[Kictanet] Fw: [alac] Big holes in net's heart revealed

alice at apc.org alice at apc.org
Mon May 1 12:10:10 EAT 2006

Big holes in net's heart revealed
> By Mark Ward
> Technology Correspondent, BBC News website
> Simple attacks could let malicious hackers take over more than 
> one-third of the net's sites, reveals research.
> The finding was uncovered by researchers who analysed how the net's 
> addressing system works.
> They also found that if the simple attacks were combined with 
> so-called denial-of-service attacks, 85% of the net becomes 
> vulnerable to take-over.
> The researchers recommended big changes to the net's addressing 
> system to tackle the vulnerability at its heart.
> Site seizing
> When you visit a website, such as news.bbc.co.uk, your computer often 
> asks one of the net's address books, or domain name servers, for 
> information about where that site resides.
> But the number of computers that have to be consulted to find the 
> computers where that site is located often makes sites vulnerable to 
> attack by vandals and criminals, found Assistant Professor Emin Gun 
> Sirer and Venugopalan Ramasubramanian from the Department of Computer 
> Science at Cornell University.
> Professor Sirer told the BBC News website that, on average, 46 
> computers holding different information about the components of net 
> addresses are consulted to find out where each dotcom site is 
> actually hosted.
> But, he said, this chain of dependencies between the computers that 
> look after the different parts of net addresses creates all kinds of 
> vulnerabilities that clever hackers could easily exploit.
> "The growth of the internet has caused these dependencies to emerge," 
> said Professor Sirer. "Instead of having to compromise one you can 
> compromise any one of the three dozen."
> All the information gathered and analysed by the researchers has to 
> be publicly available to keep the net's addressing system working. 
> The research analysed information about almost 600,000 computers.
> The research also revealed that 17% of the servers that host the 
> net's address books are vulnerable to attack via widely known 
> exploits.
> "Because of these dependencies about one-third of the net's names are 
> trivially compromisable by script kiddies," he said.
> One site vulnerable in this way was run by the FBI, said Professor. 
> Sirer. Although the five computers that act as the first reference 
> point for the fbi.gov domain were secure, one of the five that 
> connect to these has yet to install a patch for a well-known bug.
> That computer was fixed after the Cornell team reported its findings 
> to the FBI, but hundreds of thousands of sites suffer from similar 
> problems.
> The most vulnerable net domain found by the survey was that of the 
> Roman Catholic Church in the Ukraine.
> Criminals such as phishing gangs would be interested in re-directing 
> traffic from well-known sites so they can grab key login and personal 
> details that would help them de-fraud web users.
> [snip]
> The research had exposed a big problem that net administrators need 
> to tackle, said Professor Sirer. Thought should be given to using a 
> secure version of the system used to pass around information about 
> net addresses.
> "The domain name system has been incredibly successful so far but it 
> is showing its age," he said. "We need to re-think the entire naming 
> infrastructure of the internet."
> The hierarchical structure of the net's address books could be 
> replaced with a more resilient system, he said, that uses a 
> peer-to-peer type structure that would be harder to compromise.
> Story from BBC NEWS:
> <http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/4954208.stm>
> Published: 2006/04/28 13:58:07 GMT

More information about the KICTANet mailing list