I just added the above line to/etc/rc.d/rc.local, but I really don't know if that leaves a window of time during boot where the vulnerability can be exploited.
Any GNU/Linux expert who can inform us how to correctly patch our systems (until the official patch is released, of course)?
The technique was created by Daniel J. Bernstein and Eric Schenk in September 1996. The first implementation for SunOS was released by Jeff Weisberg a month later, and Eric Schenk released his Linux implementation in February 1997 (the current implementation uses e.g. net.ipv4.tcp_syncookies).
syncookies can be disabled on a running system by executing the command:
echo 0 >/proc/sys/net/ipv4/tcp_syncookies
(To the editors: Mind adding the above line to the summary? Thanks!)
Patch your systems. NOW! (note that this makes them vulnerable to syn flood attacks, but at least those won't leave your system unusable until reboot!)
Many TCP servers use a technique known as a SYN cookie in order to prevent attackers using spoofed IP addresses from launching SYN flood denial-of-service attacks against them. The cookie is essentially a chosen TCP initial sequence number that is calculated using some specific hashed metadata that reflects the details of the specific TCP connection. Once the client returns a correct packet to the server, the server knows that the client isn't using a forged IP address.
Sockstress computes and stores so-called client-side SYN cookies and enables Lee and Louis to specify a destination port and IP address. The method allows them to complete the TCP handshake without having to store any values, which takes time and resources. "We can then say that we want to establish X number of TCP connections on that address and that we want to use this attack type, and it does it," Lee said.
In summary, it works by establishing tons and tons of connections using carefully-forged SYN cookies. The irony? "SYN Cookies are the key element of a technique used to guard against SYN flood attacks". ROFLMAO.
And then it gets scarier:
From the wikipedia article:
The use of SYN Cookies does not break any protocol specifications, and therefore should be compatible with all TCP implementations.
Now, are you ready to scream?
the 2.6.26 Linux kernel added limited support of TCP options.
When it is finished handling the internal changes (either successfully or not), it does NOT print an HTML page. Instead, it prints a REDIRECT message telling the web browser the next page it should GET.
AMEN, brother! This is what I always do in my web applications - the trick is storing the result of the operation in a session variable. But after you've done that, you can forget about those "resubmit?" annoyances.
I hadn't realized until now. The doomsday prediction comments above, assume that the bose supernova will focus ALL of its energy in one place. But in reality the explosion will take place either with a tiny part of all the Helium, or it will be simultaneous along all the LHC.
Or in the best case, a local explosion will cause the magnets to malfunction, preventing other explosions from taking place - but then again, the helium will simply escape through the holes.
Not that for the post I chose "superninja" as the user. The original account sounded similar and yes, it was from hotmail. In any case DO NOT E-MAIL that please.
Also, when you do a job interview, please, for everything that's sacred to you, do NOT - repeat, DO NOT - put in your resume your "superninja@hotmail.com" e-mail address !
Well, right now my knowledge of unit tests is practically ZERO (30 minutes ago I didn't even know what a unit test was - I just had the general idea of "test everything that you can"), so I need a book or html article written with good examples so I can say: "Hey, I can do that in my code!".
Any links you can recommend? (besides wikipedia which expanded my knowledge a bit)
Actually, DRM remains perfectly secure only when you leave it turned off, and ideally locked away and never put under the spotlight.
Huh, that's funny, making DRM and general purpose PCs secure requires that you cut the network cable and bury them or lock them in a safe.
Just to be sure, let's pulverize and ionize them so we can feed their hadrons into the CERN collider while we can watch them go to 99.99999% the speed of light before blasting and turning into strange matter, and maybe one or two Higgs bosons. Bonus points for unrecoverability if they're turned into a micro-blackhole.
The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet.
Web programming 101. Children, repeat after me: When you program for the web, NEVER, EVER trust the client.
Why are we fighting this? It's futile. Let them believe what they will believe, let them teach what they want
If that's the case, why are you posting your own opinion on slashdot? Let the slashdot readers believe what they will believe and let the submitters submit what they want.
You fail to understand that if they do WHATEVER IT TAKES to convince other people of their truth, those converted people will do WHATEVER IT TAKES to convince EVERYONE of their truth. If we don't do anything to stop them, soon it will be 1984 all over the country. And I'd say we're on the edge of seeing that happening.
What infuriates me is the hypocrite naming. "Discovery Institute" (what on Earth are they discovering? Or was the name chosen to make people fall for the similarity between that and the Discovery Channel?), "evolution textbook", "intelligent design" that make their idiocy sound intelligent (just as "patriot act" and similar initiatives). And they use deception so blatantly to promote their "truth"?
What happened to the traditional Christianity that preached "love thy neighbor"? I still fail to recognize the point where America stopped being a christian nation to become a nation of intolerant hypocrites.
Others see this as yet another example of their crumbling hegemony or indolence as their empire burns.
One only knows how to reach complete happiness in computer software when they have felt the power of the source. Use the source Steve!...gg..GAHH!! *dodges chair*
Obviously, you haven't reached the level of a true master. If you were, you would have used your sourcefield to deflect the chair.
For example, Steve Jobs uses his reality distortion field to deflect all incoming chairs:)
Slashdot Mirror
I just added the above line to /etc/rc.d/rc.local, but I really don't know if that leaves a window of time during boot where the vulnerability can be exploited.
Any GNU/Linux expert who can inform us how to correctly patch our systems (until the official patch is released, of course)?
The technique was created by Daniel J. Bernstein and Eric Schenk in September 1996. The first implementation for SunOS was released by Jeff Weisberg a month later, and Eric Schenk released his Linux implementation in February 1997 (the current implementation uses e.g. net.ipv4.tcp_syncookies).
From an old 2001 syn cookies vulnerability report:
syncookies can be disabled on a running system by executing the command:
echo 0 > /proc/sys/net/ipv4/tcp_syncookies
(To the editors: Mind adding the above line to the summary? Thanks!)
Patch your systems. NOW! (note that this makes them vulnerable to syn flood attacks, but at least those won't leave your system unusable until reboot!)
Many TCP servers use a technique known as a SYN cookie in order to prevent attackers using spoofed IP addresses from launching SYN flood denial-of-service attacks against them. The cookie is essentially a chosen TCP initial sequence number that is calculated using some specific hashed metadata that reflects the details of the specific TCP connection. Once the client returns a correct packet to the server, the server knows that the client isn't using a forged IP address.
Sockstress computes and stores so-called client-side SYN cookies and enables Lee and Louis to specify a destination port and IP address. The method allows them to complete the TCP handshake without having to store any values, which takes time and resources. "We can then say that we want to establish X number of TCP connections on that address and that we want to use this attack type, and it does it," Lee said.
In summary, it works by establishing tons and tons of connections using carefully-forged SYN cookies. The irony? "SYN Cookies are the key element of a technique used to guard against SYN flood attacks". ROFLMAO.
And then it gets scarier:
From the wikipedia article:
The use of SYN Cookies does not break any protocol specifications, and therefore should be compatible with all TCP implementations.
Now, are you ready to scream?
the 2.6.26 Linux kernel added limited support of TCP options.
Scream.
This actually surprises me. I thought cheating for the House was 100% LEGAL. Turns out it's not.
In any case, my trust in gambling sites isn't any greater than my trust in Diebold voting machines.
"...four major Websites susceptible to the silent-but-deadly cross-site request forgery attack..."
I knew something smelled funny...
GASP! It's the methane! We're all gonna die!
When it is finished handling the internal changes (either
successfully or not), it does NOT print an HTML page. Instead, it
prints a REDIRECT message telling the web browser the next page it
should GET.
AMEN, brother! This is what I always do in my web applications - the trick is storing the result of the operation in a session variable. But after you've done that, you can forget about those "resubmit?" annoyances.
I hadn't realized until now. The doomsday prediction comments above, assume that the bose supernova will focus ALL of its energy in one place. But in reality the explosion will take place either with a tiny part of all the Helium, or it will be simultaneous along all the LHC.
Or in the best case, a local explosion will cause the magnets to malfunction, preventing other explosions from taking place - but then again, the helium will simply escape through the holes.
Then again, I'm not a particle physicist.
Okay! Important Safety Tip. Don't cross the Streams.
Have you realized that this is PRECISELY what the LHC is gonna do? After all, they were PROTON packs!
(I guess Egon wasn't that far off, after all!)
Not that for the post I chose "superninja" as the user. The original account sounded similar and yes, it was from hotmail. In any case DO NOT E-MAIL that please.
House is not a name. What's next, Doctor Building, Doctor Roof and Doctor Door?
...and there's the proof that those chemicals in your blood are dangerous to your health. Any questions?
- Greg House.
Also, when you do a job interview, please, for everything that's sacred to you, do NOT - repeat, DO NOT - put in your resume your "superninja@hotmail.com" e-mail address !
(A friend of a friend learned the hard way)
Please choose a doctor:
H. Doctor House, who will tell you (after drinking some vicodine pills) that you're doing good by helping mankind get rid of your defective genes.
Well, right now my knowledge of unit tests is practically ZERO (30 minutes ago I didn't even know what a unit test was - I just had the general idea of "test everything that you can"), so I need a book or html article written with good examples so I can say: "Hey, I can do that in my code!".
Any links you can recommend? (besides wikipedia which expanded my knowledge a bit)
what book can you recommend to me regarding unit tests? After reading the summary, I really got interested in this unit test stuff.
GameBoy Advance begat GameBoy Advance SP, which begat GameBoy Micro...
from the Book of Nintendo, 1:17.
please tag the article as "damagecontrol". I already did.
Actually, DRM remains perfectly secure only when you leave it turned off, and ideally locked away and never put under the spotlight.
Huh, that's funny, making DRM and general purpose PCs secure requires that you cut the network cable and bury them or lock them in a safe.
Just to be sure, let's pulverize and ionize them so we can feed their hadrons into the CERN collider while we can watch them go to 99.99999% the speed of light before blasting and turning into strange matter, and maybe one or two Higgs bosons. Bonus points for unrecoverability if they're turned into a micro-blackhole.
The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet.
Web programming 101.
Children, repeat after me: When you program for the web, NEVER, EVER trust the client.
Why are we fighting this? It's futile. Let them believe what they will believe, let them teach what they want
If that's the case, why are you posting your own opinion on slashdot? Let the slashdot readers believe what they will believe and let the submitters submit what they want.
You fail to understand that if they do WHATEVER IT TAKES to convince other people of their truth, those converted people will do WHATEVER IT TAKES to convince EVERYONE of their truth. If we don't do anything to stop them, soon it will be 1984 all over the country. And I'd say we're on the edge of seeing that happening.
What infuriates me is the hypocrite naming. "Discovery Institute" (what on Earth are they discovering? Or was the name chosen to make people fall for the similarity between that and the Discovery Channel?), "evolution textbook", "intelligent design" that make their idiocy sound intelligent (just as "patriot act" and similar initiatives). And they use deception so blatantly to promote their "truth"?
What happened to the traditional Christianity that preached "love thy neighbor"? I still fail to recognize the point where America stopped being a christian nation to become a nation of intolerant hypocrites.
Others see this as yet another example of their crumbling hegemony or indolence as their empire burns.
One only knows how to reach complete happiness in computer software when they have felt the power of the source. Use the source Steve! ...gg..GAHH!! *dodges chair*
Obviously, you haven't reached the level of a true master. If you were, you would have used your sourcefield to deflect the chair.
For example, Steve Jobs uses his reality distortion field to deflect all incoming chairs :)
+3 Informative, LOL! That's the most funny comment moderation I've seen this week!
Slashdot has always been biased towards Linux.
Just as Science has always been biased towards evolution rather than Intelligent Design.
the Middle-East peace process
Middle-East WHAT?!
I think he meant the Middle-East piece process.
My rule is: Only use ? : for simple variable and string assignment. And in the very few cases that have operators in them, ALWAYS use parentheses.