Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
October 26, 2011 05:05 am

New Attack Tool Exploits SSL Renegotiation Bug


Trailrunner7 writes "A group of researchers has released a tool that they say implements a denial-of-service attack against SSL servers by triggering a huge number of SSL renegotiations, eventually consuming all of the server's resources and making it unavailable. The tool exploits a widely known issue with the way that SSL connections work. The attack tool, released by a group called The Hacker's Choice, is meant to exploit the fact that it takes a lot of server resources to handle SSL handshakes at the beginning of a session, and that if a client or series of clients sends enough session requests to a given server, the server will at some point fail. The condition can be worsened when SSL renegotiation is enabled on a server. SSL renegotiation is used in a number of scenarios, but most commonly when there is a need for a client-side certificate. The authors of the tool say that the attack will work on servers without SSL renegotiation enabled, but with some modifications."

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JEa_InASkfc/new-attack-tool-exploits-ssl-renegotiation-bug

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot