How Long Will We Wait to Address Fundamental Flaws?
People have known about a fundamental flaw in a major Internet protocol ten years or so and it still isn't fixed so a couple of researchers decided to demonstrate. Anton "Tony" Kapela and Alex Pilosov demonstrate the design flaw (not a bug, this can't be patched) in the Border Gateway Protocol (BGP) at DefCon. The exploit tricks routers into redirecting traffic to an eavesdropper's network.
Wired reports on the story and also quotes from Peiter "Mudge" Zatko who pointed out the flaw about 10 years ago.
The bottom line is the Internet is too damn trusting and we need to redesign some core protocols. Yesterday I posted on the stalemate between public and private sector about who has responsibility to fix this. I suspect both business and government will follow engineers and network vendors who design an better set of protocols and figure out how to move them into production without disrupting current operations. This will require a market incentive which will come when businesses start losing more money to cybercrime than it will cost them to upgrade network protocols.
If there is any sliver of a silver lining in the increase in cybercrime and cyberwarfare it may be that it is the only incentive large enough to motivate needed changes.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
