Our monthly free webcast series rolls on with another talk about a major vulnerability. This webcast is entitled "Trust Doesn't Scale: Practical Hijacking On the World's Largest Network." The webcast is based on a remarkable presentation by Tony Kapela and Alexander Pilosov at the DEFCON security conference this August. To illustrate their BGP-based traffic-hijacking techniques, they intercepted all traffic from the notoriously hostile conference network and ran it through their servers. The process was almost completely invisible to DEFCON attendees.
Their demonstration took advantage of a trust issue with Border Gateway Protocol (BGP), and it appears to be part of a larger security trend of major issues emerging in the bedrock protocols that support the Internet. Dan Kaminsky's DNS vulnerability relies on trust issues in DNS. In recent years major questions have been raised about SNMP and ICMP and at this writing there's word of a potentially major TCP exploit. Vulnerabilities like these raise significant questions about the business of security, the limits of patching, and the difficulties involved in securing a trust-based system.
Podden och tillhörande omslagsbild på den här sidan tillhör Black Hat Briefings. Innehållet i podden är skapat av Black Hat Briefings och inte av, eller tillsammans med, Poddtoppen.
