Linux flaw allows hackers to hijack your internet communications - unpatched since 2012! | |
Anonymous Coward (OP) User ID: 72796598 United States 08/19/2016 03:55 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 45428830 United States 08/19/2016 04:00 PM Report Abusive Post Report Copyright Violation | edit /etc/syscrl.conf insert a line net.ipv4.tcp_challenge_ack_limit = 999999999 save it run sudo sysctl-p to update the configuration. see not the end of the world and you dont't have to wait for a patch. but dunno about android phones. Does the line have to be anywhere in particular or just add it to the syscrl.conf? |
Anonymous Coward User ID: 45428830 United States 08/19/2016 04:02 PM Report Abusive Post Report Copyright Violation | edit /etc/syscrl.conf insert a line net.ipv4.tcp_challenge_ack_limit = 999999999 save it run sudo sysctl-p to update the configuration. see not the end of the world and you dont't have to wait for a patch. but dunno about android phones. Does the line have to be anywhere in particular or just add it to the syscrl.conf? Also i only have a sysctl.conf is that what you meant? |
Anonymous Coward User ID: 72821426 Finland 08/19/2016 04:13 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. source and destination ip would have to be known beforehand its not good, but its not awful. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack. Not only that but what would you inject? Most linux users are not running with root so there is not much you could do. |
Anonymous Coward User ID: 72822733 Spain 08/19/2016 04:25 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72822733 Spain 08/19/2016 04:30 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. source and destination ip would have to be known beforehand its not good, but its not awful. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack. Not only that but what would you inject? Most linux users are not running with root so there is not much you could do. THEY could inject anything in your datastream, simple AES could be decrypted in real time. THEY could mimmick your connection counterparty and collect data |
BrokenTech
User ID: 71296882 United States 08/19/2016 04:48 PM Report Abusive Post Report Copyright Violation | Uhm , linux is fully open source, how did someone miss the fucked coding? Quoting: Anonymous Coward 2649925 with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux....... Fair question. The answer is, not many eyes going over the IP V4 stack. It's old, stable as fuck, and not sexy. Sometimes, you actually have to be looking for it, specifically. Coding flaws do not exactly sit there waving a flag saying "here I am, fix me". You usually have to know what you are looking for. |
Anonymous Coward User ID: 40854418 United States 08/19/2016 04:52 PM Report Abusive Post Report Copyright Violation | From the research paper where they talk about resetting the connection: "As shown in Table 1, the attack is highly effective: the average success rate is 97% over all runs, with an average time cost of 44.3s. " And: "Vulnerabilities in other OSes: We examine if the studied vulnerability exist in the latest Windows and FreeBSD OSes (The latter TCP stack is also used by Mac OS X). In brief, these OSes are not vulnerable to the attack. First of all, neither Windows nor FreeBSD has implemented all three conditions that trigger challenge ACKs according to RFC 5961. More importantly, the ACK throttling is not found for Windows or MAC OS X. Ironically, not implementing the RFC fully, in fact is safer in this case." Linky: [link to www.cs.ucr.edu] 5 stars for the info OP! |
Anonymous Coward User ID: 69551641 Canada 08/19/2016 05:41 PM Report Abusive Post Report Copyright Violation | edit /etc/syscrl.conf insert a line net.ipv4.tcp_challenge_ack_limit = 999999999 save it run sudo sysctl-p to update the configuration. see not the end of the world and you dont't have to wait for a patch. but dunno about android phones. Does the line have to be anywhere in particular or just add it to the syscrl.conf? Also i only have a sysctl.conf is that what you meant? Yes you add the line into /etc/sysctl.conf It's not there. My understanding is the ack limit on linux is set to a predictable 100 by default. The predictability is what makes the attack possible. It's a decent patch till a real fix is put out. Did it to two of my boxes, ok so far. Search linux ack flaw fix For more. Stackexchange is where I found it. |
rodehard putawaywet
User ID: 71345460 United States 08/19/2016 05:49 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. I trust Linux because nobody bothers to write viruses for it. It's not worth their effort. Has anyone had a problem because of this "flaw"? I don't have the time or the crayons to explain this to you. Slake Blake |
Anonymous Coward User ID: 72821426 Finland 08/19/2016 05:51 PM Report Abusive Post Report Copyright Violation | ... Quoting: Anonymous Coward 72796598 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. source and destination ip would have to be known beforehand its not good, but its not awful. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack. Not only that but what would you inject? Most linux users are not running with root so there is not much you could do. THEY could inject anything in your datastream, simple AES could be decrypted in real time. THEY could mimmick your connection counterparty and collect data So they could see what type of porn I'm watching? Nice! |
Anonymous Coward User ID: 40854418 United States 08/19/2016 05:52 PM Report Abusive Post Report Copyright Violation | ... Quoting: Anonymous Coward 71558537 edit /etc/syscrl.conf insert a line net.ipv4.tcp_challenge_ack_limit = 999999999 save it run sudo sysctl-p to update the configuration. see not the end of the world and you dont't have to wait for a patch. but dunno about android phones. Does the line have to be anywhere in particular or just add it to the syscrl.conf? Also i only have a sysctl.conf is that what you meant? Fro Yes you add the line into /etc/sysctl.conf It's not there. My understanding is the ack limit on linux is set to a predictable 100 by default. The predictability is what makes the attack possible. It's a decent patch till a real fix is put out. Did it to two of my boxes, ok so far. Search linux ack flaw fix For more. Stackexchange is where I found it. From the terminal window: mymachine:> sudo sysctl net.ipv4.tcp_challenge_ack_limit net.ipv4.tcp_challenge_ack_limit = 100 mymachine:> sudo echo "net.ipv4.tcp_challenge_ack_limit = 999999999" >> /etc/sysctl.conf ; sudo sysctl -p net.ipv4.tcp_challenge_ack_limit = 999999999 You use /etc/sysctl.conf to overwrite the default kernel settings. |
The Comedian :D
User ID: 35219468 United States 08/19/2016 06:08 PM Report Abusive Post Report Copyright Violation | Uhm , linux is fully open source, how did someone miss the fucked coding? Quoting: Anonymous Coward 2649925 with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux....... Fair question. The answer is, not many eyes going over the IP V4 stack. It's old, stable as fuck, and not sexy. Sometimes, you actually have to be looking for it, specifically. Coding flaws do not exactly sit there waving a flag saying "here I am, fix me". You usually have to know what you are looking for. Also true. Non-coders really have no idea what is involved in software development and maintenance. There is no analog in the physical world. Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits ‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense [link to www.godlikeproductions.com] "Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead. |
Anonymous Coward User ID: 72821426 Finland 08/19/2016 06:12 PM Report Abusive Post Report Copyright Violation | |
The Comedian :D
User ID: 35219468 United States 08/19/2016 06:14 PM Report Abusive Post Report Copyright Violation | Last Edited by The Comedian :D on 08/19/2016 06:15 PM Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits ‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense [link to www.godlikeproductions.com] "Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead. |
Anonymous Coward User ID: 72792361 Australia 08/19/2016 06:31 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] I'm beginning to think that the ultimate answer to avoiding all of this spying bullshit is fpr people to simply discard all personal computers and smart phones, and just use landlines. If you need to use a computer, go to an Internet cafe. If you need to do banking, visit the local branch. |
Anonymous Coward User ID: 72819817 Netherlands 08/19/2016 06:32 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 18921217 United States 08/19/2016 06:41 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] This is old news...debian and fedora builds are safe |
Anonymous Coward User ID: 18921217 United States 08/19/2016 06:43 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] This is old news...debian and fedora builds are safe I think this is Windows false flag, to keep people from migrating. You know the rules, you rule linux.... Your a bitch windows supporter, you get used. Kind of like, conservative vs. lib'fag |
Anonymous Coward User ID: 72668843 Canada 08/19/2016 06:53 PM Report Abusive Post Report Copyright Violation | |
Devoted Follower User ID: 72702268 United States 08/19/2016 06:54 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72668843 Canada 08/19/2016 06:54 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72824384 United States 08/19/2016 06:58 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72433582 United Kingdom 08/19/2016 07:01 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72798048 India 08/19/2016 07:15 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. I think you are bashing linux because you have never used it before and never will ! |
Anonymous Coward User ID: 72798048 India 08/19/2016 07:18 PM Report Abusive Post Report Copyright Violation | Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue. Quoting: Anonymous Coward 72784901 Unintelligent, uninteresting, and irrelevant. If you were intelligent, you'd get the humor of this all. Fail level: Extreme. ^ | O This |
Anonymous Coward User ID: 40854418 United States 08/19/2016 07:19 PM Report Abusive Post Report Copyright Violation | |
smokeyta1
User ID: 70384790 United States 08/19/2016 07:21 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. You got it wrong OS2/Warp was secure. Linux is the most stable OS smokey |
Anonymous Coward User ID: 72798048 India 08/19/2016 07:25 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] I'm beginning to think that the ultimate answer to avoiding all of this spying bullshit is fpr people to simply discard all personal computers and smart phones, and just use landlines. If you need to use a computer, go to an Internet cafe. If you need to do banking, visit the local branch. A better idea would be to keep two computers , one without internet and one with internet .. no internet no hacking, unless someone is physically going to plant something in your machine !! |
Anonymous Coward User ID: 72798048 India 08/19/2016 07:26 PM Report Abusive Post Report Copyright Violation | |