[HN Gopher] Raccoon Attack ___________________________________________________________________ Raccoon Attack Author : wglb Score : 66 points Date : 2020-09-11 18:59 UTC (4 hours ago) (HTM) web link (raccoon-attack.com) (TXT) w3m dump (raccoon-attack.com) | fuzzer37 wrote: | I think more projects should have cute mascots like this. Really | like the "Raccoon is not an acronym. Raccoons are just cute | animals, and it is well past time that an attack will be named | after them :)" line. | deanstag wrote: | This writeup covered each and every question that popped up in my | head in pretty much the same order too. Clear and concise. | lxe wrote: | This attack seems pretty surgical and might not be very | practical, but pretty interesting nonetheless. | imadethis wrote: | First off, thanks to the authors for making it clear that this is | a difficult attack vector to exploit. I'm tired of sites like | these that make it seem like it's the end of the world. | | As this is a timing based attack, I wonder what the feasibility | would be in a real-world network environment. From a brief skim | of the paper, it looks like they were getting a false positive | rate of 10% between two VMs on a Gigabit connection. I wonder how | quickly that would increase if the servers were in different | buildings / cities / continents. | ve55 wrote: | >Why is the attack called "Raccoon"? | | >Raccoon is not an acronym. Raccoons are just cute animals, and | it is well past time that an attack will be named after them :) | | Better naming and mascot than the last five TLS security bugs if | you ask me | footballnate29 wrote: | better than heartbleed | korethr wrote: | Additionally, there's another factor of raccoons that seems | serendipitously applicable here. Raccoons are cute, yes, but | they are also potentially dangerous and can cause damage or | injury if ignored or dealt with incorrectly. If raccoons are | present, it's worth it to pay some attention to make sure they | aren't the cause or symptom of a larger problem. | joshocar wrote: | Racoons are also very clever and persistent. I have had | several run in with them over the years, don't let their | "cuteness" fool you, they are ruthless and very devious. | jcims wrote: | Especially if you have chickens. Raccoons seem to have | figured out how to hypnotize them, and will just walk up | and eat them one by one buffet style. | hkmurakami wrote: | Obligatory raccoon removal video (11 of them!) In a Toronto | suburb. | | https://youtu.be/6S27dgeGqfA | ljhsiung wrote: | I thought heartbleed was a decent name. A callback to the | heartbeat protocol | | I think DROWN was kiiinda pushing it. | pvg wrote: | Dupe of https://news.ycombinator.com/item?id=24421247 | josteink wrote: | > I am an admin, should I drop everything and fix this? | | > Probably not. Raccoon is a complex timing attack and it is very | hard to exploit. | | Nice of them to put this up as one of the first non-technical | bulletins. | | No need to feed hysteria. | blantonl wrote: | _The vulnerability is really hard to exploit and relies on very | precise timing measurements and on a specific server | configuration to be exploitable._ | | It's interesting that they emphasize this is a really hard | problem to solve, and for 99% of use cases this really isn't an | issue to worry about. | | But if you work in national security or are sensitive to security | threats from nation states, this would certainly be an absolutely | critical item to address or understand. | | National Security and nation states would absolutely use this as | a target where billions of dollars or thousands of lives could be | at stake. ___________________________________________________________________ (page generated 2020-09-11 23:00 UTC)