[ale] Linux TCP Flaw

Jim Kinney jim.kinney at gmail.com
Fri Aug 12 11:05:46 EDT 2016


My understanding is this can be used to force an ssh/ssl/tls connection to
downgrade encryption to a version that's easily crackable. For high
security systems, those formats should already be disabled. But for public
facing sites that have to work with clients that may not yet support better
methods, the mitigation method is essential. I see no reason to not
implement the mitigation on hardened servers as a diaper. It should also be
done on all client systems as those usually don't have hardened encryption
initiated unless they are a rather new install with special follow-on
procedures.

On Aug 12, 2016 9:56 AM, "Lightner, Jeffrey" <JLightner at dsservices.com>
wrote:

> https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html
>
>
>
> Other stories related to this last night.
>
>
>
> My read last night was Disturbing because it says it can be used to
> disrupt even ssh/sftp/https connections.
>
>
>
> Although it says it is in the 3.6 kernel and later it appears some earlier
> kernels for RedHat (and therefore CentOS and other derivatives) are
> affected.    RedHat says all RHEL6.5 and above and RHEL 7.   Earlier
> versions they say are not affected.
>
>
>
> There is a mitigation in the story which is the same being suggested by
> RedHat.
>
>
>
> *Jeffrey C. Lightner*
>
> *Sr. UNIX/Linux Administrator*
>
>
>
> DS Services of America, Inc.
>
> 2300 Windy Ridge Pkwy
>
> Suite *600 N*
>
> Atlanta, GA  30339-8461
>
>
>
> P: *678-486-3516 <678-486-3516>*
>
> C: *678-772-0018 <678-772-0018>*
>
> F: *678-460-3603 <678-460-3603>*
>
> E: *jlightner at dsservices.com <jlightner at dsservices.com>*
>
>
>
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you
> are not the intended recipient, any disclosure, copying, distribution, or
> use of the contents of this information is prohibited and may be unlawful.
> If you have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160812/2123678e/attachment.html>


More information about the Ale mailing list