Guardent Releases Information Regarding Flaw in Internet Infrastructure
Coordinated Effort with CERT and Leading Internet Software and Equipment Vendors Will Disseminate Information, Develop Solutions and Mitigate Exposure
WALTHAM, Mass., March 12 /PRNewswire/ – Guardent, Inc., the leading provider of security and privacy programs for Global 2000 organizations, today released new information regarding a significant weakness in many implementations of the Transmission Control Protocol (TCP) that affects a large population of Internet and network-connected devices.
Tim Newsham, a senior research scientist at Guardent, discovered a method by which malicious users can close down or “hijack” TCP-based sessions on the Internet or on corporate networks. The research, titled “ISN Prediction Susceptibility”, exposes a weakness in the generation of TCP Initial Sequence Numbers, which are used to maintain session information between network devices.
Prior to Guardent’s discovery, it was believed that TCP sessions were sufficiently protected from attacks by the random generation of initial sequence numbers. It is now known that these numbers are guessable on many platforms, with a high degree of accuracy. The ability to accurately guess sequence numbers, combined with readily available session information, allows for a variety of sophisticated attacks on computer networks. These attacks can cause significant harm and would go undetected by current security software. For example, utilizing a common Internet or corporate network connection, an attacker exploiting this weakness could perform operations such as:
* Launching new forms of Denial of Service (DoS) attacks that cut off individual Web server connections, making applications and networks appear unreliable. This type of attack is in stark contrast to the methods used to bring down sites like eBay and Yahoo! in February 2000, which were based on the notion of overloading networks with large amounts of traffic. This method can be combined with distributed techniques to wreak broad-scale harm without the obvious flood of network traffic.
* Information poisoning attacks, where internal systems are attacked by injecting false information into data streams intended for publication (bogus news reports, fraudulent stock prices).
* Session hijacking, where a user’s connection to a computer system is taken over by an attacker, who then can operate under the authorized user’s identity in applications to which that user has access (such as financial applications, Internet infrastructure management, etc.)
Guardent has chosen to inform the public to heighten awareness and begin the drive for all parties to address the problem. In preparation for this advisory, Guardent distributed the detailed research to CERT and to a number of leading vendors in an effort to expedite remedies and to aid in the development of detection/forensics technology.
Details of the research will remain confidential and will be made available only to legitimate network equipment vendors, operating system vendors, and government agencies via Non-disclosure Agreement (NDA) with Guardent. Qualified organizations seeking access to the detailed research should contact Guardent directly at firstname.lastname@example.org or by calling 781-577-6584. Guardent is also providing its clients with guidance with respect to this news.
About Guardent, Inc.
Guardent provides management and technology solutions that enable security, privacy, and data protection for Global 2000 organizations. With a focus on financial services, life sciences, manufacturing and technology, Guardent offers clients continuous enhancement of their security and privacy infrastructure. Headquartered in the heart of Boston’s technology corridor and with offices throughout North America, Guardent brings together an unmatched team of business, security and privacy experts from organizations such as Nationwide, Prudential, Bank of America, PricewaterhouseCoopers, IBM Global Services, Deloitte & Touche, Andersen Consulting, Internet Security Systems, Lucent and Sapient.