[$] The TCP "challenge ACK" side channel

Side-channel attacks against various kinds of protocols (typicallynetworking or cryptographic) are both dangerous and often hard fordevelopers and reviewers to spot.They are generally passive attacks, which makes them hard to detect as well. Arecent paper[PDF] describes in detail one such attack against the kernel's TCPnetworking stack; the bug (CVE-2016-5696)has existed since Linux 3.6, which was released in 2012. Ironically, the bug was introduced because Linux has implementeda countermeasure against another type of attack.