Google receives a visit from the Queen (CNET)

CNET - Britain's Queen Elizabeth II joined the Web 2.0 generation today when she uploaded a clip to YouTube for the first time. Full text

Archive

«« November 2008
M T W T F S S
     12
3456789
10111213141516
17181920212223
24252627282930

Search

 
only in «Internet»

Other news:

Hands On with VideoSurf's Video Search Engine (PC Magazine)

Tom Cruise death report is "erroneous garbage" (Reuters)

Queen visit marked by royal Google doodle (AFP)

Obama buys first video game campaign ads (Reuters)

Playboy shedding DVDs in favor of online (Reuters)

New York Times widget tracks campaign donations (CNET)

EBay posts 3Q profit, reversing year-ago loss (AP)

U.S. newspaper stocks dive, analyst cuts estimates (Reuters)

Coelho praises Web book versions at Frankfurt fair (Reuters)

Bloomberg hires NBC veteran to run TV, online ops (Reuters)

RSS channels XML

All categories
Category «Internet»

TCP flaws puts Web sites at risk (CNET)

2008.10.02 - Internet - Source: RSS.NEWS.YAHOO.COM - Comments [0]

By Robert Vamosi, CNET 54 minutes ago

Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial of service (DoS) attacks if exploited. At present there is no workaround and no patches available.

Robert E. Lee, Chief Security Officer for Outpost24, told CNET News, "the vendors we are in talks with seem to be taking the threat seriously."

The discovery follows a test using a port scanner called UnicornScan, which Lee and Senior Security Researcher Jack Louis created. The tool is used for vulnerability assessment and penetration testing at Outpost24. Lee told a Louis started noticing strange behavior.

"Jack found some anomalies in which machines would stop working in some very specific circumstances while being scanned," Lee told CNET News. One of the behaviors experience was packet loss where the packets just kept trying and trying and trying, creating, more or less, a denial of service (DoS) on that machine.

There doesn't appear to be just one vulnerability, but several, according to Robert Hansen who first wrote about this last Friday. Hansen says the potential for these vulnerabilities, as he understands it, if exploited, could result in great damage. And fixing it will require coordination with vendors of OSs, firewalls, and Web-enabled devices.

To exploit the flaws, to see if the TCP vulnerabilities were real, Lee and Louis created a program called "sockstress" which intentionally did some wrong things with the TCP/IP handshake process. The sockstress program was very effective in producing DoS attacks. The pair have no plans to release sockstress.

Lee said he doesn't plan to have a big, public disclosure press conference like Dan Kaminsky did with the DNS flaw this past summer. "We plan to work with vendors to ensure they understand the issues fully and have adequate solutions in place before publicly sharing details on the issues. Since there are multiple issues, we may be able to share information on individual issues as they are individually addressed."

Asked whether someone else could figure this out before the patches are out, Lee said "even though I think Jack Louis is exceptionally brilliant, Outpost24 doesn't have a monopoly on bug finding abilities. It is a matter of time before someone else independently figures it out."

Source

Post a comment
Name 
E-Mail
Comment
Enter the code from image

See also:

Classified ad decline weighs on U.S. newspapers (Reuters)

Reuters - A sharp drop in classified advertising sales brought on by free Internet listings and a cooling real estate market helped push U.S. newspaper publishers' financial results lower in the first quarter.

Geldof, BBC plan "A-to-Z" of mankind Web site (Reuters)

Reuters - Bob Geldof and the British Broadcasting Corporation (BBC) are planning to set up a Web site they say will be a definitive guide to mankind.

Group: Yahoo assisted China with torture (AP)

AP - A human rights group launched a campaign Thursday against Yahoo Inc. on grounds the U.S. search company assisted China's communist government with torture by revealing information that led to the arrest of dissidents.

Enterprises seek social-network effect (InfoWorld)

InfoWorld - Social bookmarking and IRC (Internet relay chat) top the list of must-have tools for organizations that want to leverage Web 2.0 technologies within the enterprise, according to a Web 2.0 Expo panel moderated by Rob Rueckert of Intel Capital.

Intel Targets New Mobile Devices (NewsFactor)

NewsFactor - The space between a notebook computer and a smartphone is an opportunity that Intel, among others, is trying to fill. At the Intel Developers Forum on Wednesday in Beijing, the chipmaker announced it is creating an alliance to work on challenges related to a new computer form factor, the mobile Internet device (MID). Intel also detailed a new platform for both MIDs and the existing ultra-mobile PC (UMPC).