|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Flow in how Microsoft Spec'ed Teredo
All,
Actually there are two problems. The first is RFC 4380, written by C. Huitema, from Microsoft has design flaws as noted by the news item above.
The second problem is implementation. At BlackHat 2007, Jim Hoagland spoke on "Vista Network Attack Surface Analysis and Teredo Security Implications" (https://www.blackhat.com/presentations/bh-usa-07/Hoagland/Presentation/bh-usa-07-Hoagland.pdf).
In that speak, he discussed that testing performed demonstrated that implementation of Teredo in Vista was in fact not to RFC 4380 spec. In addition, he discovered several interesting security flaws in that implementation. The flaws included: The ability to more easily identify a specific endpoint, endpoints allows scanning and inbound traffic, Teredo bypassed the host firewall, and the random number generator is not always working.
Please note, there are no published document with the same security study performed on XP, 2000 or Miredo, the Linux/BDS implementation of Teredo.
Lastly, Teredo has is place and value. When used in a home/coffee shop/hotel environment, it works great. But, it should never be used in an enterprise.