
Revealed: The Internet's Biggest Security Hole  - nickb
http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
======
tptacek
Huh? There are tons of operational security measures in place to protect BGP
peering sessions. ISPs filter TCP to their routers. BGP itself has been
aggressively filtered at the AS/prefix level since the mid 90's. If there's no
new vulnerability here, how are they choosing arbitrary prefixes to redirect?

If all they're saying is that Verizon can inject arbitrary prefixes into BGP,
what's the news there? That's how routing works today. The NSA isn't capturing
everyone's traffic in a room in San Francisco --- AT&T is. The NSA is just a
customer. Didn't we already assume telcos could do this? Presumably, it's the
rule of law that protects us from this attack, not a new PKI.

------
time_management
::patiently waits for "hole in the Internet" to become a 4chan meme::

