Just hit Slashdot.
A really good write up can be found on the Search Security page.
RSnake also chimed in here.
Just read a strain of articles covering Louis's findings (1, 2, 3, 4, 5). Some things stood out as needing correction:
1) Outpost24 is a Swedish company, though we do have a Finnish office.
2) Jack's last name is spelled Louis.
3) "The researchers were alerted when a test caused some hosts to become unresponsive."
What actually happened: After performing a large scale test trying to complete a 3-way handshake with, and pull down the website content from millions of hosts, certain systems became overly responsive. They kept sending responses to us over and over again until those systems were rebooted. We were not launching an attack against millions of hosts :).
4) "Systems furthermore will remain unresponsive after an attack"
That is only true in very specific circumstances. The more universal case is that the service under attack will remain unresponsive as long as the attack continues.
The podcast is still the most complete public source of information for these findings.
Wednesday, October 1, 2008
Subscribe to:
Post Comments (Atom)
5 comments:
How can a vendor of a product with a TCP stack contact you for details?
If you are a vendor of a product with a TCP stack, please get in contact with the CERT-FI team.
vulncoord@ficora.fi
Hi Robert,
are you saying that the article at
http://www.darkreading.com/blog.asp?blog_sectionid=403&doc_id=164939&W
is factually innacurate or are you simply mentioning it as background material before dicussing the five specific articles that you explicitly correct?
Cheers,
F.
It was the 5 articles linked to that had factual inaccuracies that the corrections were listed for.
RSnakes page write up was accurate.
Ok, thanks a lot for clearing this up!
Post a Comment