Our monthly free webcast series rolls on with another talk about a major vulnerability. This webcast is entitled "Trust Doesn't Scale: Practical Hijacking On the World's Largest Network." The webcast is based on a remarkable presentation by Tony Kapela and Alexander Pilosov at the DEFCON security conference this August. To illustrate their BGP-based traffic-hijacking techniques, they intercepted all traffic from the notoriously hostile conference network and ran it through their servers. The process was almost completely invisible to DEFCON attendees.
Their demonstration took advantage of a trust issue with Border Gateway Protocol (BGP), and it appears to be part of a larger security trend of major issues emerging in the bedrock protocols that support the Internet. Dan Kaminsky's DNS vulnerability relies on trust issues in DNS. In recent years major questions have been raised about SNMP and ICMP and at this writing there's word of a potentially major TCP exploit. Vulnerabilities like these raise significant questions about the business of security, the limits of patching, and the difficulties involved in securing a trust-based system.
Anton Kapela is a co-owner and partner at 5Nines Data, a Datacenter and IT solutions company in Madison, Wisconsin, where he is responsible for the architecture and implementation of network services and datacenter facilities. Prior to 5Nines Anton actively consulted with several network, wireless, and communications industry companies. His most memorable clients have been Redline Communications, Motorola's Canopy Wireless division, and a subsidiary of Research In Motion known as 'Slipstream.' More recently he consulted on Internap Networks' acquisition and integration of VitalStream - a Content Delivery Network.
As CSO-in-Residence, David Mortman is responsible for Echelon One's research and analysis program. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and lead up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007, InfoSecurity 2003, Blackhat 2004, 2005, 2006 and 2007, Defcon 2005, 2006 and 2007 and Information Security Decisions 2007 as well. Mr. Mortman sits on a variety of advisory boards including Qualys, Applied Identity and Reflective amongst others. He holds a BS in Chemistry from the University of Chicago.
Ariel Futoransky, a co-founder of Core, is the head of CoreLabs, the company's research and development center. As such, he is responsible for all day-to-day research and publishing activities. Since 1996, Futoransky has been working to transform promising technologies into competitive advantages for the company and its customers. Prior to co-founding Core, Futoransky served as a member of the Special Projects Group at the Argentine tax agency and served as a consultant for several government agencies and corporations. Futoransky has distinguished himself as a multiple award winner in the International Olympiad in Informatics (IOI), where he won a silver medal in Stockholm in 1994, three gold medals in Buenos Aires in 1991-1993, and a bronze medal in 1992 in Bonn, Germany.