May/June 2018 issue of acmqueue The May/June issue of acmqueue is out now



Web Security

  Download PDF version of this article PDF

ITEM not available

acmqueue

Originally published in Queue vol. 12, no. 8
see this item in the ACM Digital Library


Tweet



Related:

Paul Vixie - Go Static or Go Home
In the end, dynamic systems are simply less secure.


Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk - Security Collapse in the HTTPS Market
Assessing legal and technical solutions to secure HTTPS


Ben Laurie - Certificate Transparency
Public, verifiable, append-only logs


Christoph Kern - Securing the Tangled Web
Preventing script injection vulnerabilities through software design



Comments

(newest first)

Mike Schwartz | Tue, 14 Jul 2015 20:20:05 UTC

POSSIBLE TYPO

This is in regard to (the word "connectively" in) the paragraph [at http://queue.acm.org/detail.cfm?id=2668966 ] that says

(((( Events took an unexpected turn when Pakistan Telecoms bogus BGP announcement leaked out of Pakistan. PCCW, a large IP that provides global network connectively to Pakistan Telecom, received the bogus routing announcement, selected the bogus route, and announced it to its own neighbors. Because the bogus route was for a longer prefix (/24) than the legitimate route (/22), longest-prefix-match routing meant the bogus route was always more preferred by the legitimate route, and within minutes, at least two-thirds of the Internet was sending its YouTube traffic to Pakistan.2 The incident was eventually resolved via manual intervention of network operators at YouTube, PCCW, and other ISPs worldwide. )))).

Before I even finish typing this, my [Chrome] browser is already providing a wiggly red under-lining, for the word "connectively" -- as well as for some acronyms, and other strings that are (apparently) absent from its "spell-check" dictionary.

The word "connectively" is probably wrong, and my guess is that it should be "connectivity" -- which is a word often preceded by the modifier "network".

Just "FYI".

Mike Schwartz [email protected] Glendale AZ


Russ White | Fri, 12 Sep 2014 13:33:57 UTC

BGPSEC won't solve the problems given here -- it doesn't actually defend against leaks. BGPSEC tries to encode transitive trust and policy into the AS Path, both of which are very poor ideas. To make matter worse, BGPSEC is completely and totally undeployable in the real world (unless, of course, you intend to replace every router in the Internet to get security), and actually exposes new security holes (such as exposing not only which AS signed the update, but the actual router that signed the update).

There are better ideas out there, but the IETF community isn't listening. Once governments got involved and "chose a solution," technical discussion was shut down.


Leave this field empty

Post a Comment:







© 2018 ACM, Inc. All Rights Reserved.