An Interview with the father of the Internet

posted onDecember 16, 2001
by hitbsecnews

By: L33tdawg

A few weeks back I posted a call for questions for an interview HITB would be conducting with Mr. Vinton Cerf - the person many have titled the 'Father of the Internet'. While the aim was to ask Mr. Cerf technically slanted questions, it turned out to be a much more mixed bag of questions that we received. Eitherways, read on to see what Mr. Cerf had to say about things from hackers being terrorists to IPV6.

HITB: How important do you think IPv6 is to the growth and evolution of the Internet?

There is no doubt in my mind that the Internet will eventually need a much larger address space. Network Address Translation (NAT) is not a satisfactory solution to achieving end-to-end communication between processes resident in different systems. The timing of the demand for IPv6 is still an open question. The demand will come from the outside in the sense that IPv6 enabled devices will proliferate (possibly dual-stack) and as IPv4 address space becomes more scarce, pressure will build to support IPv6 at the edges of the IPv4 Internet backbone(s) until finally the core will need to have IPv6 native mode capability. Opinions vary as to when this will happen and I am of the opinion that the pressure will reach a critical point around 2006.

HITB: What will it take for providers to finally embrace IPv6 and begin a true migration & transition towards it globally?

My guess is that it will be external pressure from applications that use very large numbers of devices that operate on a peer-to-peer basis. Mobile phones are one example, Internet-enabled video games are another, as are automobiles equipped with Global Positioning Satellite receivers and local processing to manage subsystems and services onboard the vehicle. We may see some use of native IPv6 networks for some specific applications and tunneling over IPv4 for others over the current Internet backbone.

HITB: The Internet is now a way of life for some people. It has moved an entire vocabulary from a limited crowd into a mainstream meaning. As the ‘father of the Internet’, how do you feel that it (The Internet) is helping us as a society? What is the Internet going to do for under developed countries?

First, I would have to say that I am not “THE” father of the Internet but simply one of them. I have always hoped that the Internet would prove a constructive force that would benefit society by making information widely accessible on a global scale for scientific work, for electronic commerce, for the sharing of information among citizens, for the interaction of citizens and government, and so on. I am not so naïve as to imagine that Internet will not also be used for nefarious purposes. As it becomes a global infrastructure touching an increasingly large fraction of the world’s population, it will also be abused by that same population. This has been the story of all new technologies and Internet is no different in that regard. With regard to developing countries whose telecommunications infrastructure needs significant enhancement to support Internet I hope that a combination of regulatory climate favoring competition, available capital, and willingness of organizations such as the World Bank to invest will stimulate the necessary development. We do know that Moore’s Law and competition will drive costs down making Internet increasingly accessible to potential users in the lower economic strata.

HITB: What do you think about the whole "hackers/defacers/hacktivists being terrorists" fiasco?

I think it is an overstatement to argue that “hacktivists” are terrorists unless the consequence of the hacking is a real threat to the physical and economic well-being of the population. Hacking critical infrastructure with the intent or actual effect of disrupting it is just as much terrorism and blowing up a dam and drowning a town or destroying the World Trade Center. But I would not put that on a part with defacing a web page or breaking into a computer without causing any damage. The latter strike me as potential misdemeanors but not examples of terrorism. Some of this kind of hacking, such as stealing and abusing credit cards, planting of Trojan horses or denial-of-service “zombies” may well be criminal. If the Trojan horse code is subsequently used to interfere with critical infrastructure (e.g. the air traffic control system), I would tend to classify this as a terrorist act or at the least, the prelude to one.

HITB: There has been a lot of talk recently about emerging technologies such as wireless Ethernet and Bluetooth, but almost within the same breath there is talk about the security flaws and how "hackers" are war driving (attempting to sniff RF data traffic out of the air with modified laptops). Is this technology safe to use at a home or office? Could you shed some light on the security issues surrounding wireless and maybe explain how the average user can feel safe, and what you personally think about wireless in general.

The problem with some of the wireless technology is that the encryption used what are called “weak” keys. The key sizes are ok but some keys are “stronger” than others. I believe those problems have been documented and remedies specified. Failure to implement the fixes, though, could put many users at risk.

HITB: Part of the reason why IPv4 is running out is due to the fact that companies are using Internet routable addresses and giving it to a private network which has no intent on Internet routing. As such, these large companies gobble up blocks and use them for an intent other then what they where designed for, even though rfc1918 gives companies over 17 million private addresses for non-internet routing. Doesn't IPv6 have the possibility of also falling into this pitfall and is there going to be a watchdog group who can enforce companies who don't comply with rfc1918?

I think there is much less of this than once might have been the case. Most private networks use net 10 (class A) or one of the smaller address segments for what is called “private” address space which is not guaranteed to be unique and should NOT be put out on the public Internet. All the estimates that I have seen for IPv4 resource consumption suggest it will last through 2006 and possibly a lot longer under some conditions. ICANN has the responsibility for helping the Internet Address registries (RIRs) to develop consensus assignment rules, in cooperation with technical requirements identified, for example, by the IETF. These policies will be developed and administered for both IPv4 and IPv6.

HITB: Will there ever be a magic bullet to stop or prevent Denial of Service attacks?

Probably not since one form of DOS is simply too much legitimate traffic. However, for real DOS attacks based on artificially generated traffic, there may be ways to detect and divert it. This is still an area of considerable debate and research.

HITB: What do you think is currently the biggest threat to corporations and users in terms of network security? Why?

Various forms of Denial of Service because they are fairly easy to originate; penetration of application operating systems because these are often the weakest link in the security chain (e.g. attacking by way of web browser, Java code, active objects and so on). Poor password protection in lieu of strong authentication backed by hardware crypto devices represent another important potential weakness. Physical security and especially social engineering attacks are also a big worry.

HITB: Do you think that the current use of biometrics at airports in order to aid in identification is somewhat of an overkill and a major invasion of personal privacy? Reasons?

This is a mixed bag – high quality iris recognition or finger print recognition still may not tell you WHO someone is. If the original registration of the biometric is not done in a thorough fashion with adequate checking, someone could register a false identify to be associated with the biometrics. In general having the ability to track an individual virtually anywhere seems like a big invasion of privacy and it is. Of course, if you make heavy use of your credit card, you are also leaving around quite an audit trail (have a look at your year-end summary of credit card activity to get the full impact).

Americans often trade loss of privacy for convenience, however, so biometrics, if they speed your path through the airport, may well be chosen by law-abiding citizens.

1.) Old Posts don't die -- they get archived - Dinesh Nair
2.) Flawed Internal Setups By Example - presto
3.) An Interview with the Father of the Internet - L33tdawg
4.) Exploiting Weaknesses In Intrusion Detection Systems - spoonfork
5.) Snort for idiots (and cheap people like me) - presto
6.) A short commentary on script kiddies - Anateus
7.) SOTHA Returns! - madsaxon
8.) Cold Fusion Server Security - madirish

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes