This isn't the first time that something like this has happened, and as this Wired article points out, it probably won't be the last.
For more details on what happened and its implications, see last weeks Security Now podcast at about 1 hour 10 minutes into the podcast.BGP isn't the only historic internet system with trust issues. Another fundamental protocol, known as the Domain Name System, has dealt with similar issues. If BGP is the internet's navigational system, DNS is its address book. DNS hijacking has become a major security issue around the world, and the Department of Homeland Security even issued an emergency directive in January aimed at defending DNS accounts.As with DNS, though, concerns about BGP date back decades. In 1998, for example, a group of hackers from the L0pht collective famously testified before Congress that they could take down the internet in 30 minutes by attacking BGP. Ten years later, Kim Zetter assessed the state of BGP insecurity in WIRED, writing, "Government and industry officials have known about the problem for more than a decade and yet have made little progress in addressing it, despite the national security implications."
No comments:
Post a Comment