Ethernet security leak discovered

Mitigating factors The most significant mitigating factor is that the attacker or snooper must be on the same Ethernet network as the target, so it's generally going to be internal attackers that can exploit this flaw. Another mitigating factor -- at least in terms of the damage that may have occurred thus far -- is that it's doubtful that many hackers have known about this flaw and therefore haven't exploited it until now. Of course, it's sad to say, but another major mitigating factor may be that most networks have much bigger and easier-to-exploit vulnerabilities for hackers to target. Fix CERT recommends encrypting all network traffic but warns that this still won't help in situations where kernel memory is used to pad out the packets. Some vendors have determined that their products aren't affected by this threat, including IBM, Microsoft, and Cisco, but you should check the CERT bulletin for the latest information on which products are safe. If a product isn't listed, contact the vendor to see if it has an update available. Who's to blame? This situation demonstrates that even the most innocuous and seemingly benign protocols that have been around for years -- Ethernet was developed at PARC in the early 70s and was commercialized in 1980 -- may have holes in them. The fault isn't actually due to a flaw with the Ethernet standard developed by IEEE; rather, it is due to a loophole. The creators of the standard tried to keep things as simple as possible, so they just specified that the empty spaces in a packet be filled out with nulls. However, something fell between the cracks of the two relevant RFCs, 894 and 1042, controlling IP datagram transmission, and it was not made clear just who was responsible for padding the packets or where it would be done. Final word This is the sort of problem that can go on for years without being discovered (obviously). But once disclosed, it propels hackers to start trolling for the goldmine of sensitive data they hope is there. A few top-level hackers may have known about this and been quietly exploiting the vulnerability for various purposes, but now it's public knowledge. When I first read about this vulnerability on CERT, I thought this was a minor problem because, after all, it is mostly a Layer 2 event. But after looking into it a bit further, I believe this is a serious vulnerability, mostly because it is probably widespread and there is simply no way to know what data is being exposed to unauthorized individuals. Also, many of us, including myself, are prone to forget that study after study shows that the biggest security threats to networks come from insiders, and this is the kind of threat that insiders can exploit easily.

For a weekly round-up of the enterprise IT news, sign up for the Enterpise newsletter.

Tell us what you think in the Enterprise Mailroom.

« Previous
1
2
Next »

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

ike fuelband is great for every healthminded person ! to work out! theres this website called textme4free.com that you can use to text anywhere in...

7 hours ago by bordero on Nike's FuelBand wristband gamifies exercise

> I'm told it's somewhat annoying when people have their Macs stolen > and Apple stores treat the thief as the owner, but there you go. Ouch,...

9 hours ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks

@kevinmchapman. OK, I acknowledge that 'most' was a gratuitous throwaway comment as an afterthought and too presumptuous. As to proof, as you...

14 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint

@BrownieBoy > Works really well for thieves.... >> Nice attempt to deflect the argument by tossing in a point that's totally >> irrelevant, even...

15 hours ago by Jack Schofield on AMD Ultrathins to challenge Intel Ultrabooks

fantastic that the so called piracy bills have been withdrawn. however, these anti-democracy supporters are still in the shadows so lets be alert...

15 hours ago by raskolnikof on SOPA, Protect IP support wavers in face of online protest

Please God no; teach them anything you like - thinking rationally, the uses and misuses of data, what data is and what it's not - but leave the...

18 hours ago by Tony Douglas via Facebook on Kids are the future. Teach ’em to code.

@Jack, > Works really well for thieves.... Nice attempt to deflect the argument by tossing in a point that's totally irrelevant, even it were...

1 day ago by BrownieBoy on AMD Ultrathins to challenge Intel Ultrabooks

Make that 13 people now - I got refused today at Manchester airport. I thought I was up to date on this legislation - I knew of the EU ruling from...

1 day ago by bootlegger on UK airport body scans will not be opt out

Don't forget to check out apps like GoodReader or SlideShark either, they're indispensible for people on the go in presentation situations. Best...

2 days ago by tinycg on Four top iPad apps for people on the move

Well it seems there is something a number of us agree on. Why is the Ubuntu Unity launcher so ugly? I thought perhaps it was something to do with...

2 days ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint

Duplicate comments are not made intentionally. Its very good to know that now you are keeping check on this problem because sometimes a commenter...

2 days ago by Freebies202 on Microsoft fixes blog comments, speeds up blogs with open source

"the very significant number of users" and "many (most) of us" - you have no evidence for these statements. It is a fact that most users are saying...

2 days ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint