TCP Vulnerability in Embedded OS

Started by deanwebb, June 23, 2015, 10:22:08 AM

Previous topic - Next topic

deanwebb

https://threatpost.com/tcp-vulnerability-haunts-wind-river-vxworks-embedded-os/113429

"The VxWorks software generates predictable TCP initial sequence numbers that may allow an attacker to predict the TCP initial sequence numbers from previous values, which may allow an attacker to spoof or disrupt TCP connections," the ICS-CERT advisory says.

The systems in question are industrial control systems.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.