Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Yet another critical old 'black' hat web flaw re-discovered

So, the word is out. Now that many of the old spooks-only tricks to eavesdrop on unsuspecting banks, governments and consumers are out of the bag it might be time to have a moment of panic.

The border gateway protocol (BGP) which routes traffic between telco's and ISP's is somewhat flawed. This has been known about since the inception of the internet, but until now it remained fairly 'secret'. Not any more. The information was released at a recent conference and of course that has opened the floodgates on similar weaknesses inherent in the internet.The guys who blabbed can't be blamed because the Pakisatani's inadvertently exploited it recently when they tried to block You-tube and sent everyone to a black hole in Pakistan.

It is clear that the internet is not safe, it's not secure and it's never going to be private at this rate. The BGP protocol isn't 'broken', it was just never fixed. The fundamental building blocks of the internet cannot perform what we require.

Along with the DNS flaw, knowledge of the BGP system can give anyone with the knowhow access to all your internet traffic. This might mean it's ok if your traffic is encrypted, but what do you encrypt it with? Many governments make ISP's block encrypted traffic so that users are forced to use low quality encryption or none at all so that they can eavesdrop on them.

The BGP issue lets you eavesdrop on anything you wish, and only if the encryption scheme used does not rely on communication with a third party and it is very strong, is your communication likely to be private. If you add the DNS and the BGP together then probably nothing is really secure.

The internet is proving to be less than ideal as a transport medium for anyone wanting security or privacy.

There is no quick fix. There will be a 'quick fix' like the DNS fix-that-wasn't, but basically the whole architecture is not up to what we expect it to do.

Stand by to see some serious hacking.

China has recently been on the receiving end. Perhaps we'll see social activist hackers diverting whole countries to their own little website to get the message that country might not want put out there. Don't for a minute assume that there won't be some serious exploitation of what was once only exploited by the spooks and a few 'black/grey/white' hackers.

An old Chinese curse was 'May you live in interesting times'.

We certainly do.

 

3483

Channels

Security

Group

Information Security
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more