Re: The Internet's Biggest Security Hole | Threat Level from Wired.com

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: August 27, 2008 8:19:18 PM EDT
To: dave () farber net
Subject: Re: [IP] Re:   The Internet's Biggest Security Hole | Threat  
Level from Wired.com

On Wed, 27 Aug 2008 18:44:14 -0400
David Farber <dave () farber net> wrote:

> Begin forwarded message:
>
> From: "Patrick W. Gilmore" <patrick () ianai net>
> Date: August 27, 2008 6:18:06 PM EDT
> To: dave () farber net
> Cc: "Patrick W. Gilmore" <patrick () ianai net>
> Subject: Re: [IP] The Internet's Biggest Security Hole | Threat
> Level from Wired.com
>
> On Aug 27, 2008, at 5:14 PM, David Farber wrote:
>
> > http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
>
> I agree Alex & Anthony deserve major kudos, if for no other reason
> than doing it at Black Hat in real time.  Way to go guys!  However,
> this is not amazingly new information, it has been discussed for
> over a decade.  At least I know I made my first attempt in 1998, and
> I am pretty damned certain I wasn't the first.
Indeed -- this is an old attack.  The update page --
http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html -- gives
more of the history.  It goes back at least as far as my 1989 paper
(see http://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf for the
annotated version from 2004) and Radia Perlman's 1988 dissertation on
routing security.  As I told Wired, "the good guys have been warning
about this for 20 years, and nothing has happened!"



                --Steve Bellovin, http://www.cs.columbia.edu/~smb




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com