nCircle The Lens Blog

It's the New Black

You may have noticed that a remote exploit has been found in the venerated OpenBSD. Since this is only the second remote code execution condition found in 10 years, it warrants some attention, certainly. It had to hurt a little to increment that counter from "one" to "two" on the openbsd.org page.

What's interesting about this vulnerability, however, is that it's specific to IPv6. The Department of Defense has put some significant momentum behind IPv6 adoption, and this OpenBSD vulnerability got me thinking about how many untested implementations of IPv6 are out there. I imagine that as IPv6 gets rolled out, security researchers will find it an interesting avenue for exploit. Depending on how adoption occurs, we're likely to see a rash of IPv6 based exploits.

Don't get me wrong, it's not that there aren't IPv6 vulnerabilities out there, but ultimately, the attackers go where the target space is richest, and that isn't IPv6 today.


TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/177


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):



About

This page contains a single entry from the blog posted on March 15, 2007 6:02 AM.

The previous post in this blog was scape-goat, n.; Julie Amero.

The next post in this blog is The Network *is* the Vulnerability.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: The Lens
Author: Tim Erlin

Tim Erlin, CISSP, is a Principal Product Manager at nCircle, responsible for vulnerability management and configuration auditing. In his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. His career in information technology began with systems and network administration.


   




Categories

  • Blog
  • Information Security Market
  • Regulations and Compliance
  • Vulnerability Research