Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Death Hampers TCP Flaw Fix

Posted by timothy on from the sad-news-and-bad-news dept.

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."

11 of 147 comments (clear)

  1. Robert E. Lee by verbalcontract · · Score: 5, Insightful

    Was it necessary to refer to his colleague as Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.

  2. Re:Come on... by Sir_Lewk · · Score: 3, Insightful

    Screw off you insensitive clod.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  3. What the fuck by Godji · · Score: 5, Insightful

    So a good scientist dies and all Slashdotters can do is attempt whoring out a +5 Funny with lame jokes?

    My high regard for the Slashdot community is obviously misguided.

    It's a great loss for the research community and my condolences go to his family. And really, that's a nasty way to go... :(

    1. Re:What the fuck by Tridus · · Score: 3, Insightful

      People react in different ways to news like this. There's nothing wrong with making jokes, especially since a lot of us had no idea who he was.

      200 posts of "my condolonces" doesn't make for interesting reading.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    2. Re:What the fuck by ivoras · · Score: 2, Insightful

      If statistic's having anything to say, he would probably, as a geek, rather be remembered for the "Great Ides Of March Slashdot Postfest" than for a bunch of eulogies and condolences from unknown people.

      --
      -- Sig down
    3. Re:What the fuck by maxume · · Score: 5, Insightful

      150,000 strangers died today. Picking 5 of them and feeling bad about it is awful damn close to insanity.

      --
      Nerd rage is the funniest rage.
    4. Re:What the fuck by summner · · Score: 2, Insightful

      I believe something has happened to the slashdot community in recent times. It seems as if it became polluted or diluted, with people thinking of themselves as geeks or nerds or whatever, but being neither.
      I see history repeat it self as it happened with Digg, the only difference - Digg started from level which slashdot is currently at.
      I think it might be a good time for me too look for new web 2.0 news source which has for instance some kind of IQ level discrimination. Or drop this unproductive habit of mine whatsoever.
      PS I hardly ever LoL'ed at any +5 Funny post here.
      PS/2 I really just don't get the culture of lol, a fucking smirk is not laughing out loud goddammit.

      A man has died, and you fucking joke about it because he had a friend named Robert E Lee. Well if it wasn't for your stupid American movies I wouldn't even have any idea who Lee was.

  4. woooooooooosh! by RiotingPacifist · · Score: 2, Insightful

    n/t

    --
    IranAir Flight 655 never forget!
  5. Re:It's a shame. by Dreadneck · · Score: 2, Insightful

    I would imagine any death where you're aware that you're dying (i.e. not dying in your sleep or getting shot in the back of the head) is horrible.

    Honestly, what would you prefer? Being eaten alive? Drowning? Cancer? Airplane crash? Being hit by a car? Being stabbed? etc.

    Death sucks regardless of the circumstance, imho.

    --
    Power does not corrupt - power attracts the corrupt.
  6. Re:But... by Anonymous Coward · · Score: 1, Insightful

    ... such as the right to own slaves.

  7. Re:Naptha all over again by drwho · · Score: 2, Insightful

    Source address level filtering does provide some level of protection against a SYN flood. The problem is, it is not universally implemented. Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix. Neither is the recommendations which came out back in 2000, which was to increase the resource limits that the operating system imposed upon the IP stack. I could go on and on, on how each measure so far implemented has just raised the bar against these type of attacks, but hasn't really done much to prevent them. Yes, you might not be able to knock over a stock OpenBSD install with 1023 packets any more, but the problem persists.