Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Paul 'Tony' Watson Interviewed

CowboyNeal posted more than 9 years ago | from the getting-to-know dept.

Security 77

An anonymous reader writes "Whitedust is running an interview with Paul Watson. Watson, who discovered a flaw in TCP/IP that could allow attackers to reset connections last year, made a splash with the media. He talks about how he got his start in computer security, as part of the early warez scene, his work in the Air Force and the US Government, and his current projects. He is now working at the leading search engine in the world, Google."

cancel ×

77 comments

Sorry! There are no comments related to the filter you selected.

This is not the first post. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13191499)

Therefore, I cannot fail it!

Re:This is not the first post. (-1, Offtopic)

Mahou (873114) | more than 9 years ago | (#13191529)

haha you did fail it!!

Google? (5, Funny)

katana (122232) | more than 9 years ago | (#13191504)

Oh, THAT leading search engine. Thanks for clarifying.

Re:Google? (0)

Anonymous Coward | more than 9 years ago | (#13191692)

Yet another spook at google

Big google is watching YOU!

Re:Google? (2, Funny)

strider44 (650833) | more than 9 years ago | (#13192432)

Wow, I always wondered what Google was. I guess I should have googled it.

Re:Google? (1)

Frank T. Lofaro Jr. (142215) | more than 9 years ago | (#13200571)

Google for "search engine" (with quotes) and Altavista is the #1 hit!

But is he fat? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13191506)


Well what if your family didnt like bread, they liked warez? Would it still be a crime?

Why does he do this? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13191509)

Doesn't he know that this can allow terrorists to attack our computers. This undermines national security. How can he hate freedom so much?

FIRST POST (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#13191513)

FIRST POST

Google = Nerd Nirvana (5, Funny)

karvind (833059) | more than 9 years ago | (#13191515)

From the article:

I came to work at Google late last summer. It gets a lot of media buzz about being geek-sheik and super cool. I have worked at some really cool places before Google, but Google is so much more incredible than any media article or Slashdot post could ever describe. The best phrase I can think of would be nerd-nirvana (or should it be nerdvana?)

Folks, we are not doing a good job here. We need to bump up the number of Google stories per day.

Geek Orgasm (4, Insightful)

Saeed al-Sahaf (665390) | more than 9 years ago | (#13191607)

Don't worry, like all dot-coms with "incredible" ideas and even more "incredible" toys in their work spaces, but very few profit producing products, Google's bubble will pop, the over-priced stock will whither, and Slashdot will move on to The Next Geek Orgasm.

Re:Geek Orgasm (2, Insightful)

johnnyb (4816) | more than 9 years ago | (#13191627)

The difference is that Google does create profit-producing programs. Many of them. In addition, it seems to be a technology-oriented company, so the techies don't have to chase their tales for years at a time just because some marketing guy said so.

Re:Geek Orgasm (2, Insightful)

Saeed al-Sahaf (665390) | more than 9 years ago | (#13191645)

The difference is that Google does create profit-producing programs.

Yes, they do. Most if not all are amazing. But do they produce profit for Google? Not very many. Google stock is over-priced, and there will be an adjustment when people start to scale down their expectations to realistic levels.

Re:Geek Orgasm (2, Insightful)

johnnyb (4816) | more than 9 years ago | (#13191783)

"But do they produce profit for Google? Not very many."

They don't need very many. They are already super-profitable.

"Google stock is over-priced, and there will be an adjustment when people start to scale down their expectations to realistic levels."

No question about that. However, this is not the fault of Google, but of the market. This is like RedHat. They have _always_ been a solid company. They have not always been a good stock, but that has nothing to do with their performance as a company, but with the market being stupid.

Re:Geek Orgasm (1)

citog (206365) | more than 9 years ago | (#13191830)

Could you outline what you mean, in more detail, in relation to their press release [sec.gov] and earlier filings [google.com] ?

Re:Geek Orgasm (1)

Saeed al-Sahaf (665390) | more than 9 years ago | (#13191992)

Could you outline what you mean, in more detail, in relation to their press release and earlier filings?

What do you expect them to say in their filings? Time will tell. Just like it did for all the other inflated dot-coms that went down. Their filings sounded pretty rosy too. It's just a fact. I'm not saying that they don't produce some amazing things, I'm saying they have yet to show that they can or are willing to profit from these things, something that they will have to do to maintain their current levels of hedonism.

Re:Geek Orgasm (0)

Anonymous Coward | more than 9 years ago | (#13192057)

...chase their tales...

try tails

Slashdot is google's bitch (or trying to be) (0)

Anonymous Coward | more than 9 years ago | (#13193497)

I guess Slashdot "editors" have stock in Google. Every day we get at least one or two articles, which amount to:


Google googles the google and googly google on the google Summer of Code goggle gloggle cock a google goo. "Google my google", said recently hired Google googly. At the wacky work environment, googlers google in the hallways, google on the ping pong table or air hocky, and google down their pants. Goggle goggle fersnizzlemynizzle the googlacious googlopoly on the Microsoft is Evil (TM) over the googleplexity of the gogle gobilty gooq, if the Do No Evil (TM) goobers on the goggle.


The really pathetic thing is that Google is just a search engine that makes money off of advertisements, a business model that has been around for about a decade. In fact, the exact mechanism Google uses was patented by Overture (acquired by Yahoo), which was the subject of a lawsuit that was settled when Google gave a massive chunk of shares to Yahoo.

All of the "hot R&D" that is going on, including the Summer of Code, is essentially throwing random feces against the wall and seeing what sticks. There's no planning, but ad hoc providing solutions to problems that may or may not be needed by most people. That's why Google is hiring so many "top engineers" from other companies, or just allowing anyone to compete in their competition; they cannot generate ideas internally and justify the price of their stock.

The dynamics governing the altitude of the stock price are exactly the same as the mechanisms governing the original Dot-Com bubble: The Theory of the Greater Fool. As long as Google generates publicity, more foolish people will believe that there is substance to the stock and create a demand that keeps the price unreasonably inflated.

Skip the marketing copy.. (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#13191519)

He is now working at the leading search engine in the world, Google.

"He is now working at Google" would've said the same exact thing, you know.

Yet another criminal hacker employed by Google (-1, Troll)

Anonymous Coward | more than 9 years ago | (#13191523)

Just like that Chinaman who used to work for Microsoft. I know you lot are sympathetic to "hackers", but don't you find it disturbing that Google is willing to employ so many people with criminal backgrounds?

You break it, you bought it. (0)

Anonymous Coward | more than 9 years ago | (#13191533)

"Watson, who discovered a flaw in TCP/IP that could allow attackers to reset connections last year, made a splash with the media."

So how does one go about discovering these "flaws"?

Re:You break it, you bought it. (1)

$RANDOMLUSER (804576) | more than 9 years ago | (#13191667)

Um, by reading the RFC [faqs.org] ?

Discovered... (-1, Flamebait)

Gothmolly (148874) | more than 9 years ago | (#13191541)

like when Guardent "discovered" that with sufficient CPU power and a little knowledge of a TCP stream, you could, gasp, guess the next sequence number! OMG !!!111!one!! Call Dick Cheney!

I love it when 'researchers' 'discover' something like this. OMFG, SNMP sends messages in the clear! Start the bombing!

Seriously people, in the immortal words of /., "Nothing to see here, move along"

Re:Discovered... (1)

cagle_.25 (715952) | more than 9 years ago | (#13192010)

Technically, what he discovered was not so much the obvious point that you mention, but that CISCO hadn't *noticed* that obvious point before.

It all seems so obvious in hindsight, y'know?

BTW, he might have done better to call Dick Cheney, cause according to TFA, the US CERT team ignored him.

which is it? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#13191544)

Is Paul Watson cool because he works at Google? Or is Google cool because it's where Paul Watson works?

Neither (0)

Anonymous Coward | more than 9 years ago | (#13193038)

He's cool because he's named after Windows utility.

Re:which is it? (1)

dovetail3 (884917) | more than 9 years ago | (#13194219)

Oh?, I though Google was cool because it's slashdotted...

Good quote from TFA (5, Interesting)

rangefinder (836739) | more than 9 years ago | (#13191561)

"In regards to all the media attention, I think that by far the coolest thing to come from all that attention was when I was Slashdot'd. That was like getting the key to the city from the Mayor of Geekville."

Re:Good quote from TFA (1, Funny)

Anonymous Coward | more than 9 years ago | (#13191575)

I liked this one:

I made a deal with a friends mom who was in school for Computers at Purdue; I would help her write her programs for her computer classes if she let me have use her Unix account so I could learn Unix and C. I fell in love with Unix immediately.

Major nerd.

Re:Good quote from TFA (1)

Seumas (6865) | more than 9 years ago | (#13191823)

He talks about how he got his start in computer security, as part of the early warez scene, his work in the Air Force and the US Government,

So the government doesn't do background checks anymore?!?

Re:Good quote from TFA (0)

Anonymous Coward | more than 9 years ago | (#13200583)

Its OK if you don't get caught, that is the culture.

Just look at Haliburton, etc.

If they know you are up to no good, but manage to not go to jail, you have what they really want, a smart crook.

Discovered? (4, Interesting)

Shamashmuddamiq (588220) | more than 9 years ago | (#13191587)

Discovered? Late last year? I think I remember "discovering" then subsequently reading about this problem in one of my TCP/IP books many years ago. Does this have to do with inserting packets into a TCP stream that have the RST flag set? (I can't find any technical information on this...some of the dumbed-down articles have broken links, but no interesting information.)

Re:Discovered? (4, Informative)

liquidpele (663430) | more than 9 years ago | (#13191673)

Here is a good technical artical on the subject...

linky [kerneltrap.org]
 

Re:Discovered? (4, Insightful)

Shamashmuddamiq (588220) | more than 9 years ago | (#13191766)

Thanks! That's much better. His paper states that "TCP window sizes were not considered in the calculations." Perhaps not, but I find it hard to believe that he is the first to realize that. This guy probably deserves the credit for creating a media frenzy about this problem, but not much else.

It really has bugged me, in the past, that all the popular operating systems assign outgoing ports sequentially. This especially causes problems with net-booted systems, because if the system gets interrupted part-way into the initial network transfer, the routers get really confused because on retry, all the source port and sequence numbers are the same! I've had problems with this before (I design software for embedded systems), and I think this is when I first "discovered", like this guy did, how relatively easy it is to perform TCP RST attacks under some circumstances.

Re:Discovered? (3, Insightful)

RedWizzard (192002) | more than 9 years ago | (#13191737)

Discovered? Late last year? I think I remember "discovering" then subsequently reading about this problem in one of my TCP/IP books many years ago. Does this have to do with inserting packets into a TCP stream that have the RST flag set? (I can't find any technical information on this...some of the dumbed-down articles have broken links, but no interesting information.)
Yes. What's new is that Paul realised that the sequence number doesn't need to be brute forced from all 2^32 combinations - it only needs to fall within the current window. That makes the attack much more practical.

Re:Discovered? (0)

Anonymous Coward | more than 9 years ago | (#13191971)

You mean Paul and everyone who has ever read the RFC or the source code of any implementation. Or any of the many discussion in various implementation mailing lists of this fact. Or security lists. The first time I remember reading a discussion of this attack was around 1989. But since I only started working on TCP/IP in 1987 it was probably documented well before that.

There are very few "new" layer 3 and 4 attacks being discovered. The people who designed TCP/IP were aware of most of the flaws 15-25 years ago. What makes an announcement worthwhile is when someone gives solid analysis of possible countermeasures. Extra credit if they analyze current implementations; double bonus points for providing improved source code for one or more implementations.

Re:Discovered? (1)

RedWizzard (192002) | more than 9 years ago | (#13192193)

You're right - it's not a new attack. But the vulnerability was underestimated, particularly in light of extended window sizes.

Re:Discovered? (0)

Anonymous Coward | more than 9 years ago | (#13192634)

Yes it was not a brand new exploit but, a new twist on it. Hardly worth the news buzz. The company I work for decided to implement a routine in our stack that wouldn't accept a RST if it fell in the first half of the window. However big deal you reset my TCP session wooo a DOS. On some level theres no avoiding them.

Dear Whitedust (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#13191600)

Please use a spell/grammar check. You're articles appear to be written by 14 year olds.

Re:Dear Whitedust (1)

MyLongNickName (822545) | more than 9 years ago | (#13191612)

You're articles

So are the comments :)

Re:Dear Whitedust (1)

name773 (696972) | more than 9 years ago | (#13191761)

i think you meant to write "so do the articles" ;)

so i fail it... (1)

name773 (696972) | more than 9 years ago | (#13191779)

s/articles/comments

Re:Dear Whitedust (1)

rbarreira (836272) | more than 9 years ago | (#13191944)

Oh, and the non-understood ironys...

He remembered me! (0)

Anonymous Coward | more than 9 years ago | (#13191615)

OMG! He mentioned me in his interview. Tony Watson talked about me in the second to last question.
----------
Check out this poll [1asphost.com] - I like nipples.
ccc.1asphost.com.codeworm [1asphost.com]

The government's hiring practices hurt security (4, Insightful)

ShatteredDream (636520) | more than 9 years ago | (#13191617)

After seeing him point out that the government came to regard hackers as such a major threat, I couldn't help but think that our government brings on most of its own problems. The hiring and firing practices and I suppose the procurement processes are also completely fucked up and need to be modernized.

Our government will put people getting $50-$60K into a jet that costs $2B to build and that can carry very large nuclear payloads. They nearly crippled our navy's ability to wage war on other naval power through the SmartShip program, all because they wanted to save on the cost of a sysadmin's salary.

I'm a libertarian by persuasion and I want the government buying the very best and being competitive in its core competencies. I want them to hire the best and brightest, and pay them accordingly because it's cheaper to pay someone an above fair market wage to get the best talent than to have someone do billions of damage to your country's networks. Saving money should be secondary to the government getting everything it needs to carry out its core missions.

Someone who brings a tremendous wealth of networking experience should be elligible for a six digit salary starting out, just as they would in the private sector. I have no problem paying someone who's extremely good at computer security several hundred thousand dollars to do federal network security because as I said, it's cheaper to pay for good people who'll get the job done right.

We also need fewer regulations that protect job security. People who don't do jack shit for the public should be kicked to the curb even faster than they would in the private sector.

Re:The government's hiring practices hurt security (0)

Anonymous Coward | more than 9 years ago | (#13191661)

Q: How many Libertarians does it take to change a light bulb?
A: Two. They're just that dumb.

Re:The government's hiring practices hurt security (0)

Anonymous Coward | more than 9 years ago | (#13191849)

I'm a libertarian, but that's a funny joke. I hope you don't get punished by my fellow, humorless, libertarians.

Re:The government's hiring practices hurt security (1)

mnemonic_ (164550) | more than 9 years ago | (#13191742)

Our government will put people getting $50-$60K into a jet that costs $2B to build and that can carry very large nuclear payloads. They nearly crippled our navy's ability to wage war on other naval power through the SmartShip program, all because they wanted to save on the cost of a sysadmin's salary.

Do all of your examples come from pamphlets? Do you have any outside knowledge of any issue you discuss?

Re:The government's hiring practices hurt security (1)

SilentShriek (903213) | more than 9 years ago | (#13192014)

Even if they get paid big bucks to get the job done right, someone will always come along that can break what they've built. Nothing man creates is inpenetrable by man.

Re:The government's hiring practices hurt security (1)

Neoprofin (871029) | more than 9 years ago | (#13192672)

What other navel power are we fighting?

"Terrorists" don't have aircraft carriers.

Yet.

Re:The government's hiring practices hurt security (1)

hunterx11 (778171) | more than 9 years ago | (#13192746)

What other navel power are we fighting?

We can't be too careful. There are intelligence reports that they are attempting to purchase lint from Africa.

WOW (5, Funny)

JeiFuRi (888436) | more than 9 years ago | (#13191648)

"discovered a flaw in TCP/IP that could allow attackers to reset connections last year" So his flaw allows people to travel back in time - to last year - and reset connections?

Re:WOW (0)

Anonymous Coward | more than 9 years ago | (#13192611)

i like your style



A LOT

i like your stle

A LOT

Re:WOW (2, Funny)

sharkey (16670) | more than 9 years ago | (#13194294)

Now it just needs to be refined, so that one can travel back in time and insert </i> tags!

Yup (0)

Anonymous Coward | more than 9 years ago | (#13194327)

It's so easy I can't believe nobody thought of it sooner - you just set all your packets TTL to -60.

Re:WOW (0)

Anonymous Coward | more than 9 years ago | (#13194588)

"discovered a flaw in TCP/IP that could allow attackers to reset connections last year" So his flaw allows people to travel back in time - to last year - and reset connections?

No, don't be silly.

The connection has to still be open.

Corona??? (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#13191776)

I was thinking "cool dude". Then I read that he drinks Corona, and it all just evaporated.

Re:Corona??? (1)

parasonic (699907) | more than 9 years ago | (#13192207)

And by implication of your statement, you don't drink Corona? As a fellow slashdotter, I know that you can't handle heavier drinks than Corona, so you are stuck with water and/or Snapple by process of elimination since you don't drink Corona. Geek.

Re:Corona??? (0)

Anonymous Coward | more than 9 years ago | (#13192720)

Murphy's [murphys.com] all the way mate :-)

Correct me if I am wrong.. (1)

andersbergh (884714) | more than 9 years ago | (#13191892)

..but wasn't it an ICMP flaw rather than a TCP/IP flaw?

Re:Correct me if I am wrong.. (0)

Anonymous Coward | more than 9 years ago | (#13192396)

You're wrong. It was a TCP/IP flaw, not an ICMP flaw.

code sharing? (1)

recharged95 (782975) | more than 9 years ago | (#13191899)

"Since the system was very customized to my previous employer, I wanted to rewrite all the code into something more generic and usable by anybody, which is when it was renamed Cygnus. "

Hmmm. There a pattern here with google vs. the world (i.e. Microsoft Lee case)? If the original code was developed under a gov't contractor, much licensing/restrictions issues pop up.

Anyway cisco stuff has much things to exploit, just a matter of time... they're working on it at least.

Re:code sharing? (1)

name773 (696972) | more than 9 years ago | (#13192147)

i think he was at rockwell when he wrote that, although i may have it wrong

Arrogant Guy.. (0)

Anonymous Coward | more than 9 years ago | (#13192017)

This guy is a real arrogant bastard. Damn I wish I had his skills so I could also be! :(

Pretty cool guy (1)

raistphrk (203742) | more than 9 years ago | (#13192150)

It's nice reading an article about somebody who gets media attention and doesn't turn into a total tool (*cough*Steve Gibson*cough*), assuming they weren't a tool to begin with. On top of that, the guy makes his point that the vulnerability he writes about is serious without sensationalizing the whole thing.

Re:Pretty cool guy (1)

Slashcrap (869349) | more than 9 years ago | (#13194422)

(*cough*Steve Gibson*cough*)

Oh come on, Steve isn't all bad. For instance I particularly like his idea that people should disable TCP/IP on their home networks and use IPX instead.

What it mainly has going for it is that anyone naive, gullible or stupid enough to take any notice of his sensationalist, self-publicising, scaremongering bullshit won't be able to talk to the rest of the Internet. It's like a self-cleaning gene pool!

Flaw? (1)

autopr0n (534291) | more than 9 years ago | (#13192391)

It's not a bug, it's a feature. Some security products operate by inserting TCP reset signals to blog innapropriate connections. One company has had a patent on this method for years.

Re:Flaw? (1)

Slashcrap (869349) | more than 9 years ago | (#13194380)

It's not a bug, it's a feature. Some security products operate by inserting TCP reset signals to blog innapropriate connections. One company has had a patent on this method for years.

Yes, but there is a huge difference between a router/firewall/IDS which is actually handling the connection (and therefore has intimate knowledge of the sequence numbers) being able to send an RST and a 3rd party with only limited info about the connection being able to reset it.

I assume you took that minor detail into account before insinuating that Paul Watson was a publicity seeker who hadn't discovered anything new?

This is big... (1)

shaneh0 (624603) | more than 9 years ago | (#13192458)

Word is that this guy is THE authority on General Protection Faults. I usually get a chance to work with him 1 or 2 times a week.

Where are the editors (0)

Anonymous Coward | more than 9 years ago | (#13192599)

Watson didn't reset the connection last year, but discovered the flaw last year.

OMG (1)

Shawarma (551973) | more than 9 years ago | (#13192856)

Attackers can reset connections last year?!?
Why didn't anyone tell me this before?

Slashdot = Whinedot (0)

Anonymous Coward | more than 9 years ago | (#13193057)

Is it me or is slashdot turning into whinedot? Everytime an interview or article is posted all the trolls do is whine about it; be it a typo, spag or one sentance which has not been formed in the best possible way.

The thing is the slashdotting must generate more hits than people's posts...

So basically you just get a hardcore of about 5-10% of users who just feel the need to whine like little girls about every aspect of an article apart from the important one's.

Way to go! Give yourselves a massive pat on the back.

This is getting to be such a great place.

Re:Slashdot = Whinedot (1)

Paris The Pirate (799954) | more than 9 years ago | (#13193301)

Agreed.

Re:Slashdot = Whinedot (1)

WilliamSChips (793741) | more than 9 years ago | (#13194961)

So basically you just get a hardcore of about 5-10% of users who just feel the need to whine like little girls about every aspect of an article apart from the important one's.
Like you?

Re:Slashdot = Whinedot (1)

Paris The Pirate (799954) | more than 9 years ago | (#13195837)

Like you? And you? (And me now... see we are both retarded. Although you were retarded first).

terrorist.net (1)

dnaSpyDir (167208) | more than 9 years ago | (#13194419)

i'm STILL waiting for an account paw...

Ir_dan

Reset connections only last year? (1)

macraig (621737) | more than 9 years ago | (#13200577)

"...discovered a flaw in TCP/IP that could allow attackers to reset connections last year...."

Wow, a TCP/IP flaw that had existed for all that time but only allowed the exploit to work in 2004? It's a good thing that was so clearly described, because otherwise I might have become quite confused.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?