Two days after a security vendor announced it had found a new vulnerability in TCP, only to be lambasted for passing an old problem off as news, the researcher who identified the weakness defended his work and the decision to announce . . .
Two days after a security vendor announced it had found a new vulnerability in TCP, only to be lambasted for passing an old problem off as news, the researcher who identified the weakness defended his work and the decision to announce it.

Tim Newsham, senior research scientist at Guardent, said that although the vulnerability he found in the Transmission Control Protocol is quite similar to one identified in 1985 by another researcher, it differs in several important ways.

The original problem, discovered by AT&T's Robert Morris, was that ISNs (Initial Sequence Numbers) generated at the beginning of TCP sessions to authenticate subsequent packets were predictable and could be used to create a forged connection between an attacker and a remote host. This, in turn, would enable the attacker to impersonate a trusted host.

The link for this article located at ZDNet is no longer available.