This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
from: Hackers Center Blogs
Image via WikipediaMicrosoft this week started what will be one of the largest debated issues they will have in some time. Especially given that organizations that pay maintenance on their software... Read the rest of the story here
from: Business Computer Networks: Wired
Cisco and Other Vendors Vulnerable to TCP DoS Flaws Summary: § These vulnerabilities affect: Many of Cisco's products, including those that run IOS and CatOS. Also affects CheckPoint devices and Red Hat Linux § How an attacker exploits them: By flooding a device with excessive, specially crafted TCP connections § Impact: An attacker could prevent your device from opening any new TCP connections, essentially blocking most network traffic
from: TaoSecurity
Microsoft published a Major Revision of MS09-048 to show that Windows XP Service Pack 2 and Windows XP Service Pack 3* are now Affected Software . This is an important development. It is significant to acknowledge that an operating system is vulnerable despite the potential to add a countermeasure . In other words, countermeasures do not remove vulnerabilities.
from: TaoSecurity
This is a follow-up to MS09-048 is Microsoft's Revenge Against XP in the Enterprise . Everyone is talking about how Windows 2000 will not receive a patch for MS09-048: If Microsoft Windows 2000 Service Pack 4 is listed as an affected product, why is Microsoft not issuing an update for it? The architecture to properly support TCP/IP protection does not exist on Microsoft Windows 2000 systems , making it infeasible to build the fix for Microsoft Windows 2000 Service Pack 4 to eliminate the vulnerability.
from: Dave's Blog
If you own a netbook with XP installed, it’s time to install Linux. Take that Netbook XP users! “Microsoft late last week said it won’t patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.” “We’re talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,” said security program manager Adrian Stone during Microsoft’s monthly post-patch Webcast, referring to Windows 2000 and XP.” “The bugs in question are in Windows’ implementation of TCP/IP, the Web’s default suite of connection protocols.
from: Microsoft Patch Watch
Posted by Aras on Sep 15 Hello All: Given that M$ has officially shot-down all current Windows XP users by not issuing a patch for a DoS level issue, I’m now curious to find out whether or not any brave souls out there are already working or willing to work on an open-source patch to remediate the issue within XP.
from: Darknet - The Darkside
A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft . So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable. It could be that Juniper doesn’t really understand the attack yet, if so that’s bad news as most of the Internet backbone (ISP Level) runs on Juniper equipment.
