http://www.theregister.co.uk/2008/10/01/fundamental_net_vuln/ By Dan Goodin in San Francisco The Register 1st October 2008 Security experts say they have discovered a flaw in a core internet protocol that can be exploited to disrupt just about any device with a broadband connection, a finding that could have profound consequences for millions of people who depend on websites, mail servers, and network infrastructure. The bug in the transmission control protocol (TCP) affords attackers a wealth of new ways to carry out denials of service on equipment at the heart of data centers and other sensitive points on the internet. The new class of attack is especially severe because it can be carried out using very little bandwidth and has the ability to paralyze a server or router even after the flood of malicious data has stopped. "If you use the internet and you serve a TCP-based service that you value the availability for, then this affects you," Robert E. Lee, chief security officer for Sweden-based Outpost24 told The Register. "That may not be every internet user, but that's certainly any IT manager, that's certainly any website operator, mail server operator, or router operator." Lee said he and Outpost24 colleague Jack Louis discovered the bug in 2005, but decided to keep their finding secret while they tried to devise a solution. After largely hitting a wall, they decided to go public in hopes that a new infusion of ideas will finally get the problem fixed. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Wed Oct 01 2008 - 23:43:57 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 01 2008 - 23:53:47 PDT