Tuesday, November 16, 2010

Who needs small cyberattacks when you can take it all?

I saw this interesting article today. Its not surprising that a hijack like this is possible given how internet routing works, and the incidents of hijacked traffic in the past (intentional or accidental).

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249

The article talks about what type of information could be seen when routing all the traffic through your own country, but what if this type of hijack was combined with a software update attack similar to automatic software update hijacker tool discussed in this talk.

http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-itzik_kotler-tomer_bitton-day_of_updates.pdf

So if we grab a large portion of the Internet's traffic, hijack software updates for multiple vendors, how many systems and devices did we just pwn?

No comments:

Post a Comment