Quantum direct communication: secrecy without key distribution

Jim Youll jim at cr-labs.com
Sat Dec 6 10:25:46 EST 2008


On Dec 5, 2008, at 7:06 PM, dan at geer.org wrote:

>> well-placed but UNCORROBORATED informant sez that
> day before yesterday (3 dec):
>
> 5 hours of CheckFree traffic redirected and likely
> captured in full
>
> half of IP addresses for CheckFree left in place, half
> re-directed to Ukraine, i.e., partial MITM entirely
> at the routing protocol layer
>
> [the important part] it appears that in the last few hours
> a method has been ?found/?released that makes possible the
> MITM completely transparent with all traffic forwarded on
> as if there was just an extra hop in the path; MITM via an
> effective attack on routing protocols, per se, would be no joke


The cited articles discuss a much simpler DNS revision with stolen  
Netsol credentials on Dec 2., apparently confirmed via their logs.
How sure are you about this informant? Does the person have the  
expertise to say what was said, or was the Dec 2 story reinterpreted  
into the Dec 3 story?
It's too big an issue to leave floating.


[http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html 
]:

> It appears hackers were able to hijack the company's Web sites by  
> stealing the user name and password needed to make account changes  
> at the Web site of Network Solutions, CheckFree's domain registrar.  
> Susan Wade, a spokeswoman for the Herndon, Va., based registrar,  
> said that at around 12:30 a.m. Dec. 2, someone logged in using the  
> company's credentials and changed the address of CheckFree's  
> authoritative domain name system (DNS) servers to point CheckFree  
> site visitors to the Internet address in the Ukraine.


- jim

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list