At the 26th Chaos Communication Congress (26C3) in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Attackers exploit many minor design flaws which allow "dangerous attacks" when combined, explained the Berlin-based security expert who last year investigated vulnerabilities in the basic TCP internet protocol. Overall, the "bugs" can reportedly be exploited to hijack a proxy server such as Squid and control all of the network traffic that flows through it.
Yamaguchi explained that typical corporate networks, for instance, include a "demilitarised zone" (DMZ) with restricted access to the connected servers. Attackers who compromise a system within this zone have no access to local networks yet, said the researcher. This requires getting over a firewall, he added. It therefore makes little sense to directly attack a machine installed in this zone, said Yamaguchi. A detour via one of the system's clients, which are surrounded by a "zoo of technologies" such as Flash, media players or chat systems, tends to be the much more promising option.

To demonstrate, "fabs" chose the Pidgin instant messaging software, where emoticons in MSN Chat are apparently known to be particularly vulnerable to attacks. According to the security expert, the software's "shoddy" protocol replaces character strings and word strings with images, allowing a more or less unrestricted variety of symbols to be displayed. The protocol's flawed encoding of a text in binary enabled Yamaguchi to download an executable program and eventually gave the researcher a first foothold in the network.

The link for this article located at H Security is no longer available.