Security Flaw Warning Prompts Fixes
- By theWHIR.com , April 22, 2004
-
Share
|
Send |
Print |
Comments (0)
Reddit
Newsvine
Stumbleupon
Twitter
Facebook
Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.
Netcraft says most TCP sessions are short-lived, so the vulnerability had little impact, though certain critical protocols, such as Border Gateway Protocol (BGP), depend on long-lived sessions. Netcraft said the weakness can be addressed by using MD5 authentication to secure BGP sessions, a step most Internet service providers never take because an exploit seemed mathematically implausible.
Watson's exploit, however, makes the attack of the vulnerability much faster, especially for attackers controlling "bot networks" of compromosed machines.
Watson announced plans on March 14 to present a paper about his findings at the CanSecWest conference, held yesterday. Prior to the presentation, Watson had shared his plans with government security officials in the US and the UK, who organized a response with major vendors such as Savvis. Bill Hancock, chief security officer for Savvis, said in the report that his company implented fixes for the holes last weekend. The fixes were based on the information Watson passed along, Hancock said.
 |
OLDER: Voicenet Servers Seized by Authorities | | | NEWER: Code Targets Windows PCT Vulnerability |  |
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.