Found quite an interesting story on slashdot a few days ago: http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
Apparently the aging Border Gateway Protocol, which is used within the Internets backbone, has a potentially large flaw / vulnerability in its design.
Due to BGP being designed to be used in a trusted environment where every server is considered to be legitimate, it will trust a unknown server and route traffic through it if told it has a better route. As is shown in the article above, this is able to be exploited to gain complete access to all traffic being routed on that segment of the Internet.
Should this be a cause for concern? Most probably, yes. Whilst encrypted data isn't really affected by this, the web is still basically all unencrypted, with the exception of a few banking and specific services. Hell, even Hotmail is by default only using encryption whilst the username and password is authenticated.
This brings up once again just how easily data can be garnered from unsuspecting users, who have quite a false sense of security in the Internet.
What is really interesting is the fact this flaw was made known to Governments 10 years ago, and yet nothing was done. Not really a fan of conspiracy theories, but this does bring up some rather interesting thoughts...
Tuesday, September 2, 2008
Subscribe to:
Posts (Atom)
