Active Topics
-
Firefox with Leste (5)
to Maemo 7 / Leste by teroyk - 1 day, 10 hrs ago -
Handbook (2)
to Maemo 7 / Leste by teroyk - 2 days, 9 hrs ago - more...
| The Following 3 Users Say Thank You to HtheB For This Useful Post: | ||
 |
|
2016-08-16
, 09:12
|
|
Posts: 6,445 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#2
|
It is my understanding that the vulnerability is in the kernel. IOW, it does not make a difference whether AD is used or not.
What kernel version does JC use? J1 has 3.4, too old and thus safe.
What kernel version does JC use? J1 has 3.4, too old and thus safe.
__________________
Русский военный корабль, иди нахуй!
Русский военный корабль, иди нахуй!
| The Following 3 Users Say Thank You to pichlo For This Useful Post: | ||
 |
|
2016-08-16
, 09:50
|
|
Moderator |
Posts: 3,715 |
Thanked: 7,419 times |
Joined on Dec 2009
@ Bize Her Yer Trabzon
|
#3
|
Originally Posted by pichlo
I think that Jolla C was using at least 3.6
It is my understanding that the vulnerability is in the kernel. IOW, it does not make a difference whether AD is used or not.
What kernel version does JC use? J1 has 3.4, too old and thus safe.
So it might be vulnerable as well
|
|
2016-08-16
, 09:52
|
|
Posts: 233 |
Thanked: 532 times |
Joined on Sep 2011
|
#4
|
Jolla C kernel is 3.10.49
| The Following 3 Users Say Thank You to pagis For This Useful Post: | ||
|
|
2016-08-16
, 10:57
|
|
Moderator |
Posts: 3,715 |
Thanked: 7,419 times |
Joined on Dec 2009
@ Bize Her Yer Trabzon
|
#5
|
Originally Posted by pagis
In other words: it's vulnerable
Jolla C kernel is 3.10.49
|
|
2016-08-16
, 12:35
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#6
|
No a very serious flaw.
TCP connection hijacking can only ever be used against unencrypted connections so for example ssl/ssh connections are safe provided you don't override certificates
TCP connection hijacking can only ever be used against unencrypted connections so for example ssl/ssh connections are safe provided you don't override certificates
| The Following 4 Users Say Thank You to juiceme For This Useful Post: | ||
|
|
2016-08-16
, 17:57
|
|
Posts: 1,288 |
Thanked: 4,316 times |
Joined on Oct 2014
|
#7
|
Originally Posted by juiceme
Not exactly so, this attack, while not 'easy' still, does enables attacking (downgrading) SSL connections.
No a very serious flaw.
TCP connection hijacking can only ever be used against unencrypted connections so for example ssl/ssh connections are safe provided you don't override certificates
It has been possible for some years, by MiTM attacks, the situation now however is it is no longer needed to be on the same network (MiTM), you do however, need to know IP adress of both targets. (Victim and server).
__________________
You can still support my work by donation - click here
You can still support my work by donation - click here
|
|
2016-08-16
, 20:41
|
|
Guest |
Posts: n/a |
Thanked: 0 times |
Joined on
|
#9
|
Originally Posted by m4r0v3r
Besides the NSA?
does anyone ever exploit these flaws and make serious money off them?
| The Following 4 Users Say Thank You to For This Useful Post: | ||
|
|
2016-08-17
, 04:42
|
|
Posts: 6,445 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#10
|
NSA et al do not need this exploit to read your emails and eavesdrop on your browsing. They can simply request the data from your ISP. In the worst case they can use the backdoors in encryption algorithms.
__________________
Русский военный корабль, иди нахуй!
Русский военный корабль, иди нахуй!
| The Following 3 Users Say Thank You to pichlo For This Useful Post: | ||
Linux flaw that allows anyone to hijack Internet traffic also affects 80% of Android devices
Probably Jolla C too with Dalvik installed?
Edit: Jolla C and Tablet seems to be also vulnerable
www.HtheB.com
Please donate if you think I'm doing a good job.
Last edited by HtheB; 2016-08-16 at 10:58.