Home Search First Look Rules Help TheDaddy.org BlogLogin/Register
By bye hackers
Geek learns how to take down the internet chaos ensues - 1 to 7
Return To Techy Corner

General*
Windows Bob - the best!
Mon 1st Dec '08 9:13PM
4213 Posts
General's Avatar
Member Since
7th Apr '03
http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky

This is an unbelievable story. Even if you aren't really into geeky stories I recommend you read this.
    

Demian*
Oh Lordy, Plegaleggole
Tue 2nd Dec '08 8:32AM
4678 Posts
Demian's Avatar
Member Since
7th Apr '03
It's a fascinating story, however there are so many obvious exaggerations that I wonder how much of it is actually true. Like the Microsoft security consultant who can't afford his own bed, or the mile long trek and series of authentication codes to ensure a phone call is secure enough to be told 'come to Seattle' with no reason given. And suddenly a window of opportunity which only allegedly opens once every few days for an instant seems to vanish once the odds needed to get in rise to 1 in 65k to 1 in 4 billion.

So, is the DNSSEC thing actually going to be implemented?
  

Epicure_mammon
I'm not crazy cause I take the RIGHT pills :)
Tue 2nd Dec '08 12:34PM
140 Posts
Epicure_mammon's Avatar
Member Since
12th Dec '06
There are several major security flaws in the internet as it currently stands. Mostly because when it was originally implemented it was, effectively, a group of mates with connectivity between them. To give you an idea, the internet in 1977 looked like this:

http://upload.wikimedia.org/wikipedia/en/6/6e/Arpnet-map-march-1977.png

Each of those boxes is a computer!

This is what it looks like now:

http://upload.wikimedia.org/wikipedia/commons/d/d2/Internet_map_1024.jpg

And it is an amazing achievement on behalf of the protocol designers that it works at all!

DNSSEC, and its partner, BGPSEC which fixes another major, but less well known, security vulnerability are both extremely difficult things to completely roll out. The only realistic way it can be done is for the DNS/BGP providers to say "we have the facility - if you don't use it we can't guarantee that you won't get cracked"

The journalism in the article is melodramatic, but the impact which he implies is about right - the internet is, potentially, completely broken

On other strange internet developments - why is it called "Web 2.0" and not "Web 2" is someone planning a patch release to fix the bugs?
  

General*
Windows Bob - the best!
Tue 2nd Dec '08 1:04PM
4213 Posts
General's Avatar
Member Since
7th Apr '03


Demian was bold enough to comment:
It's a fascinating story, however there are so many obvious exaggerations that I wonder how much of it is actually true.



I think it's written in a dramatic style but I don't think it is factually incorrect. I don't think Wired would be able to get away with that on a lead piece.

i think the security reaction was pretty proportional being able to mess with the DNS entries for google or verisign could have ireperably damaged the reputation of the internet.
Have a read of the freely available "The Hacker Crackdown" for some similar crazyness.

Also available as a serialised audio book for free: http://craphound.com/?p=1854
    

Amanshu*
Giggity Giggity goo
Wed 3rd Dec '08 12:50PM
2708 Posts
Amanshu's Avatar
Member Since
25th Aug '04
There's also a straight eText of the Hacker's Crackdown available at project gutenberg: http://www.gutenberg.org/etext/101

And Demian, the string of codes at the start of the 'come to Seattle' phonecall weren't for that message, they were for any future communication. Yes, they could have just said 'Come to Seattle' and then traded codes there, but the whole jist of the phonecall was to make sure that the only people listening to the presentation were the people who they wanted to listen to the presentation...

Equally a traditional cache-poisoning attack had a 1 in 65536 chance every few days, but the Kaminsky attack gets around it. What you basically do is query a host for a non-existent page. It tries to look it up through DNS and you respond. If you've got the right 1 in 65536 chance code then bingo! you can poison whatever you want to on that server. If you've got it wrong then no worries - try again with a different code and a different non-existent page. At this point it's just a matter of running through the permutations, and on a decent machine that doesn't take very long...
   

Demian*
Oh Lordy, Plegaleggole
Wed 3rd Dec '08 2:34PM
4678 Posts
Demian's Avatar
Member Since
7th Apr '03
Okay, I withdraw my fallacious pedantry

And Mr Mammon, that second picture is now my new wallpaper, thanks!
  

Malcolm*
My ape goosed a Bishop. Who are you?
Sat 6th Dec '08 9:35AM
1673 Posts
Malcolm's Avatar
Member Since
3rd Jun '03
Excellent story- thanks General! I like it when basically technical articles are written with a bit of pizzazz.
   

Bookmark With: Post to DiggDigg   Post to DeliciousDelicious   Post to RedditReddit   Post to FacebookFacebook   Post to StumbleuponStumbleupon
Return To Techy Corner

Time Zone is Greenwich Mean Time You are Visible
Html Tags are On Smileys are On
Anonymous Posting is Not AllowedAmanshu is The Daddy