A group of hackers has released an application that allows an ordinary computer user take over a web server, even if the server is using a secure connection.
The tool is THC-SSL-DOS, released on Monday (10/24/2011). These tools work by exploiting a bug in the protocol “Secure Sockets Layer (SSL) renegotiation”. Attacking the victim by sending a request website access, to enter secure connection, a massive amount.
SSL renegotiation is a protocol that allows website to create a security key (security key) on the path to an existing SSL. The famous German hacker community said THC-SSL-DOS exists to attract attention and broadcasting that is still the presence of “holes” in the SSL, which allows sensitive data to flow between the website and the user’s computer can be intercepted. “We hope the SSL security issues are not lost in the wind”, said an unidentified hacker from the community in a blog post.
“The industry should move to correct this problem so that people feel safe and secure again. SSL using outdated methods to protect sensitive data is increasingly complex, SSL is not suitable for use in the 21st century.” this bug works on a server that does not enable SSL renegotiation, said the hacker community, but requires some modification and some supporters of the computer unit.
This community said the exploitation of this bug can still take over a server which uses a standard ADSL connection, from a personal laptop units. This hacking tools available on Unix and Windows binary code
0 comments:
Post a Comment