posted
Oct 25, 2011 by News Hunter
The Germans have caused all sorts of mass destruction, a double whammy of security and confidentiality. Other researchers in Germany to find and exploit a vacuum that breaks the W3C XML Encryption with a crisis that works in all cases. A hacker group released a new SSL DDoS tool can be successfully launched from a single laptop, a single ADSL connection, to bring down a server. The researchers said that Microsoft, IBM, Red Hat, Apache XML framework and other major suppliers to adopt a new standard.
A new tool that runs in DOS SSL head. . Piracy in German "The choice of the Pirates" (THC) has launched a new murderer DDoS tool for Windows and Unix hackers that has a twist deadly attack. This is not a party to the server. until you hit overload and offline. SSL-DOS tools THC reaches the server with thousands of SSL renegotiation through a bit of TCP until the server crashes and dies. However, a bandwidth of the server on a single ADSL connection to traditional DDoS attack can be launched from a single ADSL connection. Establish a secure SSL connection requires a processing power 15 times more than what he does on the server to the client.
The attack tool THC-SSL-DOS "does not require bandwidth and only a single virus attack." THC said the old adage is true, "Complexity is the enemy of security." SSL renegotiation would have to ensure that SSL, but rarely used, is enabled by default, and that's what makes the server. more vulnerable to attack a member of THC added: "The renegotiation of key material is a stupid idea in terms of cryptography.". The hacker group said that the traditional means of DDoS attacks, which played "a vital role in the protests against oppressive governments (such as a DDoS attack against the Iranian leader) and against companies that violate freedom of expression (such as the attack DDoS against Wikileaks Mastercard to close the account of the non-profit donation), "are resource hogs.
Meanwhile, more bad news for security, as the German researchers at the University of Bochum broke the W3C standard for XML encryption security means a "grave crisis" and said that large companies, such as "Microsoft and Red Hat IBM Linux through XML Web services for integration projects for large customers "are concerned.
The German researchers said, "XML Encryption is designed to protect the confidentiality of data exchanged" and used in a "significant number of web applications," including corporate communications, electronic commerce, financial services, health applications, as well as the government and military infrastructure. However, the message "that all is well" was underlined when Juraj Somorovsky Tibor Jager, and exploited a weakness and "able to decrypt the data modified by sending a coded message. Servers, with the collection of message information Error received "The attack works" against implementations of the companies that responded to the Communications Manager – "..
Therefore proposed to amend the rule as soon as possible. "The attack was presented at the ACM conference on computer security and communication last week. Urge the selection tool DDoS hackers, there is no real solution for now. Somorovsky said" The "patch for this problem is simple .
Related Stories
