Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Death Hampers TCP Flaw Fix

Posted by timothy on from the sad-news-and-bad-news dept.

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."

2 of 147 comments (clear)

  1. Dang low bus factors! by mrbene · · Score: 5, Interesting

    Less than a week ago is was Rick752. Now this one. Definitely reinforces the importance of collaboration, and the fragile nature of ideas.

  2. Re:Naptha all over again by drwho · · Score: 3, Interesting

    My fix is on the server side. It does not require changes in the stack code of clients who would connect to it. Reverse-engineering it would gain the attackers nothing. An all-or-nothing fix would not be much of a fix. Neither would one which was successful based upon its obscurity.

    I am not telling you what it is because I am hoping that Microsoft will pay me some money to give them access to it. Apple as well (and Sun if they're still around). Once these are secured, I will open the invention to the FOSOSs. (Free Open Source Operating Systems). Call me greedy if you want, but I am tired of researching security and not getting paid for my hard work. That's why you haven't seen me by this handle or my real name posting security advisories for some time.