From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS

Published: 2009-06-12
Last Updated: 2011-01-24 23:51:49 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

In other news this week...

Sympatico may have been hacked, TCP might be dead, SHA-1 may be on its way out, and political hacktivism.

A major ISP in Canada, Sympatico, appears to have had a breach of their web site according to Websense, malicious code appeared to have been inserted briefly. More info is here http://securitylabs.websense.com/content/Alerts/3416.aspx

A major issue with the TCP protocol implementation may lead to Denial of Service (DoS) to virtually any web site. Reported in Phrack issue 66.

The SHA-1 hashing algorithm is showing its age, researchers may be on their way to creating practical collisions. The paper is found here. http://eprint.iacr.org/2009/259.pdf

Arbor reports that Denial of Service attacks have been ongoing against a Belarus news site. The article is here. http://asert.arbornetworks.com/2009/06/ddos-floods-in-belarus-political-motivations/

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords:
2 comment(s)

Comments

Still getting my head around the TCP 'attack', but out of curiosity I'm using this iptables rule to check for the 'win 0' packets used to trigger this: -p tcp -m u32 --u32 "12 & 0x0000ffff = 0" -j ZERO-WIN
Speaking of political DDoS, the British National Party was under frequent DDoS during the UK's elections for European Parliament. The Conservative party also claimed they were briefly offline on election day due to a DDoS attack, and I observed other party websites running very slowly, perhaps due only to bursts in genuine traffic.

Diary Archives