Yet Another Reason For Secure Websites
Thanks to the 25th Usenix Security Symposium the world has just discovered a flaw in the TCP implementation on Linux that has been around since 2012. Many, many websites run on Linux so this problem could very likely affect your own business website.
"Such a weakness could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor."
The Good News
If your website is already hosted with us (https://ProfessionalWebsites.biz) then you have nothing to worry about, our servers have already been patched.
If your website is secure (https://) but hosted elsewhere you have less to worry about. The worst an attacker could do is reset a visitor's connection:
"Encrypted connections (e.g., HTTPS) are immune to data injection, but they are still subject to being forcefully terminated by the attacker."
If your website is running on Linux (either https:// or http://) then you should contact your hosting provider to see if they have applied the temporary fix.
"This can be done on Ubuntu, for instance, as follows:
- Open /etc/sysctl.conf, append a command “net.ipv4.tcp_challenge_ack_limit = 999999999”.
- Use “sysctl -p” to update the configuration.
The https://wappalyzer.com/ browser plugin may help you determine if your website is running on Linux.
Some Linux servers are reported as Unix and should be investigated:
If your website is running on Windows this problem does not affect you.