Cool Beans

I wish I could go to this. Not just to visit Helsinki which would be awesome, but to see first-hand a proof-of-concept of a new TCP SYN-flood-like attack that uses a "a very low bandwidth attack stream" to fill the TCP state table and effectively cause a denial of service. I imagine if it were Metasploited, any kiddie could take down entire domains. [Wow, that's useful, cursory speculation. Sorry.] The issue seems to affect all popular systems, including Windows, Linux, BSD, and embedded systems.

If you don't get it, TCP owns the Internet. Not everything Internet, but it's big. And this vulnerability means that almost everything on the Internet can be taken down: IM, web,  email, your home computer, cablemodem, the list goes on for services and almost any networked system. This could literally destroy the Net... and there's no easy fix according to the discoverers.

On that note, I've noticed it seems that bleeding edge hackers tend to be hugely pessimistic doomsayers about the state of the 'net-- and rightly so if they are in the thick of fixing it and dealing with vendor lag. This is especially apparent in any group demo of an exploit, easily becoming tiresome; The security guy always claiming the sky is falling. But I've also noticed that security "managers" on the other hand focus a great deal on analysis and quantification rather than pessimism. If it's not on paper and all risks identified and documented, it does not yet qualify for a consideration. Maybe these characteristics are different facets to dealing with the same challenges; but combined they can be very problematic and even impeding. Just some posits about the industry.