This is a mirror of official site: http://jasper-net.blogspot.com/

New Attack Tool Exploits SSL Renegotiation Bug

| Wednesday, October 26, 2011
    A group of researchers has released a tool that they say implements a denial-of-service attack against SSL servers by triggering a huge number of SSL renegotiations, eventually consuming all of the server's resources and making it unavailable. The tool exploits a widely known issue with the way that SSL connections work. The attack tool, released by a group called The Hacker's Choice, is meant to exploit the fact that it takes a lot of server resources to handle SSL handshakes at the beginning of a session, and that if a client or series of clients sends enough session requests to a given server, the server will at some point fail. The condition can be worsened when SSL renegotiation is enabled on a server. SSL renegotiation is used in a number of scenarios, but most commonly when there is a need for a client-side certificate. The authors of the tool say that the attack will work on servers without SSL renegotiation enabled, but with some modifications.

Read more: Slashdot
QR: new-attack-tool-exploits-ssl-renegotiation-bug

Posted via email from Jasper-net

0 comments: