Forwarded from: Arrigo Triulzi <arrigo@sevenseas.org>
InfoSec News scripsit:
http://news.com.com/16+candles+for+first+Internet+worm/2100-7349_3-5438291.html
[...]
|"Security is being designed in the next TCP/IP version (IPV6), so the
|IP address will contain a knowledge and expectation of security. The
|current version IPv4 was built with a much more open world in mind.
|Security was not part of the initial design," he said. "In 16 years'
|time, the potential for something to spread widely and rapidly across
|everything will be diminished just by the underlying security."
I don't know what this guy has been smoking but it must have been
good... how exactly does Richmond define "knowledge and expectation of
security" and in the IP _address_ for that matter? OK, so IPsec ESP
and AH are mandatory _option_ headers in IPv6. That doesn't exactly
mean much in terms of security. Of course coming from an anti-virus
company he doesn't really need to understand how the network works,
Windows "hackme" components suffice.
|However, NetIQ's Dircks said that IPv6 is a very long-term project,
|and because it will require so much hardware to be replaced, it will
|be a very slow upgrade cycle.
Fortunately this chap manages to clear it all up - I can see all these
machines running TCP/IP hard-coded in their ROM (not EEPROMs of
course). Had he argued operating system upgrades I would have agreed
but hardware.... he must be smoking something even better.
How will IPv6 ever be deployed when FUD is all you ever hear? Not to
mention the remarkable expectations of security they are implying: "No
need to secure your software, the IPv6 address with take care of it".
At least Dircks partially saves his reputation by talking about
building security into the architecture in the last paragraph.
Arrigo
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
