The Sky is Falling!
Saw this over at SNN
According to Guardent, they have discovered a new security flaw in TCP. Knowledge of the shortcomings of TCP/IP is not new, especially in terms of Initial Sequence Number (ISN) vulnerabilities. When assessing the risks facing a network, this class of vulnerability is one of hundreds that any decent security consultant takes into account. What is always changing depending on the ease with which a vulnerability can be exploited and the business demands of the network is the priority one assigns certain risks. Similar to the way buffer overflows are a well understood class of vulnerability that still finds it's way into a wide variety of products, ISN vulnerabilities exist in a wide variety of products. Guardent's notification-through-NDA-process is a strange way to publicize the evolution of a well known vulnerability, but surely they have their reasons.
Wall Street Journal (Subscription Required)