29 August 2006
Vista's potential IPv6 issues
A possible huge security flaw in MS Vista has been published on Freedom.net. One person studied Vista's implementation of IPv6, which has in the past raised red flags among some people over security, and is concerned over an information leak being possible through the protocol.
Vista's Teredo tunneling mechanism is similar to 6to4, but not completely. Teredo uses UDP packets to send data which allows it to pass through firewalls without being screened. Unlike Vista's implementation of Teredo, 6to4 is usually used between hosts and not between individual computers. The normal implementation of 6to4 involves using it at an external contact and then having the internal router and firewall on the other side of it to actually provide the security while 6to4 does the conversion of an internal network of IPv6 to the external IPv4 network. With this feature on an actual computer it allows data exchange without actually being logged in a firewall, since Teredo packets are not able to be unpacked by most if not all firewalls.
If this turns out to be a valid flaw, people will have files viewed or taken without their even knowing and without their firewall being able to secure them at all. This is an implementation that should either be taken out or fixed and definitely not set as the default setting as it is. With many home users not knowing that much about networking to be able to secure the network, this is not a good feature to add to household computers.
Vista's Teredo tunneling mechanism is similar to 6to4, but not completely. Teredo uses UDP packets to send data which allows it to pass through firewalls without being screened. Unlike Vista's implementation of Teredo, 6to4 is usually used between hosts and not between individual computers. The normal implementation of 6to4 involves using it at an external contact and then having the internal router and firewall on the other side of it to actually provide the security while 6to4 does the conversion of an internal network of IPv6 to the external IPv4 network. With this feature on an actual computer it allows data exchange without actually being logged in a firewall, since Teredo packets are not able to be unpacked by most if not all firewalls.
If this turns out to be a valid flaw, people will have files viewed or taken without their even knowing and without their firewall being able to secure them at all. This is an implementation that should either be taken out or fixed and definitely not set as the default setting as it is. With many home users not knowing that much about networking to be able to secure the network, this is not a good feature to add to household computers.
Labels: microsoft, security, vista, vulnerability, windows
