Tags

Right now I am writing from a conference about ipv6, the next generation of the internet. Around 100 people are attending, they are the industry’s leadning experts in security and engineering on networks and telecommunications.
What strikes me is the many, many security flaws that are present in telecom and network equipment in networks right now.
It is because specifications were initially not hardened for security but for research and development. Then vendors inplemented these specs resulting in a broken security model.
Then the vendors blame the standard . Hackers blame the vendors.

I would blame the design specs being not designed for security from bottom up since the beginning.

My advice is that you never connect to wi-fi when you are travelling with your mobile device.
Always connect to the internet via cellular network (3G/GPRS) and not the wi-fi of any cafe.
There is less likely the mobile operator network is hacked and very likely that a local wi-fi is compromised.

One example: an attacker can give arbitrary Router Announce (RA) to any windows machine giving it millions of ipv6 addresses. By specificaction, the windows box must accept any ipv6 address it is being given and it doesnt authenticate the attacker spoofing the RA. Microsoft was warned in 2010 but still has not fixed it . The machine will be exhausted and die in this denial of service attack.

This is only one of many many examples on the insecurity of networks in the transitions to ipv6 that have been in the wild already for many years.

I see all the mistakes people made in the 1990’s being done again in ipv6. Nobody learned from past mistakes. It means your data and your identity can be compromised. The threat in the 1990s was 13year old hackers from their garage. Todays threat to privacy and life is organised crime, and government security departments.