[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

How Elon Musk’s DOGE Will Work

"Republican Caesar" - Legacy Media Meltdown Over Trump's Triumphant UFC Appearance

Fetterman Defends Democrats Counting Invalid Votes In PA Senate Race

Trump's Plans For Russia And The Middle East | Victor Davis Hanson

US soldier who raped and killed girl, 14, says I didnt think of Iraqis as humans

Climate Psychosis DEBUNKED! Antarctica Sea Ice Has Slowly Increased Since 1979

FED pulls half of credit available from BTFP, engineering a potential banking crash

Joe Rogan slams FBI: 12 informants in kidnapping plot, 2 fools manipulated.

Preview of new border security under TRUMP

WHAT did Epstein's biographer just say? "He's not a pedophile, just liked underage prostitutes."

Israeli 'Cardboard Dome' missile malfunctions in Eilat, Israel

Matt Gaetz “I think that the reason we are as involved in Ukraine...."

MINDY ROBINSON TESTIFIES ♕ ON ELECTION FRAUD IN NEVADA BEING IGNORED

Biden awkwardly stands in back of APEC photo with China's Xi Jinping front and center

Declassified docs expose ObamaÂ’s involvement in Russian Collusion hoax conspiracy to sabotage Trump.

5 Alarming Signs the Economy Is Crumbling While Stocks Defy Gravity

While Mexican Leader Was Congratulating Trump,

Pentagon Fails 7th Audit In Row, Aims For Clean Audit In 2028

High Alert! A Trump wave is about to DESTROY the Deep State in DC.

President Trump’s Signature Dance Takes Over the NFL (Video)

FAKE NEWS FAIL: New York Times “Fact Check” of Important RFK, Jr. Claim

Medicare Raided to Fund Green Agenda: Premiums Set to Spike

Visualizing How Trump Realigned The Political Landscape

GOD BLESS THE USA - TRUMP MUSIC VIDEO

10 Things You MISSED About Trump's Assassin

In "Major Policy Shift" Biden Authorizes Ukraine's Use Of US Missiles To Hit Targets Inside Russia

MSG ERUPTS Into USA Chants As Trump PULLS UP With Elon Musk And THE AVENGERS To UFC 309!

Preschool teacher-turned-soldier brings down Russian missile with Igla system

Sunday Morning Futures With Maria Bartiromo 11/17/24 | BREAKING FOX NEWS November 17, 2024

Sadhguru's Message to America After Donald Trump's Election Victory


Science/Tech
See other Science/Tech Articles

Title: Linux vulnerability leaves top sites wide open to attackers
Source: [None]
URL Source: https://www.rt.com/usa/355558-linux-vulnerability-websites-attacks/
Published: Aug 12, 2016
Author: © Beck Diefenbach / Reuters
Post Date: 2016-08-12 02:50:46 by Tatarewicz
Keywords: None
Views: 1404
Comments: 1

RT... A flaw in the Linux operating system lets hackers inject malware into downloads and expose the identities of people using anonymizing software such as Tor – even for those who aren’t using Linux directly.

In a Wednesday presentation at the USENIX Security Symposium in Austin, Texas, researchers with the University of California, Riverside showed that the flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012.

READ MORE: US officials covered up China hack of FDIC computers – House report

The networking blunder is present in the Linux kernel, the core of its operating system, and can be exploited by malicious actors to determine whether two systems are communicating with each other, and even inject malicious data into or break their connection.

At the symposium, the researchers demonstrated the exploit by injecting code into a live USA Today page that asks visitors to enter their emails and passwords, which was possible because pages on USA Today aren’t encrypted.

Perhaps most importantly, the intercepting of data doesn’t require a man-in-the-middle attack, where a connection will covertly intercept, collect and pass forward information between two parties. Instead, attackers can just send packets of data to the two targets with spoofed credentials.

“Through extensive experimentation, we demonstrate that the attack is extremely effective and reliable. Given any two arbitrary hosts, it takes only 10 seconds to successfully infer whether they are communicating,” the team wrote in a white paper. “If there is a connection, subsequently, it takes also only tens of seconds to infer the TCP sequence numbers used on the connection. To demonstrate the impact, we perform case studies on a wide range of applications.”

Linux flaw puts millions of PCs, Android smart devices at riskt.co/AiOHutMjfYpic.twitter.com/8Zv92p9OYD — RT America (@RT_America) January 20, 2016

Because Linux runs in the backend on a majority of servers as well as on Android devices, an enormous number of users might be left vulnerable. Even those using the much-vaunted anonymizing software Tor could have their privacy compromised 90 percent of the time in an average time of about 50 seconds.

"In general, we believe that a [denial-of-service or] DoS attack against Tor connections can have a devastating impact on both the availability of the service as a whole and the privacy guarantees that it can provide," the researchers said.

The team notes that because only version 3.6 or later of the Linux kernel has the flaw, systems running older software are not affected. They distributed a patch to fix the vulnerability, but they note a large number of individuals and networks will still be left exposed to miscreants, since the exploit only requires one unpatched party for the attack to work.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Tatarewicz (#0)

I won't say this makes me feel great about never having switched to Linux, but it makes me feel kinda great about it....... How vicious people are.

This is just a case of human error, right -- they're not saying anybody's sabotaging the program?

_____________________________________________________________

“We build but to tear down. Most of our work and resource is squandered. Our onward march is marked by devastation. Everywhere there is an appalling loss of time, effort and life. A cheerless view, but true.” - Tesla per FP

NeoconsNailed  posted on  2016-08-12   6:25:56 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]