> An attack on TCP/TLS has now been detected at broad scale, and traced > back to the bug responsible (client-side Heartbleed) and the probable > attacker (agency with massive pipe access, e.g. NSA). > > This attack more fully informs the reason for the existence of the > group. It less directly informs the technical solutions, and indeed > might just cause confusion as there is room for both sides to claim "I > told you so!" :)
+1. What is the value of TCP-INC if it cannot defend against packet injection attacks? -- Christian Huitema > > > http://cryptome.org/2015/04/goodcrypto-attacked.htm > > ... In early 2015 people were still downloading our ISO file for > GoodCrypto. But suddenly installations stopped. > > After a lot of checking we noticed that the downloads got HTTP 200 > result codes, but the lengths were all too short. This isn't supposed to > happen. A 200 result means success. These weren't successful downloads, > but the web logs said they were. Ordinary log checks didn't show the > bug. ... > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
