Post Syndicated from ris original http://lwn.net/Articles/696847/rss
UCR Today reports that
researchers at the University of California, Riverside have identified a
weakness in the Transmission Control Protocol (TCP) in Linux that enables
attackers to hijack users’ internet communications remotely. “The
UCR researchers didn’t rely on chance, though. Instead, they identified a
subtle flaw (in the form of ‘side channels’) in the Linux software that
enables attackers to infer the TCP sequence numbers associated with a
particular connection with no more information than the IP address of the
communicating parties. This means that given any two arbitrary machines on
the internet, a remote blind attacker, without being able to eavesdrop on
the communication, can track users’ online activity, terminate connections
with others and inject false material into their communications.”