[HN Gopher] Raccoon Attack
___________________________________________________________________
Raccoon Attack
Author : wglb
Score : 66 points
Date : 2020-09-11 18:59 UTC (4 hours ago)
(HTM) web link (raccoon-attack.com)
(TXT) w3m dump (raccoon-attack.com)
| fuzzer37 wrote:
| I think more projects should have cute mascots like this. Really
| like the "Raccoon is not an acronym. Raccoons are just cute
| animals, and it is well past time that an attack will be named
| after them :)" line.
| deanstag wrote:
| This writeup covered each and every question that popped up in my
| head in pretty much the same order too. Clear and concise.
| lxe wrote:
| This attack seems pretty surgical and might not be very
| practical, but pretty interesting nonetheless.
| imadethis wrote:
| First off, thanks to the authors for making it clear that this is
| a difficult attack vector to exploit. I'm tired of sites like
| these that make it seem like it's the end of the world.
|
| As this is a timing based attack, I wonder what the feasibility
| would be in a real-world network environment. From a brief skim
| of the paper, it looks like they were getting a false positive
| rate of 10% between two VMs on a Gigabit connection. I wonder how
| quickly that would increase if the servers were in different
| buildings / cities / continents.
| ve55 wrote:
| >Why is the attack called "Raccoon"?
|
| >Raccoon is not an acronym. Raccoons are just cute animals, and
| it is well past time that an attack will be named after them :)
|
| Better naming and mascot than the last five TLS security bugs if
| you ask me
| footballnate29 wrote:
| better than heartbleed
| korethr wrote:
| Additionally, there's another factor of raccoons that seems
| serendipitously applicable here. Raccoons are cute, yes, but
| they are also potentially dangerous and can cause damage or
| injury if ignored or dealt with incorrectly. If raccoons are
| present, it's worth it to pay some attention to make sure they
| aren't the cause or symptom of a larger problem.
| joshocar wrote:
| Racoons are also very clever and persistent. I have had
| several run in with them over the years, don't let their
| "cuteness" fool you, they are ruthless and very devious.
| jcims wrote:
| Especially if you have chickens. Raccoons seem to have
| figured out how to hypnotize them, and will just walk up
| and eat them one by one buffet style.
| hkmurakami wrote:
| Obligatory raccoon removal video (11 of them!) In a Toronto
| suburb.
|
| https://youtu.be/6S27dgeGqfA
| ljhsiung wrote:
| I thought heartbleed was a decent name. A callback to the
| heartbeat protocol
|
| I think DROWN was kiiinda pushing it.
| pvg wrote:
| Dupe of https://news.ycombinator.com/item?id=24421247
| josteink wrote:
| > I am an admin, should I drop everything and fix this?
|
| > Probably not. Raccoon is a complex timing attack and it is very
| hard to exploit.
|
| Nice of them to put this up as one of the first non-technical
| bulletins.
|
| No need to feed hysteria.
| blantonl wrote:
| _The vulnerability is really hard to exploit and relies on very
| precise timing measurements and on a specific server
| configuration to be exploitable._
|
| It's interesting that they emphasize this is a really hard
| problem to solve, and for 99% of use cases this really isn't an
| issue to worry about.
|
| But if you work in national security or are sensitive to security
| threats from nation states, this would certainly be an absolutely
| critical item to address or understand.
|
| National Security and nation states would absolutely use this as
| a target where billions of dollars or thousands of lives could be
| at stake.
___________________________________________________________________
(page generated 2020-09-11 23:00 UTC)