ID: IRCNE2011101297
Date: 2011-10-25
According to "cnet", Hackers have released a program they say will allow a single computer to take down a Web server using a secure connection.
The THC-SSL-DOS tool, which was released Monday, purportedly exploits a flaw in Secure Sockets Layer (SSL) renegotiation protocol by overwhelming the system with multiple requests for secure connections. SSL renegotiation allows Web sites to create a new security key over an already established SSL connection.
A German group known as Hackers Choice said it released the exploit to bring attention to flaws in SSL.
"We are hoping that the fishy security in SSL does not go unnoticed," an unidentified member of the group said. "The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, and not fit for the 21st century."
The exploit still works on servers that don't have SSL renegotiation enabled, the group said, but requires some modification and more computers. The tool is available in Unix and Windows binary code.
- 2