The Internet's Biggest Security Hole Revealed

At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.

Re:Fun fun fud

[Kingrames]

Depends on how much you value your privacy, Mr. Stephen P Wallagher of 4242 Green Leafy Forest Terrace, Springfield, Ohio 55538, Phone number 1-900-Hot Dude, alias "Lovestospooge."

fixed.

Re:The man in the middle

[gnick]

How can a title including 'The Internet's Biggest ... Hole' not be kicked off with a goatse joke?

Re:Fun fun fud

Let's put it this way. Email right? It's delivered between hosts completely unencrypted. Imagine you could sniff all the email passing into, say, the white house.. would that be worth something?

Note, I've also given you the hint to prevent this bullshit from being a problem.

So we need to destroy the White House?

Re:Fun fun fud

[RuBLed]

Anyone have any insight as to how serious this ACTUALLY is?

Yes. Someone had managed to re-open the goatse.cx site again.

if you don't believe me, you know there is only one way to find out

Re:Fun fun fud

[Z34107]

Monoculture is bad? Good thing Internet Explorer offers a different take on W3C standards...

I kid, I kid.

Re:Fun fun fud

[jd]

Heh. Standards should be the starting point, not the end goal (or, in IE's case, the work of fiction based on the screenplay based on a True Story of one man and his chair).

Re:Fun fun fud

No, it gets sent through Dick Cheney's hotmail account.

Re:You can bet good money...

[KPU]

Home Depot? The store that sells wood is spying on my Internet access?

Re:Fun fun fud

What, you didn't get your secret decoder server?

Re:You can bet good money...

[Randle_Revar]

If that's the British DHS, the American counterpart is Home Depot, and it should be obvious why they'd want to spy on people.

So they can tell if you have been going to Lowe's?

Re:You can bet good money...

[florescent_beige]

He meant the Department of Homeland Depot. It's the privatization of government, don't you know.

SLASHDOT SUX0RZ

You called? Sorry I'm late

The Internet's Biggest Hole Revealed at http://goatse.cz/

Re:The man in the middle

[Bill+Hayden]

He said he doesn't want to see duplicates... why are you sending him to Slashdot's main page?

Re:The man in the middle

[Achromatic1978]

Not the good looking, sweet smelling, celebrity vagina.

Having seen (or been subjected to), as we all have, to upskirts of Britney, Paris, etc, I gotta say that "celebrity vagina" is by no means universally "good looking, sweet smelling"...

Re:The man in the middle

Over +9000!!!

Re:Fun fun fud

[Alsee]

Whew! Good thing you clicked the "Anonymous Coward" box when you posted that!

-