Security Alerts & News
by Tymoteusz A. Góral

History
#1285 Serious TCP bug in Linux systems allows traffic hijacking
A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 (version 3.6 of the Linux kernel) can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic.

Researchers from the University of California, Riverside and the U.S. Army Research Laboratory are expected today at the USENIX Security Symposium deliver their paper, “Off-Path TCP Exploits: Global Rate Limit Considered Dangerous,” that explains the vulnerability and recommendations on how to mitigate it.

Patches for the vulnerability have been developed for the current Linux kernel, said Zhiyun Qian, an assistant computer science professor at the university and project advisor. Qian and fellow authors Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel also developed a patch for client and server hosts that raises the challenge ACK limit to large values, making it difficult to exploit.
Read more
#1286 Researchers crack Microsoft feature, say encryption backdoors similarly crackable
#1285 Serious TCP bug in Linux systems allows traffic hijacking
#1284 Windows 10 attack surface grows with Linux support in anniversary update
#1283 Dota 2 forum breach leaks 2 million user accounts
#1282 Microsoft Patch Tuesday – August 2016
#1281 Windows PDF library flaw puts Edge users at risk for RCE
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12