
Researcher to tell how to hack tomorrow
By Ron Coates
Published: 21 April 2004 10:15 GMT
The UK's web security watchdog has issued a warning on a critical web vulnerability just as a US researcher is poised to tell how to hack into it.
US researcher Paul Watson, who discovered the flaw in TCP (transmission control protocol) late last year, is to reveal all tomorrow (Thursday) to an internet security conference in Vancouver.
The technique will allow hackers to knock unprotected computers offline and to broadly disrupt routers and net traffic. The UK National Infrastructure Security Coordination Centre (niscc) issued an advisory on the vulnerability on Tuesday.
It said: "The impact of this vulnerability could allow an attacker to create a Denial of Service condition against existing TCP connections." It added: "The impact of this vulnerability varies by vendor and application, but in some deployment scenarios it is rated critical."
Watson discovered a technique to reliably shut routers down by resetting them remotely. The odds against being able to crack the inter-router codes, basically cracking a rotating number from four billion combinations, were previously estimated as being very high – and would take between four and 142 years to execute.
Watson's technique takes four tries and a couple of seconds. He will reveal this tomorrow in a presentation entitled 'Slipping in the Window: TCP Reset Attacks' at the cansecwest conference which starts today in Vancouver.
The UK warning says that the BGP (boarder gateway protocol) is potentially the most seriously affected by this style of attack and that there is a potential impact on the DNS (domain name system) and SSL (secure socket layer).
Niscc advises users to consult their vendors for patches and solutions to the threat. It has a list of vendors and solutions on its website under advisory 236929.
Releasing the way to perform this hack is totally ...
Adrian Jones
People need to know how it's done so they can prot...
Craig
A few links to other articles about this, lists of...
Simon West
Good job it's the weekend soon, with the web paral...
Karen Challinor
I totally agree,
completely stupid.
Mark Leman
Remotely test data circuits, troubleshoot router problems, and work with third party vendors. Key words: NOC, Engineer, Helpdesk, CCNA, Network ...
Routers and protocol. Security Engineer - London, City - Cisco/Checkpoint/Watchguard/CISSP - 40k-50k We are urgently looking for a network (wired and ...
The team is responsible for the ongoing development of McAfee leading edge Gateway security product which is used throughout the world. These ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Natasha Lomas Exclusive: Jimmy Wales on what's next for Wikipedia Why Wikipedia needs geeks and why a life unplugged is unthinkable
Peter Cochrane Peter Cochrane's Blog: United breaks guitars? Customer service has changed forever