The new FREAK attack complication
- Thread starter HammerStone
- Start date
-
Welcome to Christian Forums, a Christian Forum that recognizes that all Christians are a work in progress.
You will need to register to be able to join in fellowship with Christians all over the world.
We hope to see you as a part of our community soon and God Bless!
I find their analogy a tad overly dramatic/exaggerated. It also lacks a little detail. How do they Open Source hosts compare overall to more secured hosts like MS, Oracle etc...?
I don't think they did a comparison like that Stan. From the article it just sounds like they did it on all the IPv4 hosts in the world. I'm not sure what analogy you're referring to, but it's known in the security world that this happens all the time. It probably is that the manufacturer is that lazy. I know that many encryption keys are actually made out of the mac address of the router (SOHO and Enterprise) since those are unique to that piece of hardware (stupid, I know..). You can use tools like Zmap, Zenmap, Nmap, and Shodan to perform all kinds of internet based research like that.
I'm not sure the adoption rate for IPv6 is very high based on what I see all of the time. Occam's Razor in IT and all of that.
This is how I understand it:
You have two options for running a network at the present time: single stack, or dual stack.
You have an IPv4 network (single stack), or an IPv6 network (also single stack), or run both of them at the same time between devices running either one (dual stack).
I haven't heard of many companies adopting IPv6 quite yet, but that's probably because unless you're a multimillion dollar operation, you probably aren't going to benefit at all from the extra address space that IPv6 gives you.
As for the negatives, for the current administrator, they would need to understand the technology behind nat64 (nat 6 -to- 4) and dns64. These technologies allow your ipv4 devices talk directly to your ipv6 device. I have a pdf from cisco here if you're curious. So right now it's up to the company to implement it.
Personally if I were an administrator, I wouldn't implement it unless I had to because it's just one more hoop to jump through that could go wrong. So I'd rather focus efforts elsewhere and research it now, for the future. Especially since they've been saying that IPv6 "is coming" since like 10-15 years ago...
I don't personally think we'll see any global adoption of IPv6 until the Internet of Things (IoT) comes into play around 2020. Then when everything is getting an address, we'll have 100x the amount of connected devices we have now. Everything from toasters to electric candles.
Here's the Cisco PDF link. It's only 2 pages.
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-branch-wan/at_a_glance_c45-711061.pdf
One other thing I forgot to mention, check your NIC settings, chances are you'll be pulling both an ipv4 and 6 by default (dual stack).
You have two options for running a network at the present time: single stack, or dual stack.
You have an IPv4 network (single stack), or an IPv6 network (also single stack), or run both of them at the same time between devices running either one (dual stack).
I haven't heard of many companies adopting IPv6 quite yet, but that's probably because unless you're a multimillion dollar operation, you probably aren't going to benefit at all from the extra address space that IPv6 gives you.
As for the negatives, for the current administrator, they would need to understand the technology behind nat64 (nat 6 -to- 4) and dns64. These technologies allow your ipv4 devices talk directly to your ipv6 device. I have a pdf from cisco here if you're curious. So right now it's up to the company to implement it.
Personally if I were an administrator, I wouldn't implement it unless I had to because it's just one more hoop to jump through that could go wrong. So I'd rather focus efforts elsewhere and research it now, for the future. Especially since they've been saying that IPv6 "is coming" since like 10-15 years ago...
I don't personally think we'll see any global adoption of IPv6 until the Internet of Things (IoT) comes into play around 2020. Then when everything is getting an address, we'll have 100x the amount of connected devices we have now. Everything from toasters to electric candles.
Here's the Cisco PDF link. It's only 2 pages.
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-branch-wan/at_a_glance_c45-711061.pdf
One other thing I forgot to mention, check your NIC settings, chances are you'll be pulling both an ipv4 and 6 by default (dual stack).
My ISP uses IPV6 into the router and IPV4 is used on my LAN. I don't know how really secure my router is but along with the security software my ISP provides, I have had NO problems.
This vulnerability really only applies (I believe) if you're accepting remote connections into your network. At that, you'd need to be using something that will accept an RSA key (like OpenVPN) for it to be forced to accept a weaker encryption. The key stays the same, which is why this works, but the ability to crack it gets easier when forced into 512-bit. Chances are you're not at your house. Unless it's an enterprise network with a web server.
Okay so then unless you're remotely accessing things in your home from an appliance like OpenVPN which uses SSL and an RSA key, your home network isn't vulnerable. Just as a side note, both IPv4 and 6 connections would still be vulnerable to this attack.
