Full Disclosure mailing list archives
Re: THC SSL DOS tool released
From: Dan Luedtke <maildanrl () googlemail com>
Date: Tue, 25 Oct 2011 16:47:58 +0200
On Mon, Oct 24, 2011 at 4:14 PM, <rm () segfault net> wrote:
Today the German hacker group "The Hacker's Choice" officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.
Finally! Thank you! Until we have a better technology, I'd like to discuss short-term solutions* to this issue. Instead of CAs we could use notaries like suggested here: a) http://convergence.io/details.html b) http://www.youtube.com/watch?v=Z7Wl2FW2TcA To make it more difficult to DOS servers using SSL, the protocol could somehow be modified to challenge the client with some useless** but cpu-heavy calculation before the server starts acting. Of course it must be something that does not involve heavy calculation at the server side, otherwise its just dumb. It's just an idea, and I do not know if and how this is possible at all. SSL is dead, long live SSL? I don't see another option at the moment. Nevertheless, it is good the tool is out in the wild now. weird thoughts, danrl * Caution: short-term solutions tend to be more persistent than expected :) ** e.g. bitcoins pooled mining ;) -- Dan Luedtke http://www.danrl.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- THC SSL DOS tool released rm (Oct 24)
- Re: THC SSL DOS tool released Marsh Ray (Oct 24)
- Re: THC SSL DOS tool released Dan Luedtke (Oct 25)
- Re: THC SSL DOS tool released BH (Oct 25)
- Re: THC SSL DOS tool released Dan Luedtke (Oct 25)
- Re: THC SSL DOS tool released coderman (Oct 31)
- Re: THC SSL DOS tool released xD 0x41 (Oct 31)
- Re: THC SSL DOS tool released BH (Oct 25)
- <Possible follow-ups>
- Re: THC SSL DOS tool released Lamar Spells (Oct 25)