Linux flaw allows hackers to hijack your internet communications - unpatched since 2012! | |
Anonymous Coward User ID: 72784901 United States 08/15/2016 11:44 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s. |
Anonymous Coward (OP) User ID: 72796598 United States 08/15/2016 11:47 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72784901 United States 08/15/2016 11:48 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward (OP) User ID: 72796598 United States 08/15/2016 11:53 PM Report Abusive Post Report Copyright Violation | You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s. Quoting: Anonymous Coward 72784901 You like to lie? I didn't say there was "such a thing as a 100% secure system". I'm just trying to contribute some knowledge and important news to GLP. I think all the intelligent people here understood what I said. |
Anonymous Coward User ID: 72748728 Australia 08/15/2016 11:54 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72784901 United States 08/15/2016 11:57 PM Report Abusive Post Report Copyright Violation | You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s. Quoting: Anonymous Coward 72784901 You like to lie? I didn't say there was "such a thing as a 100% secure system". I'm just trying to contribute some knowledge and important news to GLP. I think all the intelligent people here understood what I said. The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. I've seen it way too many times before. Carry on, then. |
Anonymous Coward (OP) User ID: 72796598 United States 08/16/2016 12:01 AM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. |
Anonymous Coward User ID: 68443749 United States 08/16/2016 12:03 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72797765 United States 08/16/2016 12:04 AM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. source and destination ip would have to be known beforehand its not good, but its not awful. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack. |
Anonymous Coward User ID: 72784901 United States 08/16/2016 12:09 AM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue. |
Anonymous Coward (OP) User ID: 72796598 United States 08/16/2016 12:14 AM Report Abusive Post Report Copyright Violation | Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue. Quoting: Anonymous Coward 72784901 Unintelligent, uninteresting, and irrelevant. |
Anonymous Coward User ID: 72784901 United States 08/16/2016 12:17 AM Report Abusive Post Report Copyright Violation | Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue. Quoting: Anonymous Coward 72784901 Unintelligent, uninteresting, and irrelevant. If you were intelligent, you'd get the humor of this all. Fail level: Extreme. |
Anonymous Coward User ID: 72748728 Australia 08/16/2016 12:22 AM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. Okay dear Windoze user, let's compare. Windows XP, was released on August 24, 2001. Security flaws that affect all versions ox XP were still being found and fixed right up until extended support ended on April 8, 2014. That means certain vulnerabilities were just sitting there for over 12 years!!!!! Of course support for XP has ended, so no more fixes coming down the pipe, but, many of the vulnerabilities found (and fixed) in later windows versions are also present in XP, to be ignored forever by Microsoft. So I guess 4 years for a Linux bug isn't so bad, not to mention that the fix will be back-ported to all affected Linux versions. Enjoy your Windoze, it's good for you! |
Anonymous Coward User ID: 72784901 United States 08/16/2016 12:26 AM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. Okay dear Windoze user, let's compare. Windows XP, was released on August 24, 2001. Security flaws that affect all versions ox XP were still being found and fixed right up until extended support ended on April 8, 2014. That means certain vulnerabilities were just sitting there for over 12 years!!!!! Of course support for XP has ended, so no more fixes coming down the pipe, but, many of the vulnerabilities found (and fixed) in later windows versions are also present in XP, to be ignored forever by Microsoft. So I guess 4 years for a Linux bug isn't so bad, not to mention that the fix will be back-ported to all affected Linux versions. Enjoy your Windoze, it's good for you! Ohhhhhhhhhhhhhh no you didn't! But he did, folks! He did! |
FuegoMagnifico
User ID: 14102964 United States 08/16/2016 12:37 AM Report Abusive Post Report Copyright Violation | Thanks for the post, but I don't think a real computer security expert would claim any OS is "safe". The only safe computer is one with no power cord, no hard drive, and buried in an underground faraday cage. Linux has benefits over closed-source, proprietary OS's like Windows because its source code can be reviewed and inspected by anyone to improve it and find bugs. That makes it somewhat more challenging for someone to deliberately put in back doors like Windows. Also, even if a TCP channel is compromised it's relatively easy in Linux to build a fence around it by running the process as a non-privileged user. Last Edited by FuegoMagnifico on 08/16/2016 12:39 AM |
Anonymous Coward (OP) User ID: 72796598 United States 08/16/2016 10:29 AM Report Abusive Post Report Copyright Violation | Linux has benefits over closed-source, proprietary OS's like Windows because its source code can be reviewed and inspected by anyone to improve it and find bugs. Quoting: FuegoMagnifico I wonder how many people reviewed and inspected the source code, and found this security flaw, and have been exploiting it for four fucking years. Or : the flaw the UCR researchers found might just be an NSA backdoor. |
Sleeping One User ID: 72822843 United States 08/19/2016 01:47 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. source and destination ip would have to be known beforehand its not good, but its not awful. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack. It's ideal if the attacker know the victims he wishes to attack. Say you often use the unprotected Wifi connection in your local library and visit GLP, and your attackers knows you as he is stalking you. What's easier than using this exploit ? |
Anonymous Coward User ID: 46710121 United States 08/19/2016 02:07 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward (OP) User ID: 72796598 United States 08/19/2016 02:30 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72581521 United States 08/19/2016 02:37 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 63912630 United States 08/19/2016 02:44 PM Report Abusive Post Report Copyright Violation | The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. Quoting: Anonymous Coward 72784901 I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012. "Linux is secure" they said. Windows is the least secure OS out there. Instead of Windows they should call it Holes. |
Anonymous Coward User ID: 69440459 United States 08/19/2016 03:05 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 69440459 United States 08/19/2016 03:05 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 46710121 United States 08/19/2016 03:24 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 2649925 United States 08/19/2016 03:25 PM Report Abusive Post Report Copyright Violation | [link to ucrtoday.ucr.edu (secure)] Quoting: Holy cow 72796598 Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely. Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties. Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said! The researchers have a short video demonstrating the attack : [link to www.youtube.com (secure)] Uhm , linux is fully open source, how did someone miss the fucked coding? with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux....... |
Anonymous Coward User ID: 71558537 United States 08/19/2016 03:25 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 72630573 United States 08/19/2016 03:28 PM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 45428830 United States 08/19/2016 03:45 PM Report Abusive Post Report Copyright Violation | |
The Comedian :D
User ID: 35219468 United States 08/19/2016 03:51 PM Report Abusive Post Report Copyright Violation | Dangerous OS Flaws: Linux: 1 OSX: 3 Windows: 567,673 Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits ‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense [link to www.godlikeproductions.com] "Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead. |
The Comedian :D
User ID: 35219468 United States 08/19/2016 03:54 PM Report Abusive Post Report Copyright Violation | Uhm , linux is fully open source, how did someone miss the fucked coding? Quoting: Anonymous Coward 2649925 with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux....... Fair question. The answer is, not many eyes going over the IP V4 stack. It's old, stable as fuck, and not sexy. Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits ‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense [link to www.godlikeproductions.com] "Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead. |