Interesting People mailing list archives
Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
From: David Farber <dave () farber net>
Date: Thu, 28 Aug 2008 05:45:34 -0400
Begin forwarded message: From: "Steven M. Bellovin" <smb () cs columbia edu> Date: August 27, 2008 8:19:18 PM EDT To: dave () farber netSubject: Re: [IP] Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
On Wed, 27 Aug 2008 18:44:14 -0400 David Farber <dave () farber net> wrote:
Begin forwarded message: From: "Patrick W. Gilmore" <patrick () ianai net> Date: August 27, 2008 6:18:06 PM EDT To: dave () farber net Cc: "Patrick W. Gilmore" <patrick () ianai net> Subject: Re: [IP] The Internet's Biggest Security Hole | Threat Level from Wired.com On Aug 27, 2008, at 5:14 PM, David Farber wrote:http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.htmlI agree Alex & Anthony deserve major kudos, if for no other reason than doing it at Black Hat in real time. Way to go guys! However, this is not amazingly new information, it has been discussed for over a decade. At least I know I made my first attempt in 1998, and I am pretty damned certain I wasn't the first.
Indeed -- this is an old attack. The update page -- http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html -- gives more of the history. It goes back at least as far as my 1989 paper (see http://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf for the annotated version from 2004) and Radia Perlman's 1988 dissertation on routing security. As I told Wired, "the good guys have been warning about this for 20 years, and nothing has happened!" --Steve Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 27)
- <Possible follow-ups>
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 27)
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)
- Message not available
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)
- Message not available
- Message not available
- Message not available
- Re: The Internet's Biggest Security Hole | Threat Level from Wired.com David Farber (Aug 28)