and transmitting login information in plain-text, there's no contest.

I'm of the opinion that encryption should be encouraged in order to stop simple snooping, even if it doesn't prevent more complex attacks. It's not as though certificate authorities are all that diligent in their identity verification anyhow.

Re:SSL

[Xipher]

I think a better option would to look at what some have already done and utilize IPSec. Some companies already do support BGP sessions with IPSec authentication. The one thing I knew of holding people back is the lack of IPSec support on Cisco gear handling BGP sessions. I'm not sure about current IOS releases or if newer hardware could handle it on the routers used by larger transit providers support it. At least adding a simple shared key authentication header should provide some additional security. I'm am in no way an expert though.

Re:SSL

[a5an0]

SSL has NOTHING (read it again:NOTHING) to do with BGP peering sessions.

Re:SSL

Here's a link to information about the incident you mentioned:

http://www.microsoft.com/technet/security/Bulletin/MS01-017.mspx

Re:SSL

[moderatorrater]

There are many more sites with no certificate at all which would use a self-signed cert than there are sites with a verified cert which would use a self-signed cert instead. I would want a certificate on all my sites, but very few (if any) would require a verified one.

Re:SSL

[PitaBred]

It's NOT more secure, though. It's simply very slightly easier. It encourages people to use plaintext HTTP instead of HTTPS for communication except with people who can afford root certificates. Do you really think it's better using NO encryption or authentication than to use self-signed encryption that is authenticated on every subsequent access? If you do, I certainly hope you aren't in the security biz.

Re:SSL

[Architect_sasyr]

It's continuing slightly off topic but I have a rule: If I google it and find nothing bad, the company obviously wastes too much money on their lawyers, and not enough on the product. It's a good rule.

Re:SSL

[jamesh]

SSL has NOTHING (read it again:NOTHING) to do with BGP peering sessions.

No, but it has a lot to do with the consequences of hijacked BGP peering sessions. Most other people got it.

Re:SSL

[epine]

This whole debate would be better centered if Firefox put up the same scary boxes for unencrypted .htaccess as it does for self-signed certs. How could one be worse than the other?

Unless you use a password generator (such as apg on OpenBSD) and have a photographic memory, passwordsafe, and never suffer hang-overs, most people re-use similar password structure even if the careless passwords and careful passwords are significantly different (which I doubt is the norm).

What do you think the entropy is on the average person's bank password after half a dozen samples of their unencrypted throw-away passwords have been sprayed around the internet by a bunch of imperioed BGP routers?

And that's not even counting the occasion where you lose the marble momentarily and discover you've just typed your most uber secure password into a login field the wrong tab, which means it now needs to be burned, but who does?

Passwords passed around the internet in plain text just as tainted as any self-signed SSL cert, and twice as self-inflicted. Brought to you by the same grey beards who engineered open SMTP relays.

Re:SSL

[GXTi]

They gave away Microsoft's private keys to someone who called them [...]

This is odd because CAs should never have a copy of their client's private keys in the first place. The only party that should ever be in possession of a private key is the subject of the certificate, which in this case would be Microsoft. I suppose that due to incompetence and/or legal liability, Verisign must have been the ones to generate the key in the first place.

On an unrelated note, it's somewhat thought-provoking that the certificate authority micro-industry exists solely to fund its own audits.

Re:SSL

[a5an0]

SSL has NOTHING (read it again:NOTHING) to do with BGP peering sessions.

No, but it has a lot to do with the consequences of hijacked BGP peering sessions. Most other people got it.

No it doesn't. SSL doesn't sign, account for, o care about the AS path used to reach a destination. Traffic passing through a 'compromised' AS path has the same properties as those passing through a 'legit' path. mis-understood crypto is a risk no matter what path it goes through (unless you control the ENTIRE end-to-end). Complaining about a general problem (mostly out of context) and then acting smug doesn't make you look smarter. Make sure you know what you're talking about if you want to call me out.

Re:SSL

[Urkki]

I don't think anyone thinks that self-signed certs should be blindly accepted.

What's the alternative? Unless it's a cert issued by somebody you can actually contact to verify the checksum before accepting, how can you accept a self-signed certificate "non-blindly"? You can think carefully wether to accept it blindly or not, but still it's accepting it blindly if you choose to accept it (like blind people crossing the street still do it blindly, no matter how carefully they do it).

Re:SSL

Exactly. I certainly don't want to sign on to my online banking for the first time and find that it's using a self-signed certificate. On the other hand, if I had to choose between a self-signed certificate and transmitting login information in plain-text, there's no contest.

If you connect to an online banking site that uses a self-signed certificate, go to a different bank; there is no way to differentiate between your bank's site and a phishing site.

Re:SSL

[sy5t3m]

"I hope that all of those people who thought that getting users to blindly accept self signed certs was a good idea are starting to feel a bit stupid now"

Stupid? Not really, and here's why.

First, my argument is against blindly trusting CA signed certs, not for blindly trusting self signed ones. CA signed certs are not as immune as you seem to think, and blindly trusting them is a serious problem.

Secondly, here's how your blind acceptance of CA signed certs makes things worse.

Hijack paypal/bank MX traffic using this.
Ask startcom for a cert for paypal/bank (trusted by FF and they only check email).
Hijack paypal/bank https traffic without alerting end users.
Profit!

CA signed cert defeated in minutes.

Self signed certs on the other hand can be added to the trusted list, in which case the browser has a known fingerprint to work with. If FF had simply added the option to only trust that known fingerprint even if presented with a new CA signed cert, self signed would not fall so easily.
The attacker would have to be using a cert with a different fingerprint, whether it was CA signed or not. This would alert the user to a change of cert.

Throw in the option to add CA signed certs to the trusted list as well, and we may be getting somewhere.

Until we get that option though, any benefit we might have gained from fingerprints is thrown out of the window by blindly trusting CA signed certs over a cert the user has chosen to trust. Your precious CA certs reduced security for the rest of us.

How could we get the benefit of fingerprints without allowing any old CA cert to override them, and get them working on CA signed sites until a solution is in place?
By deleting the root CA certs from your browser and adding every cert you trust to the trusted list.
That's right, by throwing away your automatic trust of CAs, you gain some extra security against this attack.

The only thing a CA signed cert should be good for is claiming that there's a better chance of ACME inc actually existing in the real world so that end users can feel better doing business with them.
As long as the CAs offer fast or free SSL options with next to no verification though, they aren't even good for that.

Re:SSL

[QuoteMstr]

Hijack paypal/bank MX traffic using this.
Ask startcom for a cert for paypal/bank (trusted by FF and they only check email).
Hijack paypal/bank https traffic without alerting end users.
Profit!

CA signed cert defeated in minutes.

If Startcom supplies certs for Paypal without verifying that you own Paypal, Startcom needs to be removed from the list of trusted CAs. However, I doubt Smartcom actually does this. Firefox's CA inclusion policy, while not perfect, does ask CAs to state how they plan to counteract exactly this kind of attack.

Startcom being corrupt is not an indication of the vulnerability of X509 as a whole. We need aggressive monitoring of CAs, and it'd be nice for a site to be signed by more than one CA. But the current system is still a lot better than nothing.

You're a kook.

Re:SSL

[sy5t3m]

"However, I doubt Smartcom actually does this. Firefox's CA inclusion policy, while not perfect, does ask CAs to state how they plan to counteract exactly this kind of attack."

That's funny, because I actually have a certificate issued by startcom for a domain the I do not own.
The only thing they check is that you can receive an email sent to one of 3 addresses on that domain.

Others have commented on the ease of getting CA signed certs for domains you do not own, and have mentioned prices around $15. The basic startcom cert is free, so obviously they aren't the only ones.

"But the current system is still a lot better than nothing."

Yep, just as self signed certs are better than nothing. But here's the thing. Given that there are lousy CAs out there, and browsers place automatic trust in any CA signed cert, they weaken security against this attack as I have pointed out above.
You cannot use stored fingerprints to help prevent MITM if your browser simply ignores them at the first sign of a CA signature.

"You're a kook"

And I suppose your idea of just denying that there are problems with CA issuing policies will keep you safe at night, with blind acceptance of CA certs over known and trusted certs keeping you safe during the day.

Read my post again and tell me the attack wouldn't work, or that the quick fix would not prevent it.

Re:SSL

[dacut]

They gave away Microsoft's private keys to someone who called them

Not quite. Microsoft's private key wasn't compromised; their identity was stolen. The attacker convinced VeriSign to sign his certificate claiming to be "Microsoft Corporation." The whole point of PKI is to never transmit your private key, even to an authority like VeriSign. As usual, the technology is secure; it's the people running it who aren't.

Re:SSL

[QuoteMstr]

If that's true, Smartcom needs to be removed from Firefox's CA registry. Have you filed a bug?

Re:SSL

Well, if it was easier to use self-signed certificates, it would make any attacker go from passive monitor to active MitM.

With this new security hole, all that unencrypted data is easily accessible to any passive attacker. Anyone using self-signed certificates is not similarly vulnerable.

Perhaps if the security community had not tried to confuse the two issues of encryption and identity verification, user's wouldn't have to blindly accept self-signed certs. While the two concepts do have a strong link, there's many cases where you don't need strong identity verification but encryption is useful. If users knew to look for the identity icon as well as the encryption icon, there'd be no problem.

But instead, users have been trained to look for the single icon indicating both encryption and identity verification. And so most of the web's traffic is still unencrypted because that content isn't important enough to justify the outrageous prices that CAs charge. And that makes this security hole just that much easier to exploit.

Re:SSL

[WK2]

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.

We need to keep things simple for the washed masses who just want to surf the net. They need to be taught to not submit personal info, bank details, etc, to http or https sans signed cert. Teaching them that it is OK to submit forum and blog logins via https sans signed cert is a toss-up. They can submit personal details to sites with https plus signed cert. Of course, they would need to trust the site too, such as their bank, but that's a different subject of trust.

Unfortunately, that is not how it is currently. Currently, the washed masses are taught that it is OK to submit some personal info via http, it is never OK to even look at a site with https sans signed cert, and it is OK to submit personal info via https plus signed cert. The first two are backwards and twisted, and it needs to be fixed.

Re:SSL

[bit01]

For those people, who are the majority, those messages don't mean squat.

Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.

The real problems that need to be fixed are:

1. The potential for confusion between externally signed and self-signed and the degree of trust thus evidenced. Firefox should use a different lock icon for encrypted transport and for identity validated instead of conflating the two. Some more extensive interface change might be appropriate (color change somewhere?)
2. It's a site change from externally signed to self-signed or bare, or from self-signed to bare that should be flagged. Firefox should remember signed site state and flag with popups when those transitions occur. Those popups should be integrated with the existing warning popups.

That seems like a pretty good policy to me.

It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.

Programmers complain incessantly about users ignoring messages. Almost always it's the programmer's fault for not designing their user interface for their target audience. Why on earth should a user take any notice of messages that

1. are meaningless because they're written in software dialect English not mainstream English
2. are often more important to the programmer than to the user
3. do not give the user any avenue to respond. i.e. do not tell the user step-by-step what to do.

---

"Advertising supported" just means you're paying twice over, once in time to watch/avoid the ad and twice in the increased price of the product to pay for the ad.

Re:SSL

This is the most insightfully-modded troll post I've ever seen. Or, to be more exact, "what were the mods thinking/drinking/inhaling/injecting".

checklist for troll:
- completely off-topic
- guaranteed to evoke many opposite views
- doesn't add any new information
- uses a misrepresentative statement to attack a group of people

And to feed the troll: self-signed certs do not add security between you and the receiving party. No one ever said it does. It is, however, the only way to allow encrypted http traffic between you and *some other party*.

Re:SSL

[Jah-Wren+Ryel]

Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.

Consider this - how often is a neophyte going to connect to a site with a self-signed certificate that actually has important information to keep encrypted but without any special instructions given ahead of time? Now how often is a neophyte going to connect to a spoof site (of a site which, by definition has important information, else it wouldn't be spoofed) with the use of a self-signed certificate?

I think the second case is going to be a lot more common than the first.

It's not good policy to put up popups that have no meaning. Just like the boy that cried wolf and Vista UAC all you're doing is training the user to ignore popups when they do matter.

Talk about missing the point. Neophytes will NEVER know what to do with a pop-up of highly technical nature like this one. So better that the pop-up guide the neophyte into the default safe case while still providing information and choice to cognizant users. That's exactly what firefox does now.

Re:SSL

i'm actually in need of buying 3 certs today; so with your conclusion, what authority should i trust?

Re:SSL

[bit01]

Consider this - how often is a neophyte going to connect to a site with a self-signed certificate that actually has important information to keep encrypted but without any special instructions given ahead of time?

Often, when browsers are fixed and as more people become aware of the need for communications security. I for one would like to see many more websites with logins currently unencrypted using self-signed certificates.

Now how often is a neophyte going to connect to a spoof site (of a site which, by definition has important information, else it wouldn't be spoofed) with the use of a self-signed certificate?

Wrong question. The correction question is: How often is a neophyte going to connect to a spoof site with a self-signed certificate compared to a bare spoof site? As I said the problem is not self-signed sites but Firefox conflating increased communication security with external validation.

Talk about missing the point. Neophytes will NEVER know what to do with a pop-up of highly technical nature like this one.

You sound exactly like the egotistical programmers I've been talking about. The general population is perfectly capable of understanding the concept of general communication security ("improved communication security is being used between your computer and this web site's computer however the web site itself could potentially be a 'spoof' site as it has not been guaranteed non-fake by a third party") and validation ("'x' guarantees that this web site is not fake"). Like I said use mainstream English and if technical details are useful to specialists hide them behind a Technical Details button.

So better that the pop-up guide the neophyte into the default safe case while still providing information and choice to cognizant users.

No, better is what I've previously said and you've ignored.

That's exactly what firefox does now.

Which is wrong because it conflates communication security and validation, trains most users to ignore important messages and makes the use of self-signed certificates unnecessarily hard.

Unfortunately, attitudes like yours are a part of the reason why public key encryption isn't more widely used. The general public fully understands the general concepts of security. What they don't understand is jargon and why they should spend any time at all worrying about computer security, as distinct from personal security, when computers are perfectly capable of having high grade encryption and computer identity validation, as distinct from people/company identity validation, on all network links with no user interaction at all.

---

Virus scanners don't detect M$ and US government trojans.

Re:SSL

If I send you my self signed cert out of band, like on disk in person or say registered mail with a notorized document then its much much mroe secure then anything backed by an third party CA. Self signed certs are not bad you just have to know how and win to use them.

We have used them on our B2B site, a sales rep physically give a disk with the cert on it to their it guys. This way there is zero doubt its entirely secure.

Re:SSL

citation needed....

where did you get that info from? url?

Re:SSL

[radarsat1]

Programmers complain incessantly about users ignoring messages. Almost always it's the programmer's fault for not designing their user interface for their target audience.

whoa whoa whoa... what is the programmer doing designing the user interface??

I kid, I kid. I know it happens all the time, even I do it. But in the cases of companies like MS or even larger organizations like Mozilla, I'm not really joking..

Re:SSL

[devman]

The GP didn't even mention Verisign, and Verisign isn't even close to being the only CA in business, there are LOTS OF THEM. Was a nice straw man though.

If you are particularly paranoid Thawte (and there are probably others) will allow you to generate your own key pair and sign the public key which means that at no point are they in possession of the private key. You just need to meet the requirements of their web of trust program.

Re:SSL

[houghi]

As usual, the technology is secure; it's the people running it who aren't.

Security is all of it together and it is as strong as the weakest link. To me as a user, I do not care what or who you want to blame.

Re:SSL

[Zeinfeld]

This is odd because CAs should never have a copy of their client's private keys in the first place.

And that never happened in this case either.

Eight years ago a group of hackers applied for two code signing certificates for microsoft.com. During the issue process it was discovered that the application was fraudulent and that the certificates had already been issued. A bug in the issue processing software had allowed a single operator to issue the certificate, the process is meant to require two.

The issue was immediately reported to Microsoft and a public statement made. The certificates were also placed on the certificate revocation list. The certificates expired many years ago and there is no evidence that they were ever used.

That is two process failures out of something like 400,000 SSL certificates issued each year.

The system is actually designed to cope with some failures, that is one reason we have CRLs and now OCSP.

Re:SSL

[Antique+Geekmeister]

Verisign is the largest single signature authority, and the signator of the master keys handled by many other smaller certificate authorities. For a certificate that installs silently and without complaint by the browser, they're the best ones to fake or steal a ticket for, and from various reports, one of the most consistently misled.

Re:SSL

[Hatta]

Until self-signed certificates are less safe than bare http any justification for putting up scary messages for self-signed only is nonsense.

A false sense of security is less safe than no sense of security at all.

Re:SSL

[maztuhblastah]

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.

And you know, teenage kids who "just want to drive the damn car" are also responsible for a substantial portion of collisions. Coincidence?

The fundamental mistake of computer security is assuming that it can be made easy for the lowest common denominator. It can't. Sorry, I've got no clever analogy for this one -- but it's true. There is simply no way that you can design a system that can retain its security in the face of a user that is both ignorant and has no desire to learn how to properly use the tools at his disposal. You just can't do it. Warnings will be ignored, errors will be bypassed, and someone who wants to remain ignorant will, no matter how many hoops he has to jump through to do it. Most users aren't just ignorant -- they revel in it: how many times have you heard someone say "Oh, I'm just hopeless with computer stuff", followed by a smirk and a giggle? There ain't enough crypto in the world can protect that user.

Designing a security measure around the lowest common denominator will make everyone less secure, all in the name of making someone who wants to remain ignorant slightly more comfortable. And for the benefit of all of us who want real security, this is a very, very bad idea.

Re:SSL

[hotdiggitydawg]

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car?

Why should you be allowed to drive the damn car if you don't know how to drive it safely?

The cure for user stupidity is education, not giving them Nerf-ed tools.

Re:SSL

[Abcd1234]

Security is all of it together and it is as strong as the weakest link. To me as a user, I do not care what or who you want to blame.

Well, if you believe in the idea of authentication, then at some point, you have to trust an individual or group of individuals to properly verify identities. Whether it be a CA or a web-of-trust, ultimately, the problem is the same: you're relying on people to perform due diligence to ensure that identities are being properly validated. If you can't trust this process, then authentication is a non-starter, something I'm sure much of the security and cryptography world would take rather strong issue with.

Re:SSL

[omfglearntoplay]

Hopefully not going to offend anybody, but coming from a semi-neutral position on this I'm buying Jah-Wren's argument more. On the whole, more users quickly find the quickest way to click past things instead of trying to use them.

But I will say this in bit01's defense - I've seen more users lately that have taken a step or two past that and do a few things right. But I've only seen it if I personally have explained a very very brief/simple "if you see this popup, never ever ever click OK unless you are 100% sure it is what you want".

Overall, I think the Firefox 3 method is good and bad. Good if I didn't have any self-signed sites, bad if I do. Coming from neutral, I'd tend to say they did it right though.

Re:SSL

[omfglearntoplay]

Hell, I forgot the most important thing. When users are told something in very plain simple terms by the software itself, they are frequently lied to. Think Vista popups-"OMG, you don't want to really run Firefox do you?!!!"; spam email messages- "Hey friend. Click on this link to see this cool news article about Angelina J. in a bikini; or generic evil popups on the web- "Click here to win a 1000 dollars!".

No, I don't think making popups more easily understandable is the smartest way to handle it. The users need a helping hand from a physical person next to them that they can trust. You can't trust businesses or hacker/crackers on the internet.

Re:SSL

[omfglearntoplay]

I agree. Yet sadly car manufacturers often sell cars on their safety rating. Highways were deaths occur suddenly get a new flashing sign to watch out for a curve or a reduced speed limit. Luckily half the software in the world doesn't have to be bureaucratic, lazy, or evil. It's up to the people that make it. If I give one message continually to users, it is to avoid Internet Explorer. Sorry, it's just evil.

Re:SSL

[Xenophon+Fenderson,]

On the other hand, if I had to choose between a self-signed certificate and transmitting login information in plain-text, there's no contest.

This is a false dilemma. If your bank's web site presents a self-signed certificate, then you shouldn't log into your account. If anything, this BGP hack highlights the importance of out-of-band (i.e., non-network) management protocols for keying material, including self-signed certificates (which would include all CA certificates in addition to personal or test certificates). One shouldn't deploy services that depend on cryptographic protocols without addressing key exchange.

Re:SSL

[Free+the+Cowards]

I spelled out the alternative in the rest of my post, which you conveniently did not quote and perhaps did not read.

You accept the cert the first time you connect (with an option to verify the fingerprint OOB). Each time afterwards, the browser compares the fingerprint with what you saw previously. If the fingerprint ever fails, red alert, alarms sound, screen flashes, etc.

Yes, you still have the risk that someone does an MITM attack the first time you connect. But that's very tough to arrange, and you'll still be detected on subsequent connections unless you keep up your MITM attack constantly forever.

Re:SSL

[nine-times]

This is a false dilemma. If your bank's web site presents a self-signed certificate, then you shouldn't log into your account.

Well, yeah, that was my point. If it's my bank then I want a certificate from a real CA. However, if my friend is running a private forum and he wants to use a self-signed certificate rather than paying for one, I'd probably rather he do that than leave my login information as plain-text.

The problem, in my mind, is that login credentials should *always* be encrypted, but we shouldn't require that every website pay someone else for a certificate that they can generate themselves. Since most sites aren't going to get complex phishing and man-in-the-middle attacks, it's probably not that big of a deal. The security of the key exchange should be roughly proportional to the required security of the site, but logins should always be encrypted.

If anything, the glut of certificates granted by careless CA who don't bother to verify identities is fostering a false sense of security.

Re:SSL

No, you dumbasss twit, they did not give away Microsoft's private keys! When commenting on such matters, please try to have at least a minimal understanding of public key crypto first. If Microsoft ever gave their private keys to anyone (including a CA) those keys would be considered compromised.

When you have a CA issue you a certificate, you are giving them your public key to have them sign that. YOU NEVER GIVE YOUR PRIVATE KEY TO ANYONE LEST IT NO LONGER BE PRIVATE.

In the Microsoft case, some would-be hackers tricked Verisign into signing their own public keys as if they were representing Microsoft. Verisign's processes and procedures failed to adequately validate the requestors' identities.

Re:SSL

[devman]

Looking at Firefox 3 there are 56 Root CA certificate groups and Verisign is only one of them. I'm sure a lot of them handle "many other smaller certificate authorities".

Re:SSL

GP: Talk about missing the point. Neophytes will NEVER know what to do with a pop-up of highly technical nature like this one.

P: You sound exactly like the egotistical programmers I've been talking about. The general population is perfectly capable of understanding the concept of general communication security

Which "egotistical programmers"? The strawman you put up, who perhaps says "users are stupid"?

There are other developers out there who may have experienced that people don't stop and think and apply logic to surprises and annoyances, like pop-ups. And if you want to know why this is so, and why this is normal and not something that could or should be "fixed" by "user education", I recommend Peter Gutmann's text on usable security: http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf

Your tone and reasoning imply that you think people will pay attention and make informed choices if they are capable of understanding what the UI is telling them. Usually they won't. Reasoning is a scarce resource that most user's won't squander on annoyances and surprises coming from the GUI. Practical experience has shown them that muddling through works just fine.

And don't even think of presenting trick questions to insist that the user pay attention. That would be "egotistical developer" behaviour! The application is a servant, not a master. If you ask trick questions to your boss, you'll likely get fired.

Re:SSL

[mounthood]

Until self-signed certificates are less safe than bare http...

You're ignoring the fact that SSL means trust and authentication, as well as encryption. That's the basic problem here.

Re:SSL

[mellon]

Um, hello, what good is an encrypted transport if you don't know who you're talking to? And if all your data is going through an MitM, in what sense is the initial handshake that establishes your connection secure?

The point of ssh and ssl is to make sure that nobody eavesdrops on your communications, and to make sure that you are talking to whom you think you are talking. These two go hand in hand. If you can't get the second, you don't have the first.

So really, all that an encrypted connection does in the absence of identity verification is to give you a false sense of security.

Re:SSL

[Lennie]

Actually some CA's are actually owned by other CA's if I'm not mistaken.

Re:SSL

[jc42]

And if all your data is going through an MitM, in what sense is the initial handshake that establishes your connection secure?

And we might add that most of us are always going through a MitM [Man in the Middle], which we call an ISP.

I was tempted to add a smiley to that, but decided that it would be misleading, because there's really not much of a joke there. We recently read of Comcast getting into a bit of hot water because they were truly acting as a MitM, faking messages between the ends of a TCP connect to get them to believe that the other end had announced an end to the connection. They called it "traffic management", but it was pure classical MitM attacks.

We're now reading of not-too-secret discussions of the implementation of "deep packet inspection" by ISPs, to collect data on what's going over a connection. This is being implemented both for marketing purposes and to share the data with interested government agencies. Again, this is about as MitM as you can get.

The whole "Net Neutrality" issue is also an acknowledgement that ISPs can and do act as a MitM with the goal of controlling and sometimes interfering with their customers' data.

It might be a good idea if we were to rephrase our discussions so as to acknowledge that for most of the Internet, there's always a MitM, usually several of them, and any of them is likely to both examine and alter the data in transit. Anyone who thinks of a MitM as a sporadic, low-probability intruder is stuck back in the 1980s, and is ignoring the nature of the modern commercial Internet.

Maybe we could subtly start replacing "MitM" with "ISP" in our discussions. That might get the idea across to readers that this isn't a purely hypothetical topic.

Re:SSL

[jc42]

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.

Y'know, this is one of the cases where the standard automotive analogy is a fairly good one.

There are a lot of people in the world who "just want to drive the damn car" and can't be bothered with safety. That's why we have so many thousands of traffic fatalities every year. It's also why most of the world has implemented at least minimal driver education before getting a driver's license. But this isn't done very well, and we still have too many traffic fatalities.

With autos, our century or so of experience has led to the legal requirement of a number of safety enhancements to the equipment. Maybe in another century or so, we'll also have laws mandating the use of various security enhancement to traffic on the public Internet.

Nah; it'll never happen. As with cars, we'll get token "security theater" laws that add only minimal real security, and mostly just produce a bogus safe feeling in the minds of non-technical users.

Re:SSL

[syousef]

And you know, teenage kids who "just want to drive the damn car" are also responsible for a substantial portion of collisions. Coincidence?

Mum and Grandma want to drive the damn car too. The difference is that they are experienced, past the initial thrill of going fast or turning sharp corners, and through illness, aging and misadventure has learnt that they're not invincible.

So that's a very weak argument. It's not coincidence at all. It's a matter of experience and maturity. You can be an experienced reasonable end user without ever wanting to be a programmer or computer scientist, just as you can be an experienced driver without ever having an interest in being a mechanic.

The fundamental mistake of computer security is assuming that it can be made easy for the lowest common denominator. It can't. Sorry, I've got no clever analogy for this one -- but it's true. There is simply no way that you can design a system that can retain its security in the face of a user that is both ignorant and has no desire to learn how to properly use the tools at his disposal.

I don't need to know the internal workings of a combustion engine to drive a car. I don't really need an understanding of physics either. I just need to be able to predict how the machine will behave based on my actions, so as to avoid unsafe situations. The controls of the car have been greatly simplified. I have an accelerator and brake, and select gears. The details of how those actions are translated to the workings of a car are not something I need to know or understand in all but the most obscure circumstances. You can simplify a motor vehicle, but yes the end user has to be willing to learn how to use the simplified tool correctly.

Warnings will be ignored, errors will be bypassed, and someone who wants to remain ignorant will, no matter how many hoops he has to jump through to do it. Most users aren't just ignorant -- they revel in it: how many times have you heard someone say "Oh, I'm just hopeless with computer stuff", followed by a smirk and a giggle? There ain't enough crypto in the world can protect that user.

Again in a car, you have a very small number of warning lights and gauges. The car doesn't confuse you with technical mechanical jargon. You let an expert do preventive maintenance on a regular basis, and if you have a major problem you call the expert. A similar approach is needed in computing.

Designing a security measure around the lowest common denominator will make everyone less secure, all in the name of making someone who wants to remain ignorant slightly more comfortable. And for the benefit of all of us who want real security, this is a very, very bad idea.

This entire idea that security needs to be complex is just plain silly. The reality is that security interfaces are often designed very badly by people with no people skills who cannot express themselves in language that a layman can understand.

Re:SSL

[Stray7Xi]

I hope that all of those people who thought that getting users to blindly accept self signed certs was a good idea are starting to feel a bit stupid now...

Why should I? Explain why being vulnerable to MITM is worse then being vulnerable to MITM and passive eavesdropping? The answer is not "because of a false sense of security" because I do understand the security concerns. No really explain, I'd like to hear why being vulnerable to eavesdropping is a GOOD thing.

The people that don't know better (and can't be taught by sane warnings) are still sending their one password over HTTP. They're still posting their identity on myspace. They still click untrusted links (and they're certainly not running noscript). In other words, their accounts are already poised to be owned.

Treat Self-signed same as HTTP and provide warning bubble (not a dialog) and both sides are better off.

Re:SSL

[Dolda2000]

That's great and all if you are an internet mechanic. But what if you just want to drive the damn car? For those people, who are the majority, those messages don't mean squat.

You know, before you drive a car, you're required to get a driving license. I've never really understood why people are expected to be able to use a modern computer system flawlessly without any education.

Re:SSL

[Dan+Harkless]

Yup, it has happened again, although VeriSign may or may not have been the negligent CA involved. Someone recently managed to get an SSL cert for login.live.com.

Scary Much?

[creature124]

I find the thought of this genuinley scary. Correct me if I am wrong, but we would have to change the BGP protocol itself to fix this issue. That isn't going to happen anytime soon I reckon, so I guess there is nothing we can do but encrypt senstive transmissions and hope for the best.

Re:Scary Much?

I find the thought of this genuinley scary. Correct me if I am wrong, but we would have to change the BGP protocol itself to fix this issue. That isn't going to happen anytime soon I reckon, so I guess there is nothing we can do but encrypt senstive transmissions and hope for the best.

Hell, lets 'fix' SMTP while we're at it... ;)

Re:Scary Much?

[dlgeek]

Well, no. Large ISPs don't have to accept and forward routes from customers without verifying them. The solution to this is the same as preventing forged IP source addresses: stop it at the origination point. If you're an ISP with customer A and customer A starts advertising routing for an IP range they haven't previously advertised, don't accept the advertisement and forward it up the chain until you verify that they actually should advertise that route.

Re:Scary Much?

[jd]

BGP is supposed to be authenticated between peers, but clearly not nearly enough. If IPSEC was enabled (it's likely to already be present) on all routers, then BGP traffic between routers would be guaranteed both encrypted AND authenticated. Or, if you prefer, there are a very very few other routing protocols for WANS - ESES probably being the one most taken seriously. (ESES is the exterior gateway version of ISIS. Both are mature protocols with a lot of hardware out there that can support them.)

Re:Scary Much?

[jd]

Fixed SMTP is called X.400.

Re:Scary Much?

[Randle_Revar]

XMPP

Re:Scary Much?

[Alascom]

BGP is authenticated, and using IPSec will not solve anything. BGP peers must configured the IPs of their neighbors, and in many cases an MD5 secret as well. This is pretty strong authentication. The point here, is that anyone can get a high-speed link from an ISP, and that ISP will talk BGP to you. Then you simply tell you ISP about your network through BGP, and also tell it about some additional network routes and the ISP passes it along.

The way to prevent this today, would be for the ISP that peers with you to know which IP blocks you own, any filter out any other routes your send over. But, this is a lot of work for the ISP so very few of them do it.

Re:Scary Much?

[ceoyoyo]

Are you transmitting sensitive stuff that's not encrypted? Perhaps this vulnerability is a good thing from your perspective. A very good thing.

Re:Scary Much?

[annodomini]

The problem is that this is a weakest link sort of attack. As long as there is one ISP that is being lazy and is not filtering routes, then they become a point from which the system can be attacked.

Re:Scary Much?

[Kalzus]

All sorts of folks run BGP w/o TCPMD5. They configure BGP peers that simply trust that an exchange's ARP is difficult to jack, therefore whomever has the matching IP and AS announcements must be who it says it is.

Re:Scary Much?

[William+Robinson]

Yes.

What about SS7? Though there are differences, it would be more scary, if GSM network could be brought down by anybody using similar attacks. R5 should make it difficult, but not sure whether it is used on routing layers.

Re:Scary Much?

[Kadin2048]

Not necessarily. You just need to do sanity checks all the way up the chain. Fixing the protocol is definitely the way to go, long term, but in the immediate future the problem can be minimized if everyone keeps an eye on those downstream from them.

It's much the same as with forged route advertisements. ISPs have to monitor and not unquestioningly accept routes from end users/customers. If some guy on a cable modem suddenly starts advertising routes to Yahoo.com's servers, it's probably best to not pass that advertisement along without looking into it first. Likewise, that ISP's ISP (in the case of a local or regional ISP) or the backbone provider or peers (in the case of a large ISP) need to check advertised routes before accepting them as well, in case the original ISPs admins get lazy and accept a route that they shouldn't.

It's a lot of work, but everyone needs to be diligent and critically evaluate information that's flowing up and asking to be propagated before they pass it along, from local ISPs all the way up to backbone providers.

Re:Scary Much?

[klapaucjusz]

ESES is the exterior gateway version of ISIS.

I may be wrong, but I was under the impression that the exterior protocol in the OSI suite is IDRP (Inter-Domain Routing Protocol). ES-IS (End-System to Intermediate-System) is the equivalent of ARP, but I've never heard of an ES-ES protocol.

(ES is the OSI term for host, while IS is the OSI term for router.)

Why this is not an issue:

[teknopurge]

BGP is almost always setup manually, at least when first configured. Network admins: DO NOT PUT UNTRUSTED PEERS IN THE ACLs. Joe smith running BGP on 123abcxxxhost.nl has no business being in your tables. If you're accepting adverts from any AS you deserve what you get.

The routing on the Internet has always been hierarchical: get updates from your upstreams. If they send you bad info you're SOL anyway, just like SSL certs and Verisign's root certs.

Re:Why this is not an issue:

[QuantumG]

RTFA.

Re:Why this is not an issue:

[annodomini]

The issue is, there are many peers who are considered to be the upstream, so if any one of then accepts bad routes, it gets propagated to all of the others. And they generally accept routes from the ISPs who are their customers, so if one of those ISPs itself sends them bad routes, it gets propagated to everything else. So really, as long as there is one weak link in the system, the whole thing goes down.

Re:Why this is not an issue:

[teknopurge]

I did, and the PDF, did you? The summary is _still_ enough to address this issue.

**Don't Peer with random ASs**

Re:Why this is not an issue:

[teknopurge]

Agreed, but this just means the upstreams need to have their feet held to the fire. Using my previous example AT&T BGP gear has no business accepting routes from AS 123abcxxxhost.nl that include netblocks for Google, Yahoo, Verisign, etc. None. If their border routers do take those adverts without any checking then hell needs to break loose at AT&T/ISP.

This issue doesn't require a technical solution or a New Wheel v2.0, it requires network engineers with a bit of security design/best-practice knowledge. Even if they picked up the damn phone and called someone on their security team to ask if it's an issue....

Re:Why this is not an issue:

[complete+loony]

Any business with redundant links to the net will most likely be using BGP to tell their ISP's about their IP addresses. Yes, there is a fairly large setup cost to run this hack, but the infrastructure is bog standard.

Re:Why this is not an issue:

[Lennie]

Actually that's not quiet what happens, AT&T already gets routes for Google, Verisign, Yahoo, etc. from their transit-provider.

Transit-providers should check very closely what they want to accept from there customers. The problem with all of this is ofcourse, the transit-providers peer with other transit-providers, they really can not check every single route they get from them. It's all about the weakest link, if one announces something a lot of others will get it.

For example we peer with Hurricane Electric, do you really think I want to or can check every single one of there 7032 routes they give us ?

So the verification should be automated.

The problem is how to do it.

If DNSSec would really be deployed, we could use that. In a way just like SPF-records are used.

You can bet good money...

[Caspian]

...that the good folks at the NSA (and/or the FBI, CIA, DHS, ATF, etc., as well as their counterparts in other nations) have been exploiting this for years.

Re:You can bet good money...

[inKubus]

Yeah, but they don't need to poison BGP to read our data, since they have access by the Tier 1 providers and telcos to the actual photons on the backbone fibers. And of course legal immunity now that they passed that bill.

Nay, this would best be used against other countries, where the NSA actually works.

Re:You can bet good money...

[jd]

If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people. This isn't really a security issue in the same sense broken encryption or the loss of unencrypted data is a security issue, though, so can someone icon and section to "mindless stupidity in protocol design" and/or add "Stone De Croze" to the tags?

Re:You can bet good money...

[CodeBuster]

Nay, this would best be used against other countries, where the NSA actually works.

Which is probably why nothing was done about it all of these years. The Congressional testimony was quickly buried as an 'unproven curiosity' in the footnotes of the meeting minutes and the NSA, CIA, and FBI probably took careful notes during the 'private demonstration' and then after shaking his hand told him that none of it ever happened 'or else' and quitely began exploiting it. This wouldn't be the first time that the NSA kept mum about flaws in commercial technologies in order to draw out the amount of time that the exploit remains viable (although they probably advised the US goverment to avoid BGP for sensitive or encrypted traffic).

Re:You can bet good money...

[ultranova]

although they probably advised the US goverment to avoid BGP for sensitive or encrypted traffic

BGP is what Internet routers use to tell each other what incoming traffic should be routed where. It isn't used for actual user data transmission.

Re:You can bet good money...

[KPU]

Home Depot? The store that sells wood is spying on my Internet access?

Re:You can bet good money...

[inKubus]

BGP is what Internet routers use to tell each other what incoming traffic should be routed where. It isn't used for actual user data transmission.

Yeah, probably it's best to avoid the internet for sensitive traffic. And they do. They have their own copper, fiber, microwave, and satellite telcom system. Yes, some of it is leased from the telcos but I doubt if the packets come anywhere near the internet routers.

But not all governments have the luxury of that sort of system and I'm sure a lot of them use the internet to communicate globally. That's why we generously helped them put in all those undersea cables...

Oh, by the way, there are "private" companies with undersea fiber that are not peered to the internet, and no one knows about them. Some things you can't trust the telco with.

The last thing you should trust is the Internet. Even with encryption, the way it works is on implied trust relationships. So does DNS, and so does the public key infrastructure. As other posters mentioned, you are relying on your upstream provider to give you clean routing tables. The advertised routes need to be the real best route to a closer hop. And somewhere there are the root servers which have the master tables.

An interesting way to maybe catch them would be to analyze the BGP tables (archive them somewhere and actually get a real list of good hosts). I know there are projects such as Route Views which attempt to archive the routing tables. This might be a start. You would need to whitelist people though, or blacklist certain subnets, and it sort of defeats the point of the Internet being open.

Re:You can bet good money...

[Randle_Revar]

If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people.

So they can tell if you have been going to Lowe's?

Re:You can bet good money...

[florescent_beige]

He meant the Department of Homeland Depot. It's the privatization of government, don't you know.

Re:You can bet good money...

[florescent_beige]

The one we all want to know more about is Victoria's Secret Service. I demand congressional hearings on, you know, that! Etcetera!

Re:You can bet good money...

[jrumney]

If that's the British DHS, the American counterpart is Home Depot

You're probably thinking of BHS, although B&Q and Homebase are probably closer matches for Home Depot.

Re:You can bet good money...

[gmuslera]

Dont attribute to malice what can be explained with stupidity... They know about this for 10 years.
They dont need it to spy on you, they took care of laws for that. But they will get hit, directly or indirectly because of this problem, and the only ones to blame here will be them.

Re:You can bet good money...

[rabiddeity]

Home Depot? The store that sells wood is spying on my Internet access?

Yeah, they really know how to put the thumbscrews on.

Re:You can bet good money...

[Requiem18th]

It's *always* the last one you would expect...

Re:You can bet good money...

[acb]

Well, several British ISPs were planning to deploy a system named Phorm which would intercept everybody's HTTP connections and insert cookies/custom JavaScript for ad targetting purposes, so perhaps the DHS thing was an earlier, more limited version of this?

Re:You can bet good money...

Come on, do you really think the NSA doesn't consider America to be an 'other' country? Those guys have been rogues from the beginning. They go where the snooping takes them; political borders are an anomoly.

Re:You can bet good money...

[houghi]

I also thought it strange that people went on talking many years ago how this was a security risk AND how it could be exploited without anybody knowing and now say that he is surprised that nobody said anything or did anything about it.

I bet he was not allowed to talk about it and the only thing the ??? saw was "You can abuse it without anybody finding out"

As if you say to a kid how to get the candy and that nobody will ever find out if they take any candy or not.

I wonder how many other people know about this next to governements.

Re:You can bet good money...

[ginbot462]

Well, maybe she shouldn't have moved next door (at least where I live).

http://maps.google.com/maps?f=q&hl=en&geocode=&q=hardware&sll=34.643509,-86.566547&sspn=0.00677,0.009913&ie=UTF8&t=h&z=17

so now we know what AT&T is allowing the NSA t

[DragonTHC]

This is the guy who taught the NSA how to spy on us en masse.

I'm glad he exposed the truth. Now we can protect against it. right?

Flaw revealed years ago

[sleeponthemic]

A hacker marauding by the name "Goatse" exposed it quite effectively some years back.

bring down the internet

[NotQuiteReal]

...he could bring down the internet in 30 minutes...

OK, So do it. Now.

Really.

(Just don't wait until I am 90 and on Internet based life-support, without my consent because my money-grubbing heirs are just waiting for such a thing to happen then :-)

I archive the talk

[stits]

It was really cool, opened a lot of peoples eyes. Here is the archive, http://www.stits.org/fp/Defcon_16/. Please don't flood it and only download it if you will use the info. I also took a ton of photos: http://www.flickr.com/photos/stits/sets/72157606608859399/ Hope to see you all next year!

Re:I archive the talk

[dcmorton]

I've mirrored it here as well http://defcon.chaoticadmin.com/

Re:I archive the talk

[NewToNix]

Thanks, I'm on my 5Th copy of the CD now, 10 will go out tomorrow morning via snail mail to very interested but bandwidth challenged friends. They will do the same. Beyond that --who knows. Your bandwidth and archival effort is appreciated. Nice Flickr set too...

Wait, you're telling me....

[Alsee]

Wait, you're telling me that they taught US intelligence agencies and the National Security guys how to attack the internet with man-in-the-middle attacks and exploits to fool routers into re-directing data to an eavesdropper's network...

and they didn't do anything to end the interception and eavesdropping problem???

I am shocked.

-

I'd trust Mudge on this.

[kwabbles]

The guy's been involved in many of security's moments in history.

Government is on it.

... testified to Congress... disclosed privately to government agents... described this to intelligence agencies and to the National Security Council

So in other words, the US government knows about the issue. This is the United States government, people! Obviously there is nothing to worry about. Like, come on, as if the US government would allow eavesdropping on the information highways to even be possible. Like come on, srsly.

If you have BGP peering...

[mbone]

There is a lot of harm you can do, least for a short while. But I have to say, this seems like a lot of FUD to me.

It is not trivial to get BGP peering, or to keep it if you are doing bad things. You will need one or more peers, and they will have to do this for you manually, not automatically. And (as I can attest) the AS prepending this attack relies on is a very blunt instrument.

Here are the troubles I see

- You need to be able to offer a better path from Point A to Point B than the existing Internet topology

- Unless you are Dr. Evil and can afford infinite bandwidth, this better path had better not also apply to a large chunk of the Internet, or you will get hosed with a lot of bandwidth (and, also, instantly stick up on the screens of NOCs all over the place) and

- If you are relying on AS prepends, these affect the path from you, but not directly the path to you. They are notoriously tricky and may stop working (because of changes in other people's advertisements) at any time.

So, to me, this is a might work sometimes for some people in some places, but probably not that well on a general basis.

The DNS cache poisoning sounds a lot worse, frankly.

Re:If you have BGP peering...

[mbone]

Oh, and you hear a lot about potential router route kits, but (at lest for the big vendors) not much about them actually being used in the wild. And, really, if you can root the routers of some big ISP, you don't need this attack to do a lot of mischief.

Re:If you have BGP peering...

[CodeBuster]

You need to be able to offer a better path from Point A to Point B than the existing Internet topology.

It has been done before. In fact for many decades during and after the Cold War the United States offerred some of the best quality data services at the highest speeds for cheap prices (subsidized by your tax dollars) merely to ensure that the majority of the international telephone and non-satellite data traffic passed through the United States somewhere along the way from Point A to Point B.

Unless you are Dr. Evil and can afford infinite bandwidth, this better path had better not also apply to a large chunk of the Internet, or you will get hosed with a lot of bandwidth.

As I mentioned above the US Government can afford a lot of bandwidth when they want to and they want to ensure that as many ISPs around the world chose our fast subsidized fiber backbones (I say backbones because last-mile service for consumers in the US still sucks hard core compared to Korea, Japan, and even Europe) to route their traffic across the globe (i.e. they lease bandwidth from US companies and the data passes through US borders). If some people don't think that US companies are complicit in this, *cough* AT&T *cough*, then the whole telecom immunity debate just went over their heads.

So, to me, this is a might work sometimes for some people in some places, but probably not that well on a general basis.

Better than none of the time so why not try and make the best of it if you can (NSA's point of view).

Re:If you have BGP peering...

[mbone]

The NSA doesn't need these games. They have access to the traffic on the real routes.

Re:If you have BGP peering...

Looks like he gets around all that by advertising a longer prefix.

It really comes down to the diligence of companies providing peering service. We peer with three, two of whom are really on the ball...
Contrary to what the author of the paper says, it is the big guys who seem most on top of this.

Re:If you have BGP peering...

Yeah, it would sound like those are really hard to imagine any one trustworthy entity doing, even with enough money and power.

Of course, there is that little matter of the US government eviscerating their laws regarding privacy, particularly with respect to snooping communications over networks like the internet. They're kinda big and powerful, and don't seem to care about appearing trustworthy these days. If the telecoms were to suddenly STOP cooperating (i.e. say there were a reversal of the recent FISA immunity decision and the telecoms all backpedaled), then they just might find this useful.

Hypothetically speaking, of course.

Re:If you have BGP peering...

[Kalzus]

I didn't read the material thoroughly, but that's indeed part of the weird; you need to target to intercept traffic for a specific area, implying a limited locus of sources.

You don't get to hijack, say, IP 11.4.3.3 worldwide doing this.

However, you're in trouble if a number of BGP operators decide to operate in concert. That's when the fun really begins.

So far, internet operators have used their powers for good (c.f. Usenet Death Penalty)... Or at least used them with good intentions.

Re:If you have BGP peering...

[DeadBeef]

I haven't come across a good technical description of the attack, but I expect that the AS path prepending is just to stop the transit AS that you are using to reinject the traffic from sending the traffic straight back at you.

ie. if you know AS666 is a transit for AS69 (that you are hijacking the traffic from), then you prepend AS666 in the path you advertise to the rest of the internet and bgp loop detection on the routers in AS666 will drop the bogus path and send your traffic to the real target AS69 instead.

Re:If you have BGP peering...

RTFA, will you?

Re:If you have BGP peering...

[CodeBuster]

The route subsidizing also ensured that just about every packet that passed from Europe to Asia or from South America to points elsewhere took a trip through the embark and debark points through the United States on their way across the undersea cable networks. Does anyone else remember the disclosure a while back of the "secret room" at the Verizon central office in San Francisco (where the cables go out from under the water and across the ocean floor) where a prism was installed to split off a copy of the data stream for processing by equipment in the hidden and off-limits room? Obviously the more of the worlds traffic passes through that room the better (from an intelligence gathering standpoint) so it makes sense to make that particular node a fast, cheap, and convenient hop on the route to all points elsewhere (so that everyone passes through there at some point along their way to somewhere else).

Re:If you have BGP peering...

[OriginalArlen]

You are assuming that only legitimate network engineers have control of their routing tables. What if your routers (or rather your backend auth database / PKI / enable password database) are pwned?

Re:If you have BGP peering...

[acb]

It has been done before. In fact for many decades during and after the Cold War the United States offerred some of the best quality data services at the highest speeds for cheap prices (subsidized by your tax dollars) merely to ensure that the majority of the international telephone and non-satellite data traffic passed through the United States somewhere along the way from Point A to Point B.

On a tangent: weren't Google buying a lot of dark fibre a few years ago, and/or even laying their own submarine cables? Some speculated that that was to build a private backbone between geographically distributed containerised data centres, though what if it that wasn't the entire purpose?

Re:If you have BGP peering...

[Epistax]

Well call me Dr. Evil. Comcast assures me that my connection is umlimited.

Re:If you have BGP peering...

[klapaucjusz]

It is not trivial to get BGP peering, or to keep it if you are doing bad things.

It's fairly easy to get if you're willing to pay for it. (Keeping it after you do bad things is a different matter, but you can just move to a different provider.)

- You need to be able to offer a better path from Point A to Point B than the existing Internet topology

No, you just need to advertise a more specific prefix. Be careful, though -- too specific, and you'll get filtered.

- Unless you are Dr. Evil and can afford infinite bandwidth, this better path had better not also apply to a large chunk of the Internet, or you will get hosed with a lot of bandwidth

Yes, you need to balance carefully the prefixes you advertise. Too specific and you get filtered, not specific enough, and either your path won't get selected, or you'll get too much traffic.

Sigh...

[ZarathustraDK]

'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.'

For a hacker he's pretty dumb. Everyone knows that the best way get attention directed to an exploit is to publish the entire kiddie-porn-folder of the person who can fix it, using the exploit in question.

A design: X says Y=Z.

[Animats]

I looked at this problem back in the early 1980s, when I was doing some work on TCP. I was trying to come up with a routing protocol that didn't require passing the same information around repeatedly, because backbone networks had very low bandwidth back then, and the existing routing protocols had either O(N^2) traffic or the "hop count to infinity" problem.

I came up with something called "Gateway Database Protocol", which was a scheme for passing tuples of the form "X says Y=Z" around. The idea was that any node seeing inconsistencies in "X says ..." would propagate the tuple back to X, revealing the problem to X.

This is enough to detect hijacking, but not enough to stop it. I'd worked out a scheme good enough to automatically correct erroneous data, but not one good enough to deal with the insertion of hostile data. The design goal back then was to guarantee that if the hostile site was removed from the network (perhaps forcibly), the system would then stabilize into a valid state.

That's not enough any more. But it is worthwhile considering that a routing protocol should have the property that if X's info is being faked anywhere in the network, X hears about it. BGP doesn't do that.

Re:A design: X says Y=Z.

[inKubus]

I posted earlier but perhaps some sort of after-the-fact analysis of the tables using an archive (something like Route Views) could be used to figure out who's good and bad, without having to change the protocol.

Re:A design: X says Y=Z.

[klapaucjusz]

I came up with something called "Gateway Database Protocol"

Did you write it down? Any chance you can provide a link?

Re:A design: X says Y=Z.

[Animats]

Did you write it down? Any chance you can provide a link?

There was a Ford Aerospace internal technical publication, but Ford Aerospace is long gone. I have a copy but no rights to distribute it.

Re:A design: X says Y=Z.

Check out the Byzantine Generals Problem. Making good group decisions when there are bad actors in the mix not easy to do efficiently because it can involve many rounds of voting or complex cryptographic functions.

Insult to injury

[ZarathustraDK]

Instead he chooses to reveal the exploit to the NSA.

Let me guess. Next he'll find Osama Bin Laden, and then tell everyone using youtube.

ESES is mature?

[thegameiam]

I've seen implementations of ISIS, and have deployed it myself in both IP and ATM environments. I've never seen an actual deployment of ESES, and I've never heard of one either. I've encountered ISIS adjacencies which don't form correctly, and come up as ESIS, though.

What hardware supports ESES?

Re:ESES is mature?

[macdaddy]

I run IS-IS on my own SP network. I don't believe I've ever encountered any platform that support ES-ES though. I can't even think of any recent implementations of ES-IS for that matter.

Re:ESES is mature?

[thegameiam]

The only time I've encountered ESIS is when I haven't set up my NSAP correctly and the adjacency isn't fully formed.

Latency jump

[Bill,+Shooter+of+Bul]

The whole MITM thing would raise a flag unless the attackers were close enough to the real routers for the ip address block it was hijacking. Several companies I know notice when BGP screws up and doubles their latency. They notice and complain loudly.

Re:Latency jump

[Lennie]

That was exactly what I was thinking about when I read the article.

Correction

[thegameiam]

- If you are relying on AS prepends, these affect the path from you, but not directly the path to you. They are notoriously tricky and may stop working (because of changes in other people's advertisements) at any time.

Not quite.

Prepends affect your outbound announcements, and this affects inbound traffic to you. Prepends are the most effective tool for BGP manipulation because they're transitive - announcing more specifics works too, but that's not quite the same thing.

Re:Correction

[mbone]

Prepends affect your outbound announcements, and this affects inbound traffic to you. Prepends are the most effective tool for BGP manipulation because they're transitive - announcing more specifics works too, but that's not quite the same thing.

Yes, I always get that reversed. Thanks.

What did he expect?

[frovingslosh]

a drastic weakness in the Internet's infrastructure ...to eavesdrop on Net traffic in a way that wouldn't be simple to detect. ... testified to Congress in 1998 ... disclosed privately to government agents how BGP could also be exploited to eavesdrop. '..... We described this to intelligence agencies and to the National Security Council, in detail.'....

Great, give the very people who want to abuse this the most the inside details, then show shock when it isn't fixed.

Oh, just great!

[Jane+Q.+Public]

He gives the information to "national security" 10 or 12 years ago, and we only find out about it now!!!

Thanks for nothing, guy! I am sure the NSA had a real heyday using this information to spy on us without our knowledge.

Should we lynch him? Or just refuse to employ him because of his lack of judgment?

Re:Oh, just great!

[inKubus]

Dude, l0pht aka @stake sold out in the early 2000's. Their only claim to fame was their work on the CdC "Back Orifice" and of course "l0phtcrack", which just tricked out LM passwords from cleartext, big deal. Everyone knows about BGP!

He (Munge) turned it into a deal, and now he works for BBN. That's where the money is (or has been). Just because someone was at Defcon once doesn't mean he's not working for the Feds. There are some benefits to working for the government.

It's nice how they've packaged this presentation but this is not news really.

Re:Oh, just great!

[Jane+Q.+Public]

I am familiar with l0phtcrack... I used it to reset a password or two back in the day. It came recommended (believe it or not) by one of the higher-ups in Microsoft network security.

Oh... but it did more than just sniffing cleartext passwords. It would also decipher encrypted passwords over the net, given plenty of time. And it could be used to crack encrypted Hosts passwords.

I always wondered why they did not follow it up.

Re:Oh, just great!

[inKubus]

Yeah, I was exaggerating. Mudge was pretty good. But to say that he sold out the Internet to the Feds is pretty false. I mean, they built it, and the dudes at the NSA have long known about the intrinsic properties of BGP. BBN built a lot of it, actually, which is sort of ironic.

It is weird though that you saw them drop off the map (along with a lot of other high profile people) after 2001 and now a lot of them work for the Feds. But like I said, that's where the money is (or was).

Re:Oh, just great!

[gujo-odori]

Not exactly weird. If cracking networks, etc., is your bag, and somebody offers you a high-paying, stable job where you can not only spend your time doing that, but doing it without fear of prosecution, that could be kind of hard to turn down.

rather silly self grand standing

[timmarhy]

the problem with such a man in the middle attack is you are almost assured of being caught. unless you are sitting in the same complex as a backbone link someone is going to notice the huge spike in network laytency and track down where it's comming from. also since your inserting yourself between peers, it's like painting a giant target on yourself, similar to the target bubba from C lock is going to paint on your buttocks after the feds throw you in jail....

Pakistan and YouTube

[russotto]

Didn't one Pakistan ISP rather graphically demonstrate problems with BGP when they null-routed YouTube worldwide?

Re:Pakistan and YouTube

[Percy_Blakeney]

You didn't read the article, did you? Several slides were dedicated to exactly that situation.

Spying!

We described this to intelligence agencies and to the National Security Council, in detail.

So this is how NSA is spying on me huh?

Let the Rickrolls begin!

[randall77]

Enterprising hacker hijacks BGP and Rickrolls the whole world in 3... 2... 1...

Biggest security hole?

[uberjoe]

You mean the user right?

Everything is just damn broken

[maillemaker]

You know, every day it seems there is another article about some other exploit discovered. Given the fact that DRM has been demonstrated to be doomed, I think we are seeing that basically all security is doomed. I think we truly are on the cusp of zero privacy. Basically we are at the point now where if someone wants to know about your electronic data, they can do it.

this is one of those exploits

[circletimessquare]

that requires one teensy weensy detail to work (in other words, one huge wonking detail)

here, it is to be a bgp level peer

kind of like i can empty a bank of all of its money

all i need is the key to the safe

yeah, minor detail

so do i panic now?

So you told the NSA...

[Sfing_ter]

So you told the NSA, the NSC and Congress all about this and they listened intently then sent you back to your lair/playpen/d&d fest whilst they began setting up MITM listening networks, and you did it FOR FREE. I'm sure they are eternally grateful for all you've done to make monitoring us that much easier. At least it works for everyone, so if you're not eavesdropping it's your own fault.

As my friend AJ used to say,"I'll work for $5 an hour, just let me take the trash out once a day".

IP Prefix Interception... not new

[Leto-II]

So how is this so groundbreaking? IP prefix interception has been studied and discussed already. For instance:

A study of prefix hijacking and interception in the internet

from Sigcomm 2007.

Seems to be a much better work than this Defcon presentation.

ipv6

yeah... fud shut get ipv6 up and running in no time... go on... =)

US Government can't be trusted

[wshwe]

The US Government is using this exploit to spy on everyone.

Re:US Government can't be trusted

[gujo-odori]

s/The US Government is/governments are/

There, fixed that for ya.

Do you really think government anywhere is trustworthy, or that only the US government would use this technique?

This technique isn't even hard. I used to work at an ISP in Japan that once spent the best part of the day off the Internet because an incompetent router admin in the ROK was announcing our IP space. We finally managed to get the guy on the phone, only to find that his ability to either speak or comprehend English was negligible and that he spoke no Japanese at all. By then, he seemed to have some clue that he'd screwed up and said he was working on it (I wouldn't be surprised if he announced routes for other ASes than ours). When my jaw really hit the floor was when he managed to explain that he had done this before. He obviously didn't get reamed by his boss enough the first time he screwed up like that.

As soon as I started reading TFA, I thought "I bet I know how they did it" - and I'm no CCIE level network engineer - and it turned out I was spot on. The technique is simple enough that I'm sure L0pht Heavy Industries 10 years ago were nowhere near the first group to come up with an attack like this. Heck, they probably didn't tell the NSA anything they didn't already know. Any CCIE could devise an attack like that, and so could quite a few people who aren't CCIEs.

Spying on a large group of Internet users would require tremendous bandwidth and hardware, however - what you might call a rather conspicuous amount of both. It's also not something that would go unnoticed for a really long time by the network engineers at large networks. It might start with a customer complaint of long ping times into their network, or it might start with a neteng looking over the BGP table for something unrelated and thinking, "That's funny" - but it would certainly be noticed. Routing all the traffic for a large AS in, say, the UK through, say, New York, would not go unnoticed for very long.

The best way to conceal an attack like this would be very near the target network. For example, if you were trying to pick off all traffic bound for a regional ISP, you put your sniffing setup in the same colo facility where they are located.

If the target is a national ISP in a large country - the kind that is likely to have multiple ingress points to their network - the attack becomes more complicated. You have to either be in all their colo locations if you want optimum concealment (and if they are large, they probably own the colo, making it trickier to hide what you're doing), or you need to pull all their traffic through your single location, which is more likely to be noticed.

Another good technique for concealing this kind of attack is to not use it all the time. For example, if you know that there are users on Network A on whom you'd like to spy, and that they are communicating with users on Network B, on whom you'd also like to spy, you have a couple of options. One is to randomly announce routes for Network A (and maybe network B at the same time) for some fairly short period of time and at random intervals long enough to let the BGP state go back to normal, and hope you catch something. Another approach is to use some other intelligence sources to figure out the time of day when the communication usually happens and do your intercepts at that time, then turn them off.

If I can think this up - and I've even been out of the neteng business for over 5 years now - the people who do things like that for a living have not only known about it for many years, they were probably thinking "It took L0pht until *1998* to come up with that, and anyone else another 10 years to come up with a usable exploit?!"

So *That's* How They Do It

[Doc+Ruby]

So these guys go and convince the spooks that the Internet can be hijacked for comprehensive but totally stealth eavesdropping. And the spooks "don't do anything about it".

Except they do, don't they. The spooks go ahead and snoop the entire Internet. For the last 10 years.

I'm surprised at only the fact that the L0pht guys and others are still alive and running around loose to tell anyone that the spooks have known how to do this for this whole time.

Why is it taking so long for all Internet traffic to be encrypted end to end by default?

Re:So *That's* How They Do It

[Jizzbug]

You didn't know the government snoops on you at the BGP peering facilities that they own anyway (and lease to Verizon)? You don't need a l0pht guy to tell you that! Any respectable Linux/UNIX or Cisco/Juniper administrator working for ISPs could testify to you the same.

The reason it is dumb to encrypt all traffic is that it is easy to factor large semi-prime numbers (they'll tell you how it's easy in another 10 years). So we waste resources and electricity encrypting our traffic only for the government to waste resources and electricity decrypting our traffic. Think of the earth and the environment, man!

Security is theatre. Stop being afraid of acting!

Re:So *That's* How They Do It

[Doc+Ruby]

It's not so easy to decrypt all of our traffic. In fact, there's so much of it that decrypting all of it, or even a substantial amount of it, is prohibitively expensive for even the wastefully spending US government.

The point of encryption is to make it a lot harder, but not impossible, to snoop than it is to just talk. Combined with the massive parallelism of the Internet's very many users, even the NSA is overwhelmed.

Real security is not theater, it's real. Security theater is indeed fake, but that's the minority that we do what we can to eliminate.

But hey, since you're not afraid to discard security, just post your bank, account# and PIN. I'll act like I didn't rob you.

SLASHDOT SUX0RZ

You called? Sorry I'm late

The Internet's Biggest Hole Revealed at http://goatse.cz/

Not really the unsafe choice.

[Kadin2048]

> So Firefox's solution has been make it hard to pick the unsafe choice.

Except they really haven't. They've made it hard to make the sorta-kinda-theoretically-less-safe choice, the one that might result in a MITM attack, but in doing so they discourage SSL use generally.

Do you think that hypothetical user you're talking about is going to notice whether the page is using SSL or not? I doubt it. And a lot of companies seem to agree, and use plain old HTTP for all sorts of stuff when they shouldn't (we just had an FPP on this a few days ago, in fact).

As script-kiddyable as MITM attacks may get, they're never going to be as easy as just sniffing unencrypted traffic, and any time you make encryption difficult or complicated, that's the alternative people use.

redirection attacks

Some bgp attacks of similar nature have been shown in simulation. This is a paragraph from a related research paper: "This attack can be viewed as a variation of the well-known man in the middle (MITM) attack, in which players are ASes and messages are intercepted in one direction instead of both directions. Furthermore, it is more powerful than the MITM attack in the sense that it can affect traffic not just between two players, e.g. Alice and Bob, but between a number of sender ASes and one receiver AS, where each of the involved ASes bears a large number of end users. The impact of the false announcements made by the compromised AS depends on the topological properties of the compromised AS and the victim AS. Intuitively, if the compromised AS is located near the core of the AS topology it will affect more ASes. Also if the victim AS is located at the periphery of the AS topology it is more vulnerable to an attack." The full paper can be found in http://www.informs-sim.org/wsc04papers/038.pdf

brilliant

[binaryseraph]

Oh great idea, lets go straight to the NSA, FBI, CIA, SS and any other agency out there and explain in full detail how to spy on the entire world. Wow, real shocker they didn't fix this one. Even bigger Internet Security Hole: Best Intentions.

Re:brilliant

My dear boy, what makes you think that isn't exactly what they have been using all these years? It's not like it's not been a large elephant in the room for a long time and the fact that it stayed rumour for so long can't be an accident.

I would wager our dear researcher is not going to be flavour of the month in Washington or with the NSA.

So It would seem

[Jimmyisikura]

I agree, anything that can hijack a major protocol is seriously a problem, and the fact that they are demonstrating how to do it is even worse. The only good thing I can see is that I can't think of any REAL nerds who would WANT to take down the internet.

One Word

[Nom+du+Keyboard]

One word: encryption.

End-to-end encryption prevents eavesdropping.

Re: giving away private keys = urban legend

They gave away Microsoft's private keys to someone who called them

*cough*Bullshit*/cough*

Read up a bit on PKI. Hint: The CA only signs your public key. When you request a cert, you do NOT give your private key to the CA. It wouldn't be a secret if you did that. And since the CA never sees the private key from the cert request, they don't have anything to give away except their own private key for the CA itself, which they're sure as hell going to keep secret.

Please tag "masturbatingmonkeys".

Thank you!

ESES?

[trashbat]

European Solar Engineering School?
Electrical Status Epilepticus during Sleep?
Event-Space Exploration Strategies?

Re:ESES?

[OriginalArlen]

I think jd meant IS-IS.

Re:ESES?

[ginbot462]

maybe it was phonetic :)
--
MM-EYE-K

Re:ESES?

[Eunuchswear]

IS-IS is an Interior Gateway Protocol (IGP) meaning that it is intended for use within an administrative domain or network. It is not intended for routing between Autonomous Systems (RFC 1930), a job which is the purpose of an Exterior Gateway Protocol, such as Border Gateway Protocol (BGP).

So not many people are going to be using IS-IS instead of BGP

Not really news, is it?

[fjollberg]

The issue of routing table poisoning isn't exactly previously unknown, and I guess quite a few have at some point suffered from problems with incorrect routing tables, which is essentially the same thing, though unintentional. There are techniques for limiting the problem, and I believe the "wasn't believed practical" to a rather high extent still holds for real purposes. I may be proven wrong.

Re:Scary Much What?

Where's the news actually? BGP is out there for some time already.

Route poisoning can happen anyhow no big deal in BGPland unless holding very strict and extremely resource consuming receiving policies, which is plain unaffordable with 1500000+ announcements at any IX of your choice, changing quick in hard times.

BGP and the entire network infrastructure come from times of 'we can trust each other' innocence, the base concept itself is flawed and hard to change entirely in 'cost contain' times.

Not only (any) government agencies maybe in their right, but whoever is smart enough to get a peer in an IX: can be done.

Watch the AS of your traceroutes, if they aren't (yet) blocked by your ISP. Otherwise use massive encryption wherever possible and pray for the segment without encryption. Or trust people not to be all evil, common sense also an option.

RTFA too: the guys propose SBGP, bgp with signatures, I bet JunOS easily and IOS could afford it with stronger CPUs.
Conclusion: was a nice marketing stunt. Anyone heard of DNSSEC mass deployments so far? The world ain't ever gonna be immaculately perfect. Hear hear.

Nothing to see here, move along.

unqualified comment

Just for setting this clear:
The biggest security hole to the internet is the human beeing! ;)

I think not

[DrHyde]

A man-in-the-middle attack on BGP would require that you intercept and re-write BGP data. The only place to do that is if you can insert some hardware on the physical route between two BGP-speaking routers. That is, on the cable between two ISPs that are peering with each other or have a transit agreement. While the BGP protocol could, in theory, be routed across the internet, my understanding is that in practice it never is.

Add to that that to successfully perform such an attack, you would need appropriate (expensive) network interfaces and hardware capable of speaking fast enough, and this "attack" becomes something that needs a *lot* of resources to pull off. Sure, governments and big corporations can do it, maybe big organised crime could too, but yer average bedroom cracker couldn't.

And why would the big boys bother anyway, when they can just announce bogus routes?

Re:I think not

[spydum]

Announcing bogus routes was exactly what the presentation was about.. Someone didn't RTFA. The nasty trick was, they could disguise themselves and make it appear like a seemless hijack to the end user.

Re:I think not

[klapaucjusz]

While the BGP protocol could, in theory, be routed across the internet, my understanding is that in practice it never is.

Quite the opposite. iBGP is almost always routed (within a single AS, not across the public Internet, though), and eBGP is routed whenever two neighbouring ASes don't have routers on the same link, which is fairly common.

Re:I think not

[Lennie]

It's probably easier to just connect to an Internet Exchange, getting a PC-router on 100Mbit port isn't really all that expensive.

Re:Scary Much What?

[nahdude812]

BGP poisoning enables a man-in-the-middle attack; encryption will only work with either a pre-shared key, pre-shared identities, or a trust infrastructure such as ssl.

Unfortunately most protocols don't have these as options; if they support encryption at all, it's with neither any explicit prior knowledge of the other party nor trusted certificate authority. This means that passive sniffing is blocked, but man-in-the-middle is just a little harder than it would have been, but still entirely feasible.

Disclosure

[db32]

And you told the government how to do it? The government that has changed FBI regs to allow spying on citizens not suspected of crimes? The government involved in that whole illegal wiretapping?

Thanks...

Asshole...

Just have to pretend for a small slice

[originalhack]

You could claim to have a better path from Bank of America's SMTP servers to Time Warner Cable's SMTP servers. Then, request password resets for a bunch of accounts and intercept the emails with the tokens.

As long as you can handle the bandwidth for that small slice, you've done it.

Route Filtering

[thegameiam]

It's not universal, but a substantial number of ISPs do filter the routes of their customers. A few of us gave a tutorial on the subject at the NANOG 43. Unfortunately, most ISPs don't filter their peers, so once a bad route gets injected somewhere, it'll tend to get passed on repeatedly. The IRR projects, as well as both SO-BGP and S-BGP are designed to try to mitigate that.

Re:so now we know what AT&T is allowing the NS

[lucifuge31337]

The NSA doesn't need stupid BGP tricks to eavesdrop on Internet traffic. They can take over rooms at peering point and put in optical splitters to their heart's content.

Re:so now we know what AT&T is allowing the NS

[DragonTHC]

you're probably right. They probably put the BGP bug in there in the first place.

IPv4 specific?

[Midnight+Thunder]

Can anyone who is familiar with this tell me whether this is an IPv4 specific issue, or whether it would impact IPv6 as well?

Re:IPv4 specific?

[Lennie]

BGP is used to handles announcements of IPv4- and IPv6-routes, so no this is not IPv4-specific.

Excellent Work

[HitScan]

"'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.'"

That's some smooth work right there. Later that year he also explained in detail to a guy in a mask and trenchcoat that the vault at his local bank had a serious flaw, allowing access to anyone with a little time on their hands. I'm sure that guy got right on it.

Re:Scary Much What?

[Dan+Ost]

Secure communication over untrusted medium is a solved problem.

Hell, Diffie-Hellman key exchange is older than I am.

So, the moral is that any protocol that cares to protect itself from MitM
attacks can. The current problem is that many protocols currently in use
don't bother (either from laziness or from the fact that they were
designed during a more trusting age).

I am a network engineer, this exploit is nonsense

This exploit doesn't alter the behavior of BGP in any way. What this exploits is that there is no existing capability in the BGP protocol to sanity check a prefix and its announcer against an authoritative list of prefixes and owners on the fly. This can however be accomplished manually via prefix filters on BGP peerings.

http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1175412

Some attempts have been made to create authoritative route registries from which filters could be updated via scripts, but they are not necessarily used everywhere. Note the email discussion in the faq below is eight years old.

http://www.irr.net/
http://www.irr.net/docs/faq.html

In conclusion, handwaving and drama queening aside, this is nothing new and solutions to the problem exist.

"bring down the internet in 30 minutes"

[nurb432]

If hes legit, please do. Before lunch if you don't mind.

Market Data

[smist08]

I think it will provide a good way to get good marketing data. For instance count the number of Windows Updates by Windows version to see what the true market share of 98/2000/XP/Vista really is. See the market share of various Linux's and other programs that automatically update or call home. Would be good to see real data, since these would be systems in use and not shelfware. Much better than relying on estimates by places like Gartner or Forrester. I'll have to get the market research department on this right away!

This only matters

[nurb432]

If you don't encrypt.

Re:Scary Much What?

[nahdude812]

Diffie-Hellman is vulnerable to man-in-the-middle attacks if you don't have a way to verify the signing keys of either side (that's what I was talking about in my previous post).

It provides encryption, not endpoint authentication.

You lack vision.

Sorry, no! You are working under the same premise of the routers. You are thinking as a BGP router does. In reality you only have to lie that you have a better path and you only have to lie that you have better bandwidth.

Basically, they're just feeding gullible BGP routers with /32 host routes.

It may indeed be a "blunt instrument", as you say. But, hammers are blunt instruments and they, like this exploit, work exceptionally well.

These guys have demonstrated and publicly proven the technique to work effectively. Your lack of "vision" doesn't make the vulnerability any less real or the exploit any less effective.

Trust US, not them

Maybe he did it as a patriot. If this was discovered by other countries first they could use it against us and we wouldn't have a clue about what was going on or where to start fixing it.

Re:Trust US, not them

[binaryseraph]

Wait, all countries are not connected to each other?

More than one IP network

[jaredmauch]

There are numerous IP networks out there. Some of them eg: SIPRNET referenced above, are private networks. There are methods to insure the privacy and integrity of these elements and devices. The same can be done and said about some corporate security practices. The drug companies are very careful about protecting their secrets so they can obtain patent protection. The same general model applies to classified communications as well. You have protection for a period of time, then after that it expires. Think of all the documents that have reached their "declassify" date in the past few years, from the Mob+Castro plot to others.

But yes, there is more than one network built with the Internet Protocol (IP) networking technology.

Re:More than one IP network

[lgw]

Well, to be an "internet" one would have to connect numerous local networks with a larger-scale infrastructure. The military does this. The NSA presumably does this. I'm not sure that there's an "internet" for other classified information - it wouldn't surprise me if the real secrets were still on a simple network of mainframes.

Re:I am a network engineer, this exploit is nonsen

[beatbox32]

In a bid to play 'Mr. Network Engineer Smarty Pants', it seems you failed to find the time to read the actual presentation slides. It doesn't claim to alter the behavior of BGP. It simply exploits the lack of security-conscious network engineers and/or registration security holes.

BGP Monoculture

[Ungrounded+Lightning]

I've worried about the possibility of BGP poisoning attacks myself, but only because we have a virtual monoculture ...

BGP is a near-monoculture because the standards document is not adequate for buidling a working implementation, while a broken one breaks not just the box running it but much of the net (and essentially all of it that has traffic that should go to or through that box).

The protocol has negative feedback and delay, which results in oscillation ("route flapping") if nothing is done about it. The current workarounds for this are arcane and not well known.

Because deploying a broken BGP implementation breaks things so badly, ISPs are very loath to switch to boxes that don't have a proven BGP implementation. So one of the biggest barriers to entry for an equipment manufacturer is licensing customer-trusted BGP code or finding the rare talent with the occult knowledge, building their own, and then convincing the ISPs that the implementation is safe.

As a result there are VERY few BGP implementations deployed. Last time I looked - a few years back - there were three: The original (don't recall who did that one), Cisco's, and Redback's. Getting its BGP accepted was a significant part of why Redback's Smartedge product line was slow in breaking into the market.

This near monoculture also means that, in addition to the exploits inherent in the protocol, any implementation-specific security flaws will have a very large target population for exploits.

Duh, this is how it was designed to work!

[gschwim]

I find it very interesting that in this day and age, some "security researcher" can present on this subject and illicit an OMG-end-of-the-world reaction from people (primarily the press).

BGP was designed to work this way. The "hack" they described is not a hack but a key feature of the system. There is an implied level of trust one must have with their peers. When that trust breaks down, or isn't there to begin with, trouble can be found.

Yes, there are methods that can be put in place to prevent this, e.g. filtering at the end of the provider networks. There are cases, however, where that may not be option. Also, it is a point that while one nonconformist to proper edge filtering is bad, it is certainly better than everyone not filtering.

Other things put in place to help the filtering include the Routing Arbiter Database (radb.net). This allows providers and their peers to publicly define the address ranges that will be expected to originate from a given AS. Automation can be performed against these datasets, and filters generated on the fly. Many providers do this already.

Just because not everyone does this, does not mean it is the end of the world. If someone does exploit this, it is usually pretty easy to see where it is coming from. I've seen it happen before myself.

Nothing new here, guys... move along.

Don't give RIAA/MPAA BGP!

What about if someone like MediaSentry, or whatever name the MPAA/RIAA jocks have this month, used a BGP attack to redirect all of your download traffic via their Internet connection so they could spy on all of the tunes you're downloading?