Privacy
-----Original Message----- From: Tcpinc [mailto:[email protected]] On Behalf Of Christian Huitema Sent: Sunday, April 26, 2015 2:37 PM To: ianG; [email protected] Subject: Re: [tcpinc] Internet-scale attack on TLS > An attack on TCP/TLS has now been detected at broad scale, and traced > back to the bug responsible (client-side Heartbleed) and the probable > attacker (agency with massive pipe access, e.g. NSA). > > This attack more fully informs the reason for the existence of the > group. It less directly informs the technical solutions, and indeed > might just cause confusion as there is room for both sides to claim "I > told you so!" :) +1. What is the value of TCP-INC if it cannot defend against packet injection attacks? -- Christian Huitema > > > http://cryptome.org/2015/04/goodcrypto-attacked.htm > > ... In early 2015 people were still downloading our ISO file for > GoodCrypto. But suddenly installations stopped. > > After a lot of checking we noticed that the downloads got HTTP 200 > result codes, but the lengths were all too short. This isn't supposed > to happen. A 200 result means success. These weren't successful > downloads, but the web logs said they were. Ordinary log checks didn't > show the bug. ... > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
