RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > BGP Exploit Is Big Uh-Oh For Internet
Search:
[ insider_reports_insider ]

BGP Exploit Is Big Uh-Oh For Internet



Jason Lee Miller
Staff Writer
2008-08-27

SecurityProNews: Insider Reports Insider Reports RSS Feed


As far as possible security exploits this sounds pretty bad. Well, not just "possible" and not just "bad." A demonstrated exploit of the internet routing protocol BGP (Border Gateway Protocol) is potentially catastrophic to the Internet.

BGP Exploit Is Big Uh-Oh For Internet
BGP Exploit Is Big Uh-Oh For Internet

As in, the Internet, not just a website or one or a handful of servers.

Wired's coverage of the bad news Tony Kapela and Alex Pilosov dropped at the DefCon gathering recently provided this quote:

"Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"

The type of hijack he's talking about is an IP hijack allowing a third party to eavesdrop on or intercept data. For over a decade security experts have warned of a possible exploit via BGP, which runs on a sort of honor system around since the Seventies. Exploiting basically entails fooling a computer into sending information to the wrong place-like sending YouTube traffic to Pakistan.

Oops.

Why has nothing been done about it already? Two things: Nobody's ever demonstrated what these two young hackers have demonstrated; the other thing is money. According to the article, the vulnerability has been known by ISPs and government intelligence agencies for some time but upgrading routers on the entire network is too labor and cost intensive to justify fixing for a supposed hypothetical.

Well, not so hypothetical anymore and it sounds like ISPs might want to think about getting around to it. Then again, it does make it easier for the NSA to snoop on all that Internet traffic, doesn't it? Unfortunately, gifted non-governmental hackers could do the same, or even crash the whole the machine.


About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds