Forwarded from: Arrigo Triulzi <arrigo@private> InfoSec News scripsit: http://news.com.com/16+candles+for+first+Internet+worm/2100-7349_3-5438291.html [...] |"Security is being designed in the next TCP/IP version (IPV6), so the |IP address will contain a knowledge and expectation of security. The |current version IPv4 was built with a much more open world in mind. |Security was not part of the initial design," he said. "In 16 years' |time, the potential for something to spread widely and rapidly across |everything will be diminished just by the underlying security." I don't know what this guy has been smoking but it must have been good... how exactly does Richmond define "knowledge and expectation of security" and in the IP _address_ for that matter? OK, so IPsec ESP and AH are mandatory _option_ headers in IPv6. That doesn't exactly mean much in terms of security. Of course coming from an anti-virus company he doesn't really need to understand how the network works, Windows "hackme" components suffice. |However, NetIQ's Dircks said that IPv6 is a very long-term project, |and because it will require so much hardware to be replaced, it will |be a very slow upgrade cycle. Fortunately this chap manages to clear it all up - I can see all these machines running TCP/IP hard-coded in their ROM (not EEPROMs of course). Had he argued operating system upgrades I would have agreed but hardware.... he must be smoking something even better. How will IPv6 ever be deployed when FUD is all you ever hear? Not to mention the remarkable expectations of security they are implying: "No need to secure your software, the IPv6 address with take care of it". At least Dircks partially saves his reputation by talking about building security into the architecture in the last paragraph. Arrigo _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Nov 05 2004 - 02:23:53 PST