You are viewing a single comment's thread.

view the rest of the comments →

0
1

[–] Voatify 0 points 1 point (+1|-0) ago 

What parts of the Internet did l0pht warn about being insecure? Are these the same parts that are still insecure/getting less secure? The most insecure parts of the Internet require massive resources to attack, and even those have been steadily improved for years and years, I don't see how anything relevant in 1998 will still be a problem unless the ones you're afraid of are core Internet players like the USA or one of the major Internet DNS players.

0
2

[–] dijit 0 points 2 points (+2|-0) ago 

Few problems, for instance DNS is UDP, UDP doesn't require a handshake.

So, you can craft UDP packets with different "reply to" headers, like the mail system in the real world.

This means that you can do DNS amplification attacks, where you have 2-5 machines which all spoof packets and make a large number of DNS servers send 50x the size of a packet to a single host. (which is how cloudflare got hit with a 300GB/s DDoS).

l0pht also mentioned SQLi, a method of accessing a database behind a website (which has been mostly fixed over the course of a decade) and buffer overflows (which is still very much a cat/mouse game).

most protocols speak in an unencrypted and unsigned manner, for instance HTTP can be watched with little or no effort, all you need is the right switch (which is anything over $1,000, trust me, you ISP has much better than this) and you can basically just watch anyone.

the internet was designed with the idea that nobody is malicious.. every portion of security we have is due to the flexibility of the systems in the first place.. it's turtles all the way down.

that said, I'm glad they didn't listen to l0pht.. pretty much every "secure" protocol from 1998 is broken completely, every ciphersuite.. xD

0
1

[–] Voatify 0 points 1 point (+1|-0) ago 

Do you agree with my statement that every one of the points you mention has been steadily improving over the years, and are as secure as they've ever been? Ref: DNSSEC etc.

What I don't see is what l0pht supposedly warned about ~20 years ago that haven't been radically improved over the years. As far as I know, the Internet has never been more secure, and this smells terribly of FUD.

0
0

[–] Sire [S] ago 

The article didn't specify any flaws in particular, except the general business culture surrounding online features. It seems businesses tend to suffer from "featurism", where features are implemented in online environments without vigorously solving security issues.

0
0

[–] Voatify ago 

Are you talking about the Internet, meaning the core infrastructure, the IETF standards, the low level protocols that make up the global network of computer systems, or are you talking about home client software and private business software connected to that network?

Calling something like PayPal, Ebay, SOE, Flash or Firefox "the Internet" is in my opinion wrong and a disservice to the discussion. "The Internet", being the underlying networking protocols, the structure and deployment of the organizations and their servers relevant to the core Internet components (root DNS, ICANN etc) is as far as I know as secure as it has ever been.