Are you talking about the Internet, meaning the core infrastructure, the IETF standards, the low level protocols that make up the global network of computer systems, or are you talking about home client software and private business software connected to that network?
Calling something like PayPal, Ebay, SOE, Flash or Firefox "the Internet" is in my opinion wrong and a disservice to the discussion. "The Internet", being the underlying networking protocols, the structure and deployment of the organizations and their servers relevant to the core Internet components (root DNS, ICANN etc) is as far as I know as secure as it has ever been.
[–] dijit 0 points 2 points 2 points (+2|-0) ago
Few problems, for instance DNS is UDP, UDP doesn't require a handshake.
So, you can craft UDP packets with different "reply to" headers, like the mail system in the real world.
This means that you can do DNS amplification attacks, where you have 2-5 machines which all spoof packets and make a large number of DNS servers send 50x the size of a packet to a single host. (which is how cloudflare got hit with a 300GB/s DDoS).
l0pht also mentioned SQLi, a method of accessing a database behind a website (which has been mostly fixed over the course of a decade) and buffer overflows (which is still very much a cat/mouse game).
most protocols speak in an unencrypted and unsigned manner, for instance HTTP can be watched with little or no effort, all you need is the right switch (which is anything over $1,000, trust me, you ISP has much better than this) and you can basically just watch anyone.
the internet was designed with the idea that nobody is malicious.. every portion of security we have is due to the flexibility of the systems in the first place.. it's turtles all the way down.
that said, I'm glad they didn't listen to l0pht.. pretty much every "secure" protocol from 1998 is broken completely, every ciphersuite.. xD
[–] Voatify 0 points 1 point 1 point (+1|-0) ago
Do you agree with my statement that every one of the points you mention has been steadily improving over the years, and are as secure as they've ever been? Ref: DNSSEC etc.
What I don't see is what l0pht supposedly warned about ~20 years ago that haven't been radically improved over the years. As far as I know, the Internet has never been more secure, and this smells terribly of FUD.
[–] dijit 0 points 1 point 1 point (+1|-0) ago (edited ago)
I agree with your statement completely, I'd go so far as to say it's good that we did nothing at that time (open protocol wise).
The problems with memory management are becoming less and less now that compute is there and high level languages are making up more and more popular software as time goes on.
and having "insecure but flexible" protocols allows us to craft better protocols on top of existing infrastructure and hardware.
but we still have things to fix, DNSSEC doesn't stop UDP amplification attacks, even if it stopped DNS amplification there's a whole mess of other things which can reply with large UDP packets. (Like NTP)