This website uses its own and third-party cookies. Some of these cookies are used to develop analytical statistics of visits to the webpage, others to manage advertising or even others are necessary for the correct management of the site. If you continue to browse or click in accept we consider you accept the conditions for their use. You can get more information, or learn how to change the settings in our cookies policy?
Versión Española Versión Mexicana Ibercampus English Version Version française Versione italiana

18/1/2020  
    Ibercampus  | Editorial Board | Who we are | Ideology | Contact | Advertising rates | Subscription | RSS RSS
Policies
Inclusion policies
R&D
Employment
Economics
Culture
Green strategies
Health
Society and consumer
Sports
Debates
Interviews
Education
Grants & internships
Training
Trends
Enterprises & CSR
 Enterprises & CSR
ACNUR
AEGON
AIR LIQUIDE
ALCATEL-LUCENT
ALLIANZ
ARCELORMITTAL
ASIFIN
ASSICURAZIONI GENERALI
AXA
BANCO SANTANDER
BASF
BAYER
BBVA
BNP PARIBAS
CARREFOUR
DAIMLER AG
DEUTSCHE BANK
DEUTSCHE BRSE
DEUTSCHE TELEKOM
E.ON
ENEL
ENI
FORTIS
FRANCE TLCOM
GROUPE DANONE
IBERDROLA
INDITEX
ING GROUP
INTESA SANPAOLO
L'ORAL
LVMH
MUNICH RE
NOKIA
PHILIPS
RENAULT
REPSOL YPF
RWE
SAINT GOBAIN
SANOFI-AVENTIS
SAP AG
SCHNEIDER ELECTRIC
SIEMENS AG
SOCIT GNRALE
SUEZ
TELECOM ITALIA
TELEFNICA
TOTAL S.A.
UNICREDIT
UNILEVER
VINCI
VIVENDI
VOLKSWAGEN

R&D
University of California

Study highlights serious security threat to many internet users


UCR researchers demonstrate how communications involving Linux and Android systems can be compromised quickly, easily and from anywhere
Ibercampus 10/8/2016 Send to a friend
Comparte esta noticia en TwitterFacebookTwitterdel.icio.usYahooRSS
Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users' internet communications completely remotely.

Such a weakness could be used to launch targeted attacks that track users' online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor.

Led by Yue Cao, a computer science graduate student in UCR's Bourns College of Engineering, the research will be presented on Wednesday (Aug. 10) at the USENIX Security Symposium in Austin, Texas. The project advisor is Zhiyun Qian, an assistant professor of computer science at UCR, whose research focuses on identifying security vulnerabilities to help software companies improve their systems.
While most users don't interact directly with the Linux operating system, the software runs behind-the -scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination.

For example, when two people communicate by email, TCP assembles their message into a series of data packets--identified by unique sequence numbers--that are transmitted, received, and reassembled into the original message. Those TCP sequence numbers are useful to attackers, but with almost 4 billion possible sequences, it's essentially impossible to identify the sequence number associated with any particular communication by chance.
The UCR researchers didn't rely on chance though. Instead, they identified a subtle flaw (in the form of 'side channels') in the Linux software that enables attackers to infer the TCP sequence numbers associated with a particular connection with no more information than the IP address of the communicating parties.

This means that given any two arbitrary machines on the internet, a remote blind attacker without being able to eavesdrop on the communication, can track users' online activity, terminate connections with others and inject false material into their communications. Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker. The weakness would allow attackers to degrade the privacy of anonymity networks, such as Tor, by forcing the connections to route through certain relays. The attack is fast and reliable, often taking less than a minute and showing a success rate of about 90 percent. The researchers created a short video showing how the attacks works.

Qian said unlike conventional cyber attacks, users could become victims without doing anything wrong, such as downloading malware or clicking on a link in a phishing email.
"The unique aspect of the attack we demonstrated is the very low requirement to be able to carry it out. Essentially, it can be done easily by anyone in the world where an attack machine is in a network that allows IP spoofing. The only piece of information that is needed is the pair of IP addresses (for victim client and server), which is fairly easy to obtain," Qian said.

Qian said the researchers have alerted Linux about the vulnerability, which has resulted in patches applied to the latest Linux version. Until then, Qian recommends the following temporary patch that can be applied to both client and server hosts. It simply raises the `challenge ACK limit' to an extremely large value to make it practically impossible to exploit the side channel.

Other issues R&D
China, Germany, Japan, Korea and the United States dominate global innovation - WIPO report 2019
New methodology developed to monitor patients with glioblastoma
Scientists find a place on Earth where there is no life
The embryonic origin of the Cyclops eye
Graphene activates immune cells helping bone regeneration in mice
Jurassic dinosaurs could have been dispersed between Africa and Europe 145 years ago
Chinas Change-4 probe lands on the moon
Artificial intelligence for studying the ancient human populations of Patagonia.
Chinese and European scientists propose 28 complementary colours
EU-wide rules for safety of drones approved by European Parliament

Subscribe free to our newsletter
Vanity Fea
The Virtual World We Inhabit
Jos ngel Garca Landa
We can all be leaders
VIDEOCOMMUTING A NEW ORGANIZATIONAL REALITY THAT POSITIVELY IMPACTS EMPLOYEES
Mar Souto Romero
Financial inclusion
Financial Education For All!
Carlos Trias
Brusselian Lights
European elections (I): which words are more used in the European political manifestos?
Ral Muriel Carrasco
Humor and Political Communication
Comisin de Arbitraje, Quejas y Deontologa (Spain) (3) You cant be too careful
Felicsimo Valbuena
Want your own blog? Want to be read by universities?
Find out here
Books
"Tthe study of human behaviour was political from the beginning"
The EU "An Obituary"
Startup Cities "Why Only a Few Cities Dominate the Global Startup Scene"
Blockchain Revolution "How the Technology Behind Bitcoin and Cryptocurrency Is Changing the World "
Doughnut Economics "Seven Ways to Think Like a 21st-Century Economist "
The People vs Tech "How the Internet Is Killing Democracy"
Theses and dissertations
1 What are we waiting to boost, link financial / digital education and improve information?
Legal Advise | Privacy Policy | Editorial Board | Who we are | Ideology | Contact | Advertising rates | RSS RSS