A flaw in the Linux operating system lets hackers inject malware into downloads and expose the identities of people using anonymizing software such as Tor – even for those who aren’t using Linux directly.
In a Wednesday presentation at the USENIX Security Symposium in Austin, Texas, researchers with the University of
The networking blunder is present in the Linux kernel, the core of its operating system, and can be exploited by malicious actors to determine whether two systems are communicating with each other, and even inject malicious data into or break their connection.
“Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating,” the team wrote in a white paper. “If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.”
>in the Linux operating system >in the Linux operating system >in the Linux operating system >in the Linux operating system >in the Linux operating system
I digged into it, and it seems like this is a legitimate bug with the TCP protocol itself. Since Linux is the only OS in existence that implements this part of the RFC correctly, it's the only one that's affected.
(All other operating systems “get it wrong”, and therefore aren't affected because the exploit relies on specifics of the TCP challenge ACK feature)
Ian Hughes
Only one side of the connection needs to be running a vulnerable kernel, and your connected to a linux server.....
Michael Evans
Correct: this is actually a bug in the RFC.
We're probably going to have to do an errata.
Alexander Thomas
The University of the Networking Blunder. >breaks into UNB fight song.
Levi Allen
This attack right here is a perfect example of why you need authenticated encryption.
HTTPS defeats it
Levi Reyes
It defeats code injection, but I believe this attack will still work for denial of service, even with HTTPS.
Cooper Gonzalez
And so it will be patched. Guess what, there isn't a legion of people exposing windows loopholes to the public, they just keep the exploits to themselves for profit.
Carson Martinez
needs a WASTED-treatment.
Evan Foster
I told you my Windooze is superior. You didn't listen Sup Forums
Grayson Perry
from forums.theregister.co.uk/forum/containing/2941930 >In effect, this isn't a new attack, it's just a way of disabling the mitigation for a very old attack - which as far as I can tell is a CVE from 2004. While I can see that a determined and well informed attacker could use the old attack against some types of traffic, in the general case I can't see it being that much use. You need to know that two IP addresses are communicating, and what ports they are using, and the sequence numbers they are using - AND exactly when they are doing it. Armed with all that knowledge, you can then inject packets - but if the traffic being passed is in any way checked (either explicitly or as a side effect of encryption such as SSL) then there's not much you can do other than terminate the connection. >So I think you can forget about attacks such as "changing the contents of an email or web page" simply because the requirements in terms of knowing exactly who is talking to who, using what ports, and when, are such as to make it impractical without the sort of access to information that would in reality make other ways of doing the same thing far more useful ! >SSH sessions ? Tend to be quite long lived - but all you could do is terminate the session. >Torrent downloads ? Don't the clients checksum all the pieces anyway ? tl;dr practically irrelevant
Kayden Miller
>Correct: this is actually a bug in the RFC.
I swear the IETF is so fucking incompetent at protocol design. It's an embarrassment that every single thing they come out with has fundamental design flaws in security and/or performance.
> IPv6 routing extension header, I'm looking right at you
Jeremiah Gonzalez
Can someone please explain like I'm 5, how upping the ack_challenge_limit from 100 to 99999 mititgate the attack? It sounds cpounterintuitive.
Justin Ortiz
The global ACK rate limiting is what leaks information about your connections.
Remove the rate limit and you can no longer leak information.
Hunter Moore
>not having https everywhere enabled You pathetic cucks deserve it tbqh.
Benjamin Adams
I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX. Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.
Eli Scott
> an errata > an > errata > an > > singular > > > errata > > > > > plural
jesus fucking shitnigger do you even latin
Ethan Bell
downloading windows as we speak
Anthony Sanchez
CIA NIGGERS ON SUICIDE WATCH
Julian Harris
it's an information leak based off a 3rd party attempting to trip limits with forged packet injection.
if it's a non-encrypted (SSL/TLS/etc) connection, it ultimately allows a man-in-the-middle from basically anywhere without needing to suborn routers in the path.
Isaiah Allen
you're right Terry, CIA niggers should've stuck to sabotaging implementations and not protocol designs.
Nolan Young
Terry is right though. We wouldn't have to worry about updating our computers if we stop connecting them to the internet.
Levi Jackson
A million internets to you based user.
Wyatt Parker
>terry.jpg What did he mean by this?
Jonathan Watson
In case anyone else is still lurking, those kernels that don't have the sysctl.conf option for ipv4.tcp_challenge_limit, are they vulnerable?
Kayden Scott
woosh
Gavin Gonzalez
No. It's only linux 3.6 and newer, which implements this feature.
Josiah Perry
OK thx.
Caleb Long
At least linux does not handle scrollbars in the kernel :^)
Ayden Russell
This is a bug caused by the standard itself, not the implementation of it.
Carter Wilson
>>RT
fuck off
Jack Hernandez
does linus even write linux code anymore?
Jaxson Clark
What's so bad about that? UI elements should be part of the operating system API, otherwise you're going to needlessly duplicate those features in every executable that uses them.
