Feeds

back to article Tool lets low-end PC crash much more powerful webserver

Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations. A German group known as The Hacker's Choice released the tool on Monday, in part to bring attention to what they said were a series of long-running …

COMMENTS

This topic is closed for new posts.
Silver badge
Mushroom

“The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”

So who are those sanctimonious jerks who probably know only how to wreck stuff and couldn't design anything secure if their life depended on it?

Like vandals claiming they be fightin' for the freedom of the working class.

0
8
FAIL

Research needed

You should probably take a look at THC's history and projects before flaming them. This isn't the work of the latest round of skiddies to crawl out of the woodwork.

0
0
Silver badge
Thumb Down

Well they definitely behave that way.

0
0
Happy

Grammar check

It should read 'Tools let low end PC....'. This wasn't the work of an individual

1
1

I for one don't care what their motives are - over the past months it has become abundantly clear that SSL in its current form is well past its use-by date, so the sooner it gets fixed or replaced the better.

5
0
Bronze badge

Discovering and proving a flaw in a security product is a valuable service, IMO - unlike vandals, these guys haven't done any actual damage. By releasing the tool into the wild, this effectively forces developers to fix the hole ASAP, rather than sitting around pontificating about whether it's really important or not until it's used to do some serious damage.

I wonder if this will affect Google's apparent affection for SSL on everything - and if there's a botnet big enough to knock them offline using this technique, if they aren't already protected?

0
0
W60

Workaround

Per the THC site:

"No real solutions exists. The following steps can mitigate (but not solve)

the problem:

1. Disable SSL-Renegotiation

2. Invest into SSL Accelerator

Either of these countermeasures can be circumventing by modifying

THC-SSL-DOS."

Surely then just limiting connection based upon src IP with renegotiation is a mitigation that can't be circumvented....unless you can spoof the traffic

0
0
This topic is closed for new posts.