by Paul Ducklin
Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say.
Patch early, patch often.
After all, why risk letting the crooks sneak in front of you when you could take a resolute stride ahead of them?
Well, this month, the Offensive Security team at SophosLabs (that’s offensive as in the opposite of defensive, by the way, not as in the opposite of polite; and it’s the security that’s offensive anyway, not the team) has come up with some even more compelling “patch now” advice.
It’s in the form of a short video, and it shows an unpatched Windows 10 computer being crashed at will across the network by a simple bug-tripping Python script:
[embedded content]
If the person running the script can aim a specially crafted IPv6 network packet at your computer – specifically, a booby-trapped ICMP packet – then they can bring you down without warning.
You see a Blue Screen of Death (BSoD), and any work you hadn’t saved is lost, probably forever.
ICMP is short for Internet Control Message Protocol, and it’s a low-level type of network packet that’s much simpler than setting up a regular TCP connection, and even simpler than UDP. The best known sort of ICMP message is probably a ping packet, generated by the ping utility that exists on almost every operating system. You ping a computer by its IP address and if it gets ..
Support the originator by clicking the read the rest link below.
