Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."
I read the whole article, Very interesting read - ISP’s\ router manufactures are just turning their heads and all of us are sitting on the edge of a knife until something is done about it.
uck convincing ISPs and router vendors to take steps to secure BGP.
“We haven’t seen the attacks, and so a lot of times people don’t start working on things and trying to fix them until they get attacked,” Maughan said. “(But) the YouTube (case) is the perfect example of an attack where somebody could have done much worse than what they did.”
ISPs, he said, have been holding their breath, “hoping that people don’t discover (this) and exploit it.”
These kinds of attack vectors have existed since the beginning of the internet.
It really pisses me off that everyone is waiting for an incident before they start fixing the millions of exploitable issues the internet has…
(:AGY)
I’m glad my ISP is taking a bit more care and has some of these attacks blocked off(but as is explained in the text even them i’m only safe within the confines of my isp’s routers).
