[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
|
Science/Tech See other Science/Tech Articles Title: Linux vulnerability leaves top sites wide open to attackers RT... A flaw in the Linux operating system lets hackers inject malware into downloads and expose the identities of people using anonymizing software such as Tor – even for those who aren’t using Linux directly. In a Wednesday presentation at the USENIX Security Symposium in Austin, Texas, researchers with the University of California, Riverside showed that the flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. READ MORE: US officials covered up China hack of FDIC computers – House report The networking blunder is present in the Linux kernel, the core of its operating system, and can be exploited by malicious actors to determine whether two systems are communicating with each other, and even inject malicious data into or break their connection. At the symposium, the researchers demonstrated the exploit by injecting code into a live USA Today page that asks visitors to enter their emails and passwords, which was possible because pages on USA Today aren’t encrypted. Perhaps most importantly, the intercepting of data doesn’t require a man-in-the-middle attack, where a connection will covertly intercept, collect and pass forward information between two parties. Instead, attackers can just send packets of data to the two targets with spoofed credentials. “Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating,” the team wrote in a white paper. “If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.” Linux flaw puts millions of PCs, Android smart devices at riskt.co/AiOHutMjfYpic.twitter.com/8Zv92p9OYD — RT America (@RT_America) January 20, 2016 Because Linux runs in the backend on a majority of servers as well as on Android devices, an enormous number of users might be left vulnerable. Even those using the much-vaunted anonymizing software Tor could have their privacy compromised 90 percent of the time in an average time of about 50 seconds. "In general, we believe that a [denial-of-service or] DoS attack against Tor connections can have a devastating impact on both the availability of the service as a whole and the privacy guarantees that it can provide," the researchers said. The team notes that because only version 3.6 or later of the Linux kernel has the flaw, systems running older software are not affected. They distributed a patch to fix the vulnerability, but they note a large number of individuals and networks will still be left exposed to miscreants, since the exploit only requires one unpatched party for the attack to work. Post Comment Private Reply Ignore Thread Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: Tatarewicz (#0)
I won't say this makes me feel great about never having switched to Linux, but it makes me feel kinda great about it....... How vicious people are. This is just a case of human error, right -- they're not saying anybody's sabotaging the program? _____________________________________________________________ “We build but to tear down. Most of our work and resource is squandered. Our onward march is marked by devastation. Everywhere there is an appalling loss of time, effort and life. A cheerless view, but true.” - Tesla per FP
|
||
|
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|
||