Bnonn writes: > Is this technically a vulnerability, or is it just a side-effect of how > computers operate?
It's a vulnerability in the sense that it can leak confidential information about a system's identity. It's not a side-effect of how computers operate, but rather a side-effect of how most TCP stacks are implemented. > I was of the impression that this is quite an unavoidable issue, given > how it seems to apply to any computer regardless of OS, but I haven't > researched the issue much myself. Interesting question. It seems to be unavoidable only in the sense that most operating systems are not designed to protect against it (yet). I think the claims of the researchers are overly optimistic, but time will tell. In any case, in the interest of security, it would be nice to see it addressed. I read that FreeBSD can be configured to avoid the problem completely by disabling the timestamps upon which the technique depends, but I don't remember the details. And if one still wants to use timestamps, it would be good if they could be used without leaking any information. -- Anthony _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
