You are here: silicon.com > Networks > WebWatch

WebWatch

UK government warns on critical web vulnerability

Researcher to tell how to hack tomorrow

By Ron Coates

Published: 21 April 2004 10:15 BST

The UK's web security watchdog has issued a warning on a critical web vulnerability just as a US researcher is poised to tell how to hack into it.

US researcher Paul Watson, who discovered the flaw in TCP (transmission control protocol) late last year, is to reveal all tomorrow (Thursday) to an internet security conference in Vancouver.

The technique will allow hackers to knock unprotected computers offline and to broadly disrupt routers and net traffic. The UK National Infrastructure Security Coordination Centre (niscc) issued an advisory on the vulnerability on Tuesday.

It said: "The impact of this vulnerability could allow an attacker to create a Denial of Service condition against existing TCP connections." It added: "The impact of this vulnerability varies by vendor and application, but in some deployment scenarios it is rated critical."

Watson discovered a technique to reliably shut routers down by resetting them remotely. The odds against being able to crack the inter-router codes, basically cracking a rotating number from four billion combinations, were previously estimated as being very high – and would take between four and 142 years to execute.

Watson's technique takes four tries and a couple of seconds. He will reveal this tomorrow in a presentation entitled 'Slipping in the Window: TCP Reset Attacks' at the cansecwest conference which starts today in Vancouver.

The UK warning says that the BGP (boarder gateway protocol) is potentially the most seriously affected by this style of attack and that there is a potential impact on the DNS (domain name system) and SSL (secure socket layer).

Niscc advises users to consult their vendors for patches and solutions to the threat. It has a list of vendors and solutions on its website under advisory 236929.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure
Read and write about internet access at the airports of the world at atlarge.com. Be the first to rate an airport, win champagne...


  • Jobs
Technical Author

Qualifications: Essential Skills: * Coordination and planning skills; * Technical authoring skills; * Experience with large cross ...

Systems Engineer - Dorset

General experience of windows networking and IT systems TCP/IP and good working knowledge of routers, firewalls, VPN, LAN, WAN & Wifi. Huxley ...

Senior Network Engineer Warrington 30k

Skills required include: - Demonstrated experience with TCP/IP, DHCP, WINS, DNS protocols - Strong commercial experience supporting PCs and MS ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.





Quick Sitemap Links: