[dba-Tech] TCP implementation in Linux poses a serious threat to Internet users

Jim Lawrence accessd at shaw.ca
Thu Aug 11 17:12:20 CDT 2016


Hi John:

If previous situations are any example; like the famous SSH heart-bleed bug, when it took just two weeks, from discovery to having a permanent solution and rolling out the upgrades. The Linux foundation is a very large and prestigious group;   

Fujitsu Ltd, Hewlett-Packard Development Co. LP, Intel Corp., IBM Corp., NEC Corp., Oracle Corp., Qualcomm Innovation Center Inc., Samsung Electronics Co. Ltd, Advanced Micro Devices Inc., Bloomberg LP, China Mobile Ltd, Cisco Systems Inc., Citrix Systems, Electronics and Telecommunications Research Inst., Google Inc., Hitachi Ltd, Huawei, Motorola Solutions Inc., NetApp Inc., NYSE Technologies, Panasonic Corp., SUSE, Toyota Motor Corp., Adobe Systems Inc., ARM Holdings PLC, Broadcom Corp., Canonical Ltd, Dell Inc., DreamWorks Animation LLC, EMC Corp., HSA Foundation, Igalia S.L., Inktank, Jaguar Land Rover, Lexmark International, Inc., LG Electronics Inc., MIPS Technologies Inc., Nvidia, OwnCloud, Protecode Inc., PayPal, Red Hat Inc., Renesas Electronics Corp., Siemens AG, Solace Systems, Sony Corp., Texas Instruments Inc., Tieto, Tuxera, Twitter, Toshiba Corp., Valve Corporation, VMware Inc, Yahoo, and so on and so on... Even Microsoft.

There is a difference between the importance of any desktop OS going sideways and the Linux OS going down. Linux is the core of the internet and every large company and government agency in the world.

That is why I hold such trust in the security of the Linux OS...there is almost an unlimited resource of self-enlightened interest of others the can afford it.

Jim

----- Original Message -----
From: "John R Bartow" <jbartow at winhaven.net>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Thursday, August 11, 2016 1:40:31 PM
Subject: Re: [dba-Tech] TCP implementation in Linux poses a serious threat	to	Internet users

I would think necessary and that not most companies have implemented it.

-----Original Message-----
From: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of
Jim Lawrence
Sent: Thursday, August 11, 2016 1:28 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] TCP implementation in Linux poses a serious threat
to Internet users

All that said I took the precaution to update all my Linux boxes. :-)

As from the article: 

1. Edited /etc/sysctl.conf file and added the line:
net.ipv4.tcp_challenge_ack_limit = 999999999

2. ...And forced an immediate update: sysctl -p 

I wonder if it is necessary and if necessary whether most companies have in
fact implemented the solution?
 
Jim

----- Original Message -----
From: "Jim Lawrence" <accessd at shaw.ca>
To: "Discussion of Hardware and Software issues"
<dba-tech at databaseadvisors.com>
Sent: Thursday, August 11, 2016 10:57:14 AM
Subject: Re: [dba-Tech] TCP implementation in Linux poses a serious threat
to	Internet users

Now that possible hack could be very serious as all our industry,
government, banking and all major business back-bones are built on Linux.

OTOH, I would suspect as tradition, the Linux community, via the Linux
Foundation, has been made aware of this long before the information became
public and fixes have been rolling out. 

Jim 

----- Original Message -----
From: "John R Bartow" <jbartow at winhaven.net>
To: "Discussion of Hardware and Software issues"
<dba-tech at databaseadvisors.com>
Sent: Thursday, August 11, 2016 10:30:28 AM
Subject: [dba-Tech] TCP implementation in Linux poses a serious threat to
Internet users

FYI:
"The Transmission Control Protocol (TCP) implementation in all Linux systems
deployed since 2012 (version 3.6 and above of the Linux kernel) poses a
serious threat to Internet users, whether or not they use Linux directly."
http://tinyurl.com/hbm6wlu


_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com



More information about the dba-Tech mailing list