Re: [Dailydave] tubes clogged

[Petja van der Lek <[EMAIL PROTECTED]>]

Drat! A JPEG image. We all know that censored documents are *supposed* to be created using the Acrobat mark up tool, right? It's not fair.

But, guesses are free, so here's mine.

"...their research required massive computational resources that had to be utilized within a specific window of time": indicates some form of brute-force cryptokey cracking.

"a practical attack that affects the security of all Internet users": crypto technology in use by *all* Internet users would be SSL. So we'd likely be talking about HTTPS or possibly some (vendor specific) SSL-VPN implementation.

"The main result of our proof of concept attack is that we are in the possession of...": indicates a disclosure vulnerability, rather than anything DoS-like.

"Their research combined a known weakness in one area with a massive resource investment in another...": more clues, leading to the conclusion below.

So, I'd say we're looking at some sort of transparent MITM SSL snooping attack. Traffic would be intercepted using your garden-variety BGP trickery, and some brute-force cracking is used to exploit an OpenSSH flaw or a vendor-specific SSL-VPN implementation bug. As proof, Alex and Jacob will be putting John Chambers' emails on display.

Any points scored?

Cheers,
Lek.

H D Moore wrote:

On Monday 29 December 2008, Alexander Sotirov wrote:
  

I hereby grant the security community permission to freely speculate
about the details of our latest research:

http://events.ccc.de/congress/2008/Fahrplan/track/Hacking/3023.en.html
    

Less speculation and more justification for the secrecy:
http://www.breakingpointsystems.com/community/

-HD
_______________________________________________
Dailydave mailing list
[EMAIL PROTECTED]
http://lists.immunitysec.com/mailman/listinfo/dailydave

  

_______________________________________________
Dailydave mailing list
[EMAIL PROTECTED]
http://lists.immunitysec.com/mailman/listinfo/dailydave