|
|
When programs and protocols are planned, conception errors may occur which affect security. From a historical point of view, these errors are entirely comprehensible. For instance, the developers of the protocols used in the Internet surely did not expect, at the end of the sixties, that these protocols would one day become the basis for a world-wide computer network that is extremely important commercially.
Examples of conception errors include the open transmission of data in the Internet, making it possible to read and alter data (such as passwords) or send packets using the Internet address assigned to another computer. A special case of this is what is known as the FTP bounce attack which exploits the fact that the link used for data transmission with an FTP protocol can be established with any computer. In serious cases, it is even possible to overcome firewalls in this way using dynamic packet filters (see CERT advisory 97-27). There are most certainly further errors in the Internet protocols which will be published in the future.
Another example of a conception error is that it is possible to send large numbers of advertising E-mails anonymously (mail spamming). This is often done by using other mail severs as so-called remailers, so that any counteraction from the recipient comes to nothing. These attacks are obviously due to the lack of opportunities for authentication currently offered by the Internet.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |