Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secret Repairs Preceded TCP Flaw Release

Posted by michael on from the cover-your-assets dept.

efranco cuts and pastes: "Only the math had changed. But the emergence of a workable exploit for an old TCP security hole prompted a secret initiative to fix the Internet, giving network operators a week to secure vulnerable routers. The clandestine repair effort livened an already intense period for security pros already juggling a bevy of Windows security patches." We ran a story on a this a few days ago.

13 of 204 comments (clear)

  1. Cisco Fix by thebra · · Score: 5, Informative

    is here as posted from an article on the register.

    1. Re:Cisco Fix by robslimo · · Score: 5, Interesting

      When the previous /. story was posted about the TCP flaw, I checked out the NANOG mailing list.

      There was plenty of discussion about it, including various vendor issues (Cisco and Juniper) & fixes, as well as some ISPs dragging their feet on implementing MD5 over peer links. I could tell from some of the things mentioned there that they (the network ops) had advance knowledge of the vulnerability.

      Most interesting was this about looking glasses being too free with info that would allow a TCP reset in one try.

  2. Looks like this is the way it's gonna be... by pointbeing · · Score: 5, Insightful
    These days it's risky to release information about a security vulnerability without having a patch in place first. Look at Blaster - I believe that the author *used a security bulletin* to write the worm and then just targeted unpatched machines.

    I think we're gonna see a lot more of this. If you release information before you fix it these days you're just inviting people to test your shiny new vulnerability ;-)

    --
    we see things not as as they are, but as we are.
    -- anais nin
    1. Re:Looks like this is the way it's gonna be... by WwWonka · · Score: 5, Insightful

      I think the scary thing is the average shrinking time period between published vulnerability and working published exploit/worm.

      In the past it was well over thirty days, but recently that has dramatically decreased to less than that. With Microsoft's new policy of new patches every thirty days (if there is a need for them) it more than widens that window of oppurtunity for mass system compromising prior to a patch.

    2. Re:Looks like this is the way it's gonna be... by Anonymous Coward · · Score: 5, Insightful

      Yes, "script kiddies" and amateur hackers will definitely continue exploiting already-widely-known vulnerabilities, and automated worm tools will make it easier for them to do it quickly.

      However, moderately talented hackers will still be able to find and exploit vulnerabilities before they are widely known (i.e. when they are known only to a handful of hackers and possibly the software vendor, but no public disclosure has been made). This latter group makes fewer headlines but is far more dangerous.

      Already, the industry is making noises that details about the nature of the exploit should not be made available--that the vendor should just release a patch and announce to their customers "Install this. We can't tell you why." As a customer, you don't know what component you're touching, you don't know what's changing, and you don't know how to test to see if the bug was actually fixed. Blindly installing unlabelled patches is the end result of this "disclosure creates exploits" discussion.

      Disclosure does not create exploits, however. Disclosure increases the ability of amateurs to add their exploits to the pile of existing exploits. Pros, generally speaking, don't write worms that hit the whole internet. Pros break into single systems and steal data. They don't make the news, but the damage they do is much worse.

      Don't buy the Microsoft-Symantec party line. Full disclosure helps more people than it hurts. The day you become vulnerable is the day you start using software with bugs, not they day the vendor is finally convinced to make a vulnerability announcement.

  3. The Internet's broken? by Anonymous Coward · · Score: 5, Funny

    When will I be able to download a fixed version?

  4. Secret repairs! by Anonymous Coward · · Score: 5, Funny

    The best kind!

    "What are you doing?"

    "Can't tell you."

    "When will you be done?"

    "Can't say."

    "Is there anything you can tell me?"

    "This will save your life."

    "Really?"

    "No."

  5. Paradox by Prince+Vegeta+SSJ4 · · Score: 5, Funny
    The TCP issue publicized yesterday was publicly known as early as 1998

    Yesterday was 1998? Whew, I thought it was 2004 and 6 years of my life were wasted

  6. Net threat overstated, says Paul Watson by Bimo_Dude · · Score: 5, Informative
    according to this article on C|net.

    From the article:
    "The actual threat to the Internet is really small right now," Watson said on Wednesday. "You could have isolated attacks against small networks, but they would most likely be able to recover quickly."

    --
    "Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
  7. this is not uncommon by quelrods · · Score: 5, Informative

    Usually people take it upon themselves to notify vendors of bugs and give them time to work on patches or workarounds before releasing the information. For anyone that reads full disclosure lists such as bugtraq this is very commoon. Also, when the bug affects key internet infrastructure, the admins of big isps/colos/routers are informed and given time to patch. This is good for the internet and good for vulnerability researches instead of looking like malicious people who just want to destroy the internet.

    --
    :(){ :|:&};:
  8. Re:IPv6 by Anonymous Coward · · Score: 5, Informative

    IPv6 is a layer below, thats why its called TCP/IP. IPv6 is only an addressing scheme for bit packing, and how many bits in a reference. Tcp is above it, they are independent of each other. For more information google "OSI Network Layer Model".

  9. Re:RedHat or Linux Kernel Fix? by stratjakt · · Score: 5, Informative

    The problem affects mainly huge peering sessions between big routers, the kind that last for days. You can essentially trick the routers into dropping the peering sessions, leading to route flapping and other hassles.

    Big backbone providers don't generally use home-grown linux routers.

    It has no real bearing on some home/office router running linux made out of an old 486.

    --
    I don't need no instructions to know how to rock!!!!
  10. Re:Security through Obscurity proves itself again by aug24 · · Score: 5, Informative

    Rot. Non-full-disclosure has generally meant that we didn't have any progress at all cos the vendors typically wouldn't do jack till they had to.

    For instance, there was a mail on BugTraq not too long ago about a bug that the finder chased with whichever company it was for about six weeks. No reply. No acknowledgement, no fix. He gave up and went open - they fixed it in a week.

    Now, how many other people had found that bug and were trying to make an exploit out of it? What if he had kepy schtum and the black-hats had got in?

    That's what full-disclosure is for, to force vendors to fix stuff they could otherwise ignore.

    Justin.

    --
    You're only jealous cos the little penguins are talking to me.