Two researches (supposedly) discovered a new weakness in the TCP implementation that allows even with a relatively small up-link to run DoS attacks with high bandwidth web servers (e.g. Google, Ebay, etc.). So far no independent verification has been done but it would not surprise me if this is just another major flaw that we have to deal with.
Read Robert Graham's blog post: http://erratasec.blogspot.com/2008/10/tcp-dos-probably-real.html
1SSA - Security consulting, training and products: http://www.1ssa.net
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Blog Archive
-
▼
2008
(53)
-
▼
October
(19)
- US passport cards insecure
- Google Ads used to infect users with malware
- Europe standardizing on privacy
- Fake MS email with PGP signature
- Creditcard readers manipulated to send data to Pak...
- Deutsche Telekom (again) - This time 30 million cu...
- Major data security breach is still causing Deutsc...
- The dilemma with email spam
- Clickjacking - Serious security problems
- VMware patches 64 Bit emulator bug
- Study shows that hotel networks are lacking security
- Stolen republican party laptop had no security saf...
- Was Forever 21 wrongly certified PCI compliant?
- Researcher finds server with stolen FTP credentials
- Data Breaches Expose About 30M Records in '08
- Nevada mandates encrypted personal data communication
- Hackers penetrate South Korean missile manufacturer
- TCP weakness could potential result in new DoS att...
- Phorm becomes Webwise
-
▼
October
(19)
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.