Linux kernel vulnerability endangers web servers and Android devices
Linux web servers and millions of Android devices are at risk due to a Linux kernel vulnerability that affects the pseudo-random number generator and allows cross-layer attacks due to the fact that UDP, IPv6 and IPv4 generation algorithms run on some Linux systems use a vulnerable PRNG.
As the author of the study, information security expert Amit Klein, explained, an attacker can determine the internal state of the PRNG at one OSI layer and use this data to predict a random numerical value at another OSI layer. This allows an attacker to perform a DNS cache poisoning attack on Linux systems both locally and remotely. The condition is that the DNS server must be outside the network.
DNS spoofing can be used for various malicious actions, for example, intercepting email and HTTP traffic, bypassing anti-spam mechanisms and email blacklists, conducting a local DoS attack, tracking an NTP client, etc.
Moreover,
The problem Klein discovered also allows you to track Linux and Android devices even in cases where the browser has private mode enabled or a VPN is used.
According to the expert, the most vulnerable to these attacks are servers on Ubuntu – about 13.4% of web servers run on Ubuntu, 3-5% of servers use Ubuntu and a public DNS service, satisfying the conditions for a potential attack. However, this figure could be higher, Klein said, since servers using external private DNS servers (for example, managed by internet rights) are also at risk.
The expert notified the Linux development team about the vulnerability in March this year. The issue was fixed with the release of a patch that implemented a more robust PRNG using SipHash. In Android, the problem was fixed in October; an alternative method of defense against this attack is to use a proxy or Tor. DNS-over-HTTPS also blocks DNS spoofing, but does not protect against snooping.
Henceforth, WE WISH TO ANNOUNCE THAT OUR SERVICES ARE NOT AVAILABLE TO PEOPLE FROM NIGERIA AND INDIA. THESE ARE USELESS TIME WASTERS AND THIEVES TRYING TO BEG OR SCAM US OF OUR PRODUCTS. OUR SERVICES ARE NOT FREE AND PAYMENT IS UPFRONT
A LOT OF FOOLS FROM NIGERIA AND INDIA. on the off chance that YOU DON’T TRUST TO USE OUR SERVICES, DON’T CONTACT US AS WE HAVE NO FREE SERVICE
CONTACT US FOR PURCHASES/INQUIRIES, WE RESPOND ALMOST INSTANTLY
HI BUYERS, WE ARE A PROFESSIONAL CARDING AND HACKING TEAM. HOVATOOLS HAS BEEN AROUND SINCE THE TIME OF EVO MARKET, ALPHABAY, WALLSTREET MARKET AND MORE. WE REMAIN STRONG AND RELIABLE IN THE INDUSTRY, ALWAYS PROVIDING YOU WITH THE BEST QUALITY TOOLS TO HELP YOU MAKE MONEY AND MAXIMIZE PROFIT IN THE FRAUD GAME.
TO GET STARTED, YOU CAN VISIT OUR ONLINE SHOP/STORE TO BUY EVERYTHING YOU NEED TO START CASHING OUT. AT THE SHOP YOU GET Accounts & Bank Drops CVV & CARDS DUMPS PERSONAL INFORMATION & SCAN.
BANK HACKING SOFTWARE – WIRE/ACH DARKWEB MONEY TRANSFER HACKERS
Buy Fresh Credit Cards for Carding, BIN LIST Buy Bank Login, RDP, Buy Hacked Paypal accounts. Contact us to buy all tools and carding software. CLICK HERE TO VISIT OUR SHOP
Buy Socks 5, Email Leads, Buy Latest CC to Bitcoin Cashout Guide, Buy Hacked Zelle transfer , Western Union Money Transfer Hack, Buy Hacked Money Transfer service to your bank account.
Enroll for Paid private Carding Class.