Eamon sent me this interesting program Hamachi (Wikipedia Article). I don’t think I will install it because its very hard to know whether its really secure. I’m especially skeptical about claims that its offers effortless VPN networks. There is good reason that there is effort involved in setting up IPsec, SSL tunnels or any other security technology because you have to ensure that you are authenticating each party. Specifically while Hamachi claims to use Public-Key cryptography for authentication with its servers (the easy part) when you actually connect up to your friends it seems to be a matter of joining a “network”.
A good portion of consumer users of the internet are now accessing it behind NATing routers which is a good thing, it has definately reduced the number of cracked XP machines. However these cryptographically dubious darknets are springing up and will be the next big security problem. I wonder how many people using Hamachi are in corporate networks and are inadvertently creating a new path into an otherwise secured network? Hackers are very difficult to trace as it is now – how will we ever catch someone who has done their deed through a series of machines connected by hamachi or one of the other darknet programs? I think it will be almost impossible.
Leave a Reply