<p dir="ltr">My understanding is this can be used to force an ssh/ssl/tls connection to downgrade encryption to a version that's easily crackable. For high security systems, those formats should already be disabled. But for public facing sites that have to work with clients that may not yet support better methods, the mitigation method is essential. I see no reason to not implement the mitigation on hardened servers as a diaper. It should also be done on all client systems as those usually don't have hardened encryption initiated unless they are a rather new install with special follow-on procedures.</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Aug 12, 2016 9:56 AM, "Lightner, Jeffrey" <<a href="mailto:JLightner@dsservices.com">JLightner@dsservices.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><a href="https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html" target="_blank">https://thehackernews.com/<wbr>2016/08/linux-tcp-packet-<wbr>hacking.html</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Other stories related to this last night.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">My read last night was Disturbing because it says it can be used to disrupt even ssh/sftp/https connections.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Although it says it is in the 3.6 kernel and later it appears some earlier kernels for RedHat (and therefore CentOS and other derivatives) are affected. RedHat says all RHEL6.5 and above and RHEL 7. Earlier versions they say are not
affected. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">There is a mitigation in the story which is the same being suggested by RedHat.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Jeffrey C. Lightner</span></i><i><span style="font-size:12.0pt;color:#1f497d"><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Sr. UNIX/Linux Administrator</span></i><i><span style="color:#1f497d"><u></u><u></u></span></i></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">DS Services of America, Inc.</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">2300 Windy Ridge Pkwy</span><span style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Suite
<i>600 N</i></span><span style="font-family:"Times New Roman","serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Atlanta, GA 30339-8461</span><span lang="PT" style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"> <u></u><u></u></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">P:
<i><a href="tel:678-486-3516" value="+16784863516" target="_blank">678-486-3516</a><u></u><u></u></i></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">C:
<i><a href="tel:678-772-0018" value="+16787720018" target="_blank">678-772-0018</a></i></span><span lang="PT" style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">F:
<i><a href="tel:678-460-3603" value="+16784603603" target="_blank">678-460-3603</a></i></span><span lang="PT" style="color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="PT" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">E:
<i><a href="mailto:jlightner@dsservices.com" target="_blank"><span style="color:blue">jlightner@dsservices.com</span></a></i></span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p style="font-size:10pt;line-height:10pt;font-family:'Arial','times roman',serif">
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information
is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you
</p>
<span>
<p></p>
</span><br>
<br>
<div></div>
</div>
<br>______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
<br></blockquote></div></div>