The Internet's Biggest Security Hole Revealed

At DEFCON, Tony Kapela and Alex Pilosov demonstrated a drastic weakness in the Internet's infrastructure that had long been rumored, but wasn't believed practical. They showed how to hijack BGP (the border gateway protocol) in order to eavesdrop on Net traffic in a way that wouldn't be simple to detect. Quoting: "'It's at least as big an issue as the DNS issue, if not bigger,' said Peiter 'Mudge' Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. 'I went around screaming my head about this about ten or twelve years ago... We described this to intelligence agencies and to the National Security Council, in detail.' The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network." Here's the PDF of Kapela and Pilosov's presentation.

Re:Fun fun fud

[old+and+new+again]

worse thing is, it's there, and the new picture is even worse than goatse

Re:Fun fun fud

[SupremoMan]

I can see it now:

To gwbush@whitehouse.com

Dear Sir or Ma'am,

I wealthy Nigerian business person. I have been very ill and I do not have son or daughter to whom to leave my vast fortune. I decided to leave all my moneys, in sum of 10 million US Dollars to you. All I need to make this possible is for you to give me your bank account and wire transfer number.

Sincerely,

Lord Jimbo Wazuu of Nigeria

Followed by:

To: Jwazu@nigerianhost.com

Listen here Jimbo. I am very excited about your proposition. I have no problem in taking money that does not belong to me. But I will have to talk to Dick to get my bank info. See I don't keep track of all that stuff, I let him handle it, and most of everything else. I'll have him email you shortly.

Yours,

Dubya