Re: http://irr.net their cert being expired doesn’t inspire confidence…
Hah, yes, I noticed. However, this is run by Merit. They are *central* to the function of the entire internet. They just screwed up because the radb doesn't get that much attention. Sooner or later they'll notice and fix it.
3) Off topic, but the notion that Russia invaded Ukraine just to get control of one aging nuclear plant is ludicrous.
I would agree with that. Russia has wanted warm water ports for centuries. They grabbed Crimea, but that’s just a start. They have their eyes on Odessa, and then further south.
Your history was taught by a sports teacher. USSR had Crimea before 1992. Then USSR was dismantled and Ukraine declared indolence.
I disagree with you, but you get bonus points for the first insult and double bonus points for the second insult/wordplay (independence/indolence). Best short-form I've seen on the internet in a while.
Apple needs to sever all ties with Russia. Cut them off cold to updates, services, iCloud, AppleMusic, everything. Flip the switch without warning. You live in Russia your device is bricked and you are SOL. I know that Apple keeps talking about trying to protect their customers. It's too late for that. Until the general populace starts feeling the pain from Putin's war they won't put an end to it. Remember, that's what brought down the Tzar. The people get fed up with paying in blood and treasure for the Tzar's adventure in WWI. It's time for another revolution and Apple needs to step up and do their part.
This would have zero impact on the situation described in the article. Had they already done so, nothing would have changed. Rostelecom could still have announced Apple's route(s) - which is an entire /8!!! - and everything would have played out exactly the same way.
... is this a good reminder of the potential vulnerability of (especially large, high value) cloud services with so many potential attack vectors ...?
... is it the opposite of the concept of the internet in terms of communication reliability of multiple web connections ...?
No, to both questions. This has nothing to do with attacks on cloud services. It's fundamental to all traffic on the internet. And the problem is exactly the multiple possible connections, in that the lack of a central authority for the net means there's no single source of truth for who is allowed to announce which routes. There has been an answer to that problem for over two decades, but it's not used everywhere, much to everyone's detriment. See http://irr.net, or google "radb". If the entire world used and enforced registration of routes in a route database like the RADB, this attack could not have any effect outside of Rostelecom's own customers.
Also finding vulnerabilities in the routing infrastructure.
Russias war isn’t going to stop with Ukraine. That’s a strategic move to gain a massive nuclear power plant while advancing its dominance agenda. They e already threatened their own surrounding countries as well as the USA. And China is right behind with its unprecedented disrespect and threatening of the USA as it seeks to devour one of the most prolific product economies in Taiwan prior to its 2049 buildup goal.
Though Apple was vigilant, there is no doubt that some data was stolen. You have to wonder what kind of blackmail is planned for any incriminating info discovered, especially where apple using politicians, media, and big tech folks are concerned.
This is extra ignorant. Just stop.
1) This isn't a "vulnerability in the routing infrastructure". It is, unfortunately, a designed-in feature. It will continue to be the case until use of route databases is universally enforced.
2) I have a LOT of doubt that any user data was stolen. In fact it's virtually certain that no data was stolen, as all of it was likely encrypted, though they certainly would be able to capture some metadata - for example, who was connecting to Apple services, and when. The scenario you envision is not the problem. It is conceivable that the metadata alone could matter in a specific case involving a high-value target, however. That's a reasonably plausible explanation for the whole event, in fact, though we'll likely never know.
3) Off topic, but the notion that Russia invaded Ukraine just to get control of one aging nuclear plant is ludicrous.
Thank you for providing a voice of reason on the topic.
Considering everything they did left a very clear trail back to the source and was essentially done in the open makes it hard to get too excited about this. It’s essentially the same as someone giving the post office a change of address form to route your mail to their mailbox, all the while telling you and the rest of the world that they are doing so. Whether it’s amateur hour, cyber heckling, or just being done to create a distraction we’ll never know for sure. So while I’m not overly concerned about this specific incident, we don’t know what their next move might be insofar as they operate in an environment of state sponsored terrorism.
Apple needs to sever all ties with Russia. Cut them off cold to updates, services, iCloud, AppleMusic, everything. Flip the switch without warning. You live in Russia your device is bricked and you are SOL. I know that Apple keeps talking about trying to protect their customers. It's too late for that. Until the general populace starts feeling the pain from Putin's war they won't put an end to it. Remember, that's what brought down the Tzar. The people get fed up with paying in blood and treasure for the Tzar's adventure in WWI. It's time for another revolution and Apple needs to step up and do their part.
This would have zero impact on the situation described in the article. Had they already done so, nothing would have changed. Rostelecom could still have announced Apple's route(s) - which is an entire /8!!! - and everything would have played out exactly the same way.
... is this a good reminder of the potential vulnerability of (especially large, high value) cloud services with so many potential attack vectors ...?
... is it the opposite of the concept of the internet in terms of communication reliability of multiple web connections ...?
No, to both questions. This has nothing to do with attacks on cloud services. It's fundamental to all traffic on the internet. And the problem is exactly the multiple possible connections, in that the lack of a central authority for the net means there's no single source of truth for who is allowed to announce which routes. There has been an answer to that problem for over two decades, but it's not used everywhere, much to everyone's detriment. See http://irr.net, or google "radb". If the entire world used and enforced registration of routes in a route database like the RADB, this attack could not have any effect outside of Rostelecom's own customers.
Also finding vulnerabilities in the routing infrastructure.
Russias war isn’t going to stop with Ukraine. That’s a strategic move to gain a massive nuclear power plant while advancing its dominance agenda. They e already threatened their own surrounding countries as well as the USA. And China is right behind with its unprecedented disrespect and threatening of the USA as it seeks to devour one of the most prolific product economies in Taiwan prior to its 2049 buildup goal.
Though Apple was vigilant, there is no doubt that some data was stolen. You have to wonder what kind of blackmail is planned for any incriminating info discovered, especially where apple using politicians, media, and big tech folks are concerned.
This is extra ignorant. Just stop.
1) This isn't a "vulnerability in the routing infrastructure". It is, unfortunately, a designed-in feature. It will continue to be the case until use of route databases is universally enforced.
2) I have a LOT of doubt that any user data was stolen. In fact it's virtually certain that no data was stolen, as all of it was likely encrypted, though they certainly would be able to capture some metadata - for example, who was connecting to Apple services, and when. The scenario you envision is not the problem. It is conceivable that the metadata alone could matter in a specific case involving a high-value target, however. That's a reasonably plausible explanation for the whole event, in fact, though we'll likely never know.
3) Off topic, but the notion that Russia invaded Ukraine just to get control of one aging nuclear plant is ludicrous.
Thank you for providing a voice of reason on the topic.
Considering everything they did left a very clear trail back to the source and was essentially done in the open makes it hard to get too excited about this. It’s essentially the same as someone giving the post office a change of address form to route your mail to their mailbox, all the while telling you and the rest of the world that they are doing so. Whether it’s amateur hour, cyber heckling, or just being done to create a distraction we’ll never know for sure. So while I’m not overly concerned about this specific incident, we don’t know what their next move might be insofar as they operate in an environment of state sponsored terrorism.
You're welcome.
I hate to say it, but the next step is obvious: Break the internet. All they'd have to do is start announcing lots of routes they don't own, from critical players like amazon and google.
The endgame in that case is also obvious: They would be entirely disconnected from the internet. That's a bad result for everyone, but probably exactly what Putin will be looking for, long-term, so why not take advantage of that to do some really spectacular if short-term damage on the way out? It's like tossing a molotov cocktail over your shoulder as you leave a restaurant.
Comments
I disagree with you, but you get bonus points for the first insult and double bonus points for the second insult/wordplay (independence/indolence). Best short-form I've seen on the internet in a while.
Considering everything they did left a very clear trail back to the source and was essentially done in the open makes it hard to get too excited about this. It’s essentially the same as someone giving the post office a change of address form to route your mail to their mailbox, all the while telling you and the rest of the world that they are doing so. Whether it’s amateur hour, cyber heckling, or just being done to create a distraction we’ll never know for sure. So while I’m not overly concerned about this specific incident, we don’t know what their next move might be insofar as they operate in an environment of state sponsored terrorism.