Researcher's Death Hampers TCP Flaw Fix 147
linuxwrangler writes "Security researcher Jack Louis, who had discovered several serious security flaws in TCP software was killed in a fire on the ides of March, dealing a blow to efforts to repair the problem. Although he kept good notes and had communicated with a number of vendors, he died before fixes could be created and prior to completing research on a number of additional vulnerabilities. Much of the work has been taken over by Louis' friend and long-time colleague Robert E. Lee. The flaws have been around for a long time and would allow a low-bandwidth 'sockstress' attack to knock large machines off the net."
Robert E. Lee (Score:5, Insightful)
Was it necessary to refer to his colleague as Robert E. Lee? Now we're going to get a ton of "South will rise again" jokes.
Re:Come on... (Score:4, Insightful)
Screw off you insensitive clod.
What the fuck (Score:5, Insightful)
My high regard for the Slashdot community is obviously misguided.
It's a great loss for the research community and my condolences go to his family. And really, that's a nasty way to go...
Re:What the fuck (Score:4, Insightful)
People react in different ways to news like this. There's nothing wrong with making jokes, especially since a lot of us had no idea who he was.
200 posts of "my condolonces" doesn't make for interesting reading.
woooooooooosh! (Score:3, Insightful)
n/t
Re:What the fuck (Score:3, Insightful)
Re:What the fuck (Score:5, Insightful)
150,000 strangers died today. Picking 5 of them and feeling bad about it is awful damn close to insanity.
Re:What the fuck (Score:2, Insightful)
I see history repeat it self as it happened with Digg, the only difference - Digg started from level which slashdot is currently at.
I think it might be a good time for me too look for new web 2.0 news source which has for instance some kind of IQ level discrimination. Or drop this unproductive habit of mine whatsoever.
PS I hardly ever LoL'ed at any +5 Funny post here.
PS/2 I really just don't get the culture of lol, a fucking smirk is not laughing out loud goddammit.
A man has died, and you fucking joke about it because he had a friend named Robert E Lee. Well if it wasn't for your stupid American movies I wouldn't even have any idea who Lee was.
Re:It's a shame. (Score:3, Insightful)
I would imagine any death where you're aware that you're dying (i.e. not dying in your sleep or getting shot in the back of the head) is horrible.
Honestly, what would you prefer? Being eaten alive? Drowning? Cancer? Airplane crash? Being hit by a car? Being stabbed? etc.
Death sucks regardless of the circumstance, imho.
Re:But... (Score:1, Insightful)
... such as the right to own slaves.
Re:Naptha all over again (Score:3, Insightful)
Source address level filtering does provide some level of protection against a SYN flood. The problem is, it is not universally implemented. Another problem is someone who doesn't care to hide their address. If you are doing more than a SYN flood, but more advanced TCP hijinx, you need to use your read IP address anyhow. So, it's not much of a fix. Neither is the recommendations which came out back in 2000, which was to increase the resource limits that the operating system imposed upon the IP stack. I could go on and on, on how each measure so far implemented has just raised the bar against these type of attacks, but hasn't really done much to prevent them. Yes, you might not be able to knock over a stock OpenBSD install with 1023 packets any more, but the problem persists.