It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

SCI/TECH: New security flaw effects everything.

page: 1
0

log in

join
share:

posted on Apr, 20 2004 @ 03:14 PM
link   
Researchers have uncovered a serious security flaw that could open up core Internet technologies to catastrophic disruption. The flaw lies within the TCP/IP protocol that drives the underpinnings of the Internet.
 
news.Yahoo.com By TED BRIDIS, AP Technology Writer The flaw affecting the Internet's "tranmission control protocol," or TCP, was discovered late last year by a computer researcher in Milwaukee, Paul "Tony" Watson, 36, who said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely. So, a critical flaw that pretty much effects everything, everywhere. Hopefully the major router vendors have already patched their software. But the story makes no mention of a such a fix. [Edited on 20-4-2004 by SkepticOverlord]




posted on Apr, 20 2004 @ 04:06 PM
link   
Wow! This could be a serious problem in the coming weeks. This sounds alot like the denial of service TCP window vulnerablility, in that everything is succeptable, but this seems to be far more dangerous.



posted on Apr, 20 2004 @ 10:38 PM
link   
Interesting, saw this on the news today also.

The public announcement coincides with a presentation Watson expects to make Thursday at an Internet security conference in Vancouver, British Columbia, where Watson said he would disclose full details of his research.


And just as suprising (though I really dont know why)...

Watson predicted that hackers would understand how to begin launching attacks "within five minutes of walking out of that meeting."



posted on Apr, 20 2004 @ 11:29 PM
link   

Originally posted by smirkley
Watson predicted that hackers would understand how to begin launching attacks "within five minutes of walking out of that meeting."


Thus the reason companies don't want to reveal bugs to the public. People complain about Microsoft hiding information about problems with their programs. But if they share the info the second they find it, but don't have a fix for 6 months, chaos will insue.

Problems like this need to be shared with the correct people when they are discovered so fixes can be created before a vast majority of the computer users find out.

Kinda like security through obscurity[sp?].



posted on Apr, 21 2004 @ 06:24 PM
link   
funny thing: i saw the exact same story in my local paper on the 21. wow, what a coincidence. now i understand why somebody said you see everything here first.

resetting the machines is not as bad as wiping hard drives (which routers dont have i know). at worst this flaw will result in dropped coneections and access problems.

correct me if i'm wrong



posted on Apr, 21 2004 @ 08:42 PM
link   
I don't think it could be any worse than Windows 95 and ME. Had to reboot several times a day to get things to continue to work.



posted on Apr, 21 2004 @ 08:48 PM
link   

Originally posted by crayon
I don't think it could be any worse than Windows 95 and ME. Had to reboot several times a day to get things to continue to work.


Oh, yes it can be worse! Almost EVERYTHING uses TCP/IP now if it communicates with something else, not just Windows.



posted on Apr, 21 2004 @ 09:07 PM
link   
Unfortunately 'security through obscurity' insint really security so much as BSing and not addressing things directly. I've heard many stories where someone who discovered a bug, notified the vendor, and got no real response other than the nice "your email is imporant to us and we will take it into consideration" automated responses. Theres only so long a person can go through the proper channels before they may as well go public with what they know so perhaps somone can cook up a prevention or patch.

I read in an article on SecurityFocus [ article ] that Cisco already has a patch out [ here ] and I'm sure other vendors like 3Com, Linksys and others are working on it too. I imagine patches are also rolling out for the many many linux boxes used to serve as routers, firewalls and other various devices.



posted on Apr, 21 2004 @ 09:22 PM
link   
As I undestood it this morning it will cause routers to stop routing and disrupt business and government transmittal of information having a profound effect on a large amount of transmissions. On PC's that are affected it will cause lock up.
It seemed bad when I read about it earlier and why they are going to openly discuss and release the knowledge is way beyond me. One would think the problem would be addresed behind closed doors.
Also the Russians are establishing some type of advanced security on there system now that we are not up to speed on. And BTW, I am computer illeterate. [my spelling lacks also]


tut tut



posted on Apr, 22 2004 @ 05:35 AM
link   
Please see the following links for more
info:
security.itworld.com...
security.itworld.com...

as you can see the flaw is inherent to TCP.
a 20 year old flaw.
Hopefully the fix is in, or on the shelf.
I wonder what security tools can detect this exploit when it's in progress? Any ideas?



new topics

top topics



 
0

log in

join