Godlike Productions - Discussion Forum
Users Online Now: 1,576 (Who's On?)Visitors Today: 293,623
Pageviews Today: 478,415Threads Today: 158Posts Today: 2,728
06:51 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!

 
Holy cow
User ID: 72796598
United States
08/15/2016 11:17 PM
Report Abusive Post
Report Copyright Violation
Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
[link to ucrtoday.ucr.edu (secure)]

Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.



Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said!

The researchers have a short video demonstrating the attack :



[link to www.youtube.com (secure)]
Anonymous Coward
User ID: 72784901
United States
08/15/2016 11:44 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
[link to ucrtoday.ucr.edu (secure)]

Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.



Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said!

The researchers have a short video demonstrating the attack :



[link to www.youtube.com (secure)]
 Quoting: Holy cow 72796598


You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s.
Anonymous Coward (OP)
User ID: 72796598
United States
08/15/2016 11:47 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s.
 Quoting: Anonymous Coward 72784901

You like to lie?
Anonymous Coward
User ID: 72784901
United States
08/15/2016 11:48 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s.
 Quoting: Anonymous Coward 72784901

You like to lie?
 Quoting: Anonymous Coward 72796598


trans_sign
Anonymous Coward (OP)
User ID: 72796598
United States
08/15/2016 11:53 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s.
 Quoting: Anonymous Coward 72784901

You like to lie?
 Quoting: Anonymous Coward 72796598

trans_sign
 Quoting: Anonymous Coward 72784901

I didn't say there was "such a thing as a 100% secure system". I'm just trying to contribute some knowledge and important news to GLP.

I think all the intelligent people here understood what I said.
Anonymous Coward
User ID: 72748728
Australia
08/15/2016 11:54 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Android users will be the hardest hit by this, no updates for older phones. In the bin they go.

Desktop linux systems will just update to the latest kernel.
Anonymous Coward
User ID: 72784901
United States
08/15/2016 11:57 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
You think there's such a thing as a 100% secure system? You must have the naivete of an OpenBSD worshiper stuck in the 90s.
 Quoting: Anonymous Coward 72784901

You like to lie?
 Quoting: Anonymous Coward 72796598

trans_sign
 Quoting: Anonymous Coward 72784901

I didn't say there was "such a thing as a 100% secure system". I'm just trying to contribute some knowledge and important news to GLP.

I think all the intelligent people here understood what I said.
 Quoting: Anonymous Coward 72796598


The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability. I've seen it way too many times before.

Carry on, then.
Anonymous Coward (OP)
User ID: 72796598
United States
08/16/2016 12:01 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
Anonymous Coward
User ID: 68443749
United States
08/16/2016 12:03 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Horsehit - it is open source and is modified daily. Bill - is this you?
Anonymous Coward
User ID: 72797765
United States
08/16/2016 12:04 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


source and destination ip would have to be known beforehand
its not good, but its not awful.

The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.
Anonymous Coward
User ID: 72784901
United States
08/16/2016 12:09 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue.
Anonymous Coward (OP)
User ID: 72796598
United States
08/16/2016 12:14 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue.
 Quoting: Anonymous Coward 72784901

Unintelligent, uninteresting, and irrelevant.
Anonymous Coward
User ID: 72784901
United States
08/16/2016 12:17 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Let me guess. You're the guy who used to put a Java applet on every web page he owned back in the 90s to make it look like it was snowing because it was oh so cool, and you couldn't figure out why your awesome IE 3 kept dying because old Billy boy and his gang sold you on the security and awesome sauce your Win 95 box was supposedly covered in. Right? Am I right? I am. I know. Get a fucking clue.
 Quoting: Anonymous Coward 72784901

Unintelligent, uninteresting, and irrelevant.
 Quoting: Anonymous Coward 72796598


If you were intelligent, you'd get the humor of this all. Fail level: Extreme.
Anonymous Coward
User ID: 72748728
Australia
08/16/2016 12:22 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


Okay dear Windoze user, let's compare.

Windows XP, was released on August 24, 2001. Security flaws that affect all versions ox XP were still being found and fixed right up until extended support ended on April 8, 2014.
That means certain vulnerabilities were just sitting there for over 12 years!!!!!

Of course support for XP has ended, so no more fixes coming down the pipe, but, many of the vulnerabilities found (and fixed) in later windows versions are also present in XP, to be ignored forever by Microsoft.

So I guess 4 years for a Linux bug isn't so bad, not to mention that the fix will be back-ported to all affected Linux versions.

Enjoy your Windoze, it's good for you!
Anonymous Coward
User ID: 72784901
United States
08/16/2016 12:26 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


Okay dear Windoze user, let's compare.

Windows XP, was released on August 24, 2001. Security flaws that affect all versions ox XP were still being found and fixed right up until extended support ended on April 8, 2014.
That means certain vulnerabilities were just sitting there for over 12 years!!!!!

Of course support for XP has ended, so no more fixes coming down the pipe, but, many of the vulnerabilities found (and fixed) in later windows versions are also present in XP, to be ignored forever by Microsoft.

So I guess 4 years for a Linux bug isn't so bad, not to mention that the fix will be back-ported to all affected Linux versions.

Enjoy your Windoze, it's good for you!
 Quoting: Anonymous Coward 72748728


Ohhhhhhhhhhhhhh no you didn't! But he did, folks! He did!

cruise
FuegoMagnifico

User ID: 14102964
United States
08/16/2016 12:37 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Linux is safe, don't worry about security, they said!
 Quoting: Holy cow 72796598


Thanks for the post, but I don't think a real computer security expert would claim any OS is "safe". The only safe computer is one with no power cord, no hard drive, and buried in an underground faraday cage. Linux has benefits over closed-source, proprietary OS's like Windows because its source code can be reviewed and inspected by anyone to improve it and find bugs. That makes it somewhat more challenging for someone to deliberately put in back doors like Windows. Also, even if a TCP channel is compromised it's relatively easy in Linux to build a fence around it by running the process as a non-privileged user.

Last Edited by FuegoMagnifico on 08/16/2016 12:39 AM
Anonymous Coward (OP)
User ID: 72796598
United States
08/16/2016 10:29 AM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Linux has benefits over closed-source, proprietary OS's like Windows because its source code can be reviewed and inspected by anyone to improve it and find bugs.
 Quoting: FuegoMagnifico

I wonder how many people reviewed and inspected the source code, and found this security flaw, and have been exploiting it for four fucking years.

Or : the flaw the UCR researchers found might just be an NSA backdoor.
Sleeping One
User ID: 72822843
United States
08/19/2016 01:47 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


source and destination ip would have to be known beforehand
its not good, but its not awful.

The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.
 Quoting: Anonymous Coward 72797765

It's ideal if the attacker know the victims he wishes to attack.

Say you often use the unprotected Wifi connection in your local library and visit GLP, and your attackers knows you as he is stalking you.

What's easier than using this exploit ?
Anonymous Coward
User ID: 46710121
United States
08/19/2016 02:07 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The exploit takes about 10 seconds to fix with builtin tools.
Anonymous Coward (OP)
User ID: 72796598
United States
08/19/2016 02:30 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The exploit takes about 10 seconds to fix with builtin tools.
 Quoting: Anonymous Coward 46710121

If you know about it.
Anonymous Coward
User ID: 72581521
United States
08/19/2016 02:37 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Linux?!?!

xxxcite
Anonymous Coward
User ID: 63912630
United States
08/19/2016 02:44 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The part I put in bold previously made you sound like a Windows user trying to bash (no pun intended) Linux because of a vulnerability.
 Quoting: Anonymous Coward 72784901

I am a Windows user and I am bashing Linux because it's laughable that this vulnerability has been unpatched since 2012.

"Linux is secure" they said.
 Quoting: Anonymous Coward 72796598


Windows is the least secure OS out there.

Instead of Windows they should call it Holes.
Anonymous Coward
User ID: 69440459
United States
08/19/2016 03:05 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
How do you fix it?
Anonymous Coward
User ID: 69440459
United States
08/19/2016 03:05 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The exploit takes about 10 seconds to fix with builtin tools.
 Quoting: Anonymous Coward 46710121


Explain how to fix?
Anonymous Coward
User ID: 46710121
United States
08/19/2016 03:24 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
The exploit takes about 10 seconds to fix with builtin tools.
 Quoting: Anonymous Coward 46710121


Explain how to fix?
 Quoting: Anonymous Coward 69440459


No.
Anonymous Coward
User ID: 2649925
United States
08/19/2016 03:25 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
[link to ucrtoday.ucr.edu (secure)]

Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

The UCR researchers ... identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.



Affects Android too! Unpatched since 2012! Linux is safe, don't worry about security, they said!

The researchers have a short video demonstrating the attack :



[link to www.youtube.com (secure)]
 Quoting: Holy cow 72796598

Uhm , linux is fully open source, how did someone miss the fucked coding?

with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux.......
Anonymous Coward
User ID: 71558537
United States
08/19/2016 03:25 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
How do you fix it?
 Quoting: Anonymous Coward 69440459


edit /etc/syscrl.conf

insert a line net.ipv4.tcp_challenge_ack_limit = 999999999

save it

run sudo sysctl-p

to update the configuration.

see not the end of the world and you dont't have to wait for a patch.

but dunno about android phones.
Anonymous Coward
User ID: 72630573
United States
08/19/2016 03:28 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
And how many people got hacked ?
None

Gtfo
goaway
Anonymous Coward
User ID: 45428830
United States
08/19/2016 03:45 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Least they found it. Im sure the nix mega nerds are sxrambling as we speak to close that up
The Comedian :D

User ID: 35219468
United States
08/19/2016 03:51 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Dangerous OS Flaws:

Linux: 1
OSX: 3
Windows: 567,673
Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits

‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense

[link to www.godlikeproductions.com]

"Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole

Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead.
The Comedian :D

User ID: 35219468
United States
08/19/2016 03:54 PM
Report Abusive Post
Report Copyright Violation
Re: Linux flaw allows hackers to hijack your internet communications - unpatched since 2012!
Uhm , linux is fully open source, how did someone miss the fucked coding?

with all the programmers working on the kernel and different distros, i find this fucking unreal, just when you think your safe using linux.......
 Quoting: Anonymous Coward 2649925


Fair question.
The answer is, not many eyes going over the IP V4 stack. It's old, stable as fuck, and not sexy.
Saint Comedian, Patron Saint of Bringing the Butthurt to Dipshits

‘There are some assholes in the world that just need to be shot.’ - General Mattis, USMC, Secretary of Defense

[link to www.godlikeproductions.com]

"Subterfuge and social pressure are the wheel and fire of the 21st century" - Some asshole

Legal Disclaimer: All comments are intended as humor and/or fiction and not advice, and not to be confused with any event or person, living or dead.





GLP