Find UFOs, The Apocalypse, New World Order, Political Analysis,
Alternative Health, Armageddon, Conspiracies, Prophecies,
Spirituality, Home Schooling, Home Mortgages and more, in:
Rumor Mill News Reading Room, Current Archive
Linux vulnerability leaves top sites wide open to attackers [VIDEO]
Linux vulnerability leaves top sites wide open to attackers RT | Aug 11, 2016
http://on.rt.com/7mcm
[snip]
A flaw in the Linux operating system lets hackers inject malware into downloads and expose the identities of people using anonymizing software such as Tor – even for those who aren’t using Linux directly.
In a Wednesday presentation at the USENIX Security Symposium in Austin, Texas, researchers with the University of California, Riverside showed that the flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012.
The networking blunder is present in the Linux kernel, the core of its operating system, and can be exploited by malicious actors to determine whether two systems are communicating with each other, and even inject malicious data into or break their connection.
At the symposium, the researchers demonstrated the exploit by injecting code into a live USA Today page that asks visitors to enter their emails and passwords, which was possible because pages on USA Today aren’t encrypted.
Perhaps most importantly, the intercepting of data doesn’t require a man-in-the-middle attack, where a connection will covertly intercept, collect and pass forward information between two parties. Instead, attackers can just send packets of data to the two targets with spoofed credentials.
Pure Off-path TCP attack demo by using a side channel in Recent Linux Kernel