You are reading How to pwn 98% of the net. You can leave a comment or trackback this post.
Posted on August 27th, 2008 by Tim.
Categories: General/Misc..
I’m a 1337 hax0r. Don’t believe me? I’ll prove it.
Step 1: Rent some space in a carrier hotel
Step 2: Steal an IP using BGP (Border Gateway Protocol). This is not an exploit! This is how BGP is MEANT to work!
Step 3: Make sure the IP you steal is of a well known update server (for instance: java.sun.com)
Step 4: Spoof an upgrade package with a trojan of your own design.
Step 5: …
Step 6: Profit!
This is a blended attack that would clearly be EXTREMELY successful. This exploit is independent of operating system. The reason this attack works is because many software developers make the faulty assumption that the IP addreses and domain names can be trusted. Not to pick on Sun, they’re not the only ones to get this wrong. Apple, Sun, and Winzip are just a few of the larger companies that have products vulnerable to this exploit. There are likely hundreds of smaller companies vulnerable as well.
The fix is really not difficult. Don’t trust an untrusted protocol. Use SSL. Verify those certificates. And for the love of all that is holy, use certificate signing on update packages!
Oh, and who actually gets this right? Microsoft. Guess SDL works after all.
1 comment.
Comment on August 27th, 2008.
Simpsons did it!
Comments can contain some xhtml. Names and emails are required (emails aren't displayed), url's are optional.