Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher's Death Hampers TCP Flaw Fix

Posted by timothy on from the sad-news-and-bad-news dept.

linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."

17 of 147 comments (clear)

  1. Accidental Death? by nurb432 · · Score: 3, Funny

    Or was he silenced?

    --
    ---- Booth was a patriot ----
  2. I blame the CSA by Hoi+Polloi · · Score: 4, Funny

    Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee.

    Clearly this was the result of a conspiracy by veterans of the civil war. I hope the other researchers, Grant and Lincoln, hear about this.

    --
    It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
  3. Re:Geez by PotatoFarmer · · Score: 4, Funny

    Win the civil war?

    Sincerely,
    a smug Yankee.

  4. Robert E. Lee by verbalcontract · · Score: 5, Insightful

    Was it necessary to refer to his colleague as Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.

  5. Dang low bus factors! by mrbene · · Score: 5, Interesting

    Less than a week ago is was Rick752. Now this one. Definitely reinforces the importance of collaboration, and the fragile nature of ideas.

  6. Re:Come on... by Sir_Lewk · · Score: 3, Insightful

    Screw off you insensitive clod.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  7. What the fuck by Godji · · Score: 5, Insightful

    So a good scientist dies and all Slashdotters can do is attempt whoring out a +5 Funny with lame jokes?

    My high regard for the Slashdot community is obviously misguided.

    It's a great loss for the research community and my condolences go to his family. And really, that's a nasty way to go... :(

    1. Re:What the fuck by momerath2003 · · Score: 5, Funny

      High regard for the Slashdot community? Wow, dude, you seriously are misguided.

      --
      I had but a simple dream, to destroy all humans.
    2. Re:What the fuck by Tridus · · Score: 3, Insightful

      People react in different ways to news like this. There's nothing wrong with making jokes, especially since a lot of us had no idea who he was.

      200 posts of "my condolonces" doesn't make for interesting reading.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    3. Re:What the fuck by eln · · Score: 4, Funny

      But it worked for Jesus!

      Actually, Jesus came back from the dead for the sole purpose of taking his revenge out on all those lamoids who kept shouting out "Hey Jesus, how's it hangin'?" while he was up there on the cross. He spent most of his time between the resurrection and his final ascension into Heaven giving out wedgies and telling people to "stop hitting themselves".

      Of course, much of that has been lost in the various translations of the Gospels.

    4. Re:What the fuck by maxume · · Score: 5, Insightful

      150,000 strangers died today. Picking 5 of them and feeling bad about it is awful damn close to insanity.

      --
      Nerd rage is the funniest rage.
    5. Re:What the fuck by Anonymous Coward · · Score: 3, Funny

      What, like RST in peace?

  8. But... by Roger+W+Moore · · Score: 5, Funny

    I thought you Americans did win that one?

  9. Here's the guy... by tjstork · · Score: 5, Informative

    Well, everyone's having a good laugh at the expense of the death of this guy. May as well laugh at a picture of him.

    --
    This is my sig.
  10. Naptha all over again by drwho · · Score: 3, Informative

    This problem was demonstrated in 2000, with the NAPTHA software and its demonstration that the problem is not academic. Yes, before NAPTHA, there was some software that could demonstrate the issue but this software had issues itself (written in perl, kept state) which limited its effectiveness. SockStress is just NAPTHA revisited.

    I have a fix for this problem, but there's not enough room in the margin to describe it.

    1. Re:Naptha all over again by drwho · · Score: 3, Interesting

      My fix is on the server side. It does not require changes in the stack code of clients who would connect to it. Reverse-engineering it would gain the attackers nothing. An all-or-nothing fix would not be much of a fix. Neither would one which was successful based upon its obscurity.

      I am not telling you what it is because I am hoping that Microsoft will pay me some money to give them access to it. Apple as well (and Sun if they're still around). Once these are secured, I will open the invention to the FOSOSs. (Free Open Source Operating Systems). Call me greedy if you want, but I am tired of researching security and not getting paid for my hard work. That's why you haven't seen me by this handle or my real name posting security advisories for some time.

  11. Died in a fire by Reason58 · · Score: 3, Funny

    You would think someone like that would have a firewall.