Hackers have launched a program that allows one computer to finish with a Web server using a secure connection.
THC tool-SSL-DOS, which was published on Monday, allegedly exploits a flaw in the Secure Sockets Layer renegotiation (SSL) by overloading the system with multiple applications for secure connections. SSL renegotiation allows Web sites to create a new security key through an already established connection SSL.
A German group called Choice said hackers exploit published to draw attention to flaws in SSL, which allows sensitive data to flow between Web sites and individual users' computers without being intercepted.
"We expect the SSL security on the fish does not go unnoticed," said an unidentified member of the group in a blog. "The industry should intervene to resolve the problem so that citizens are safe and secure again. SSL is to use a method of aging the protection of private data is complex, unnecessary and unfit for the 21st century."
The exploit still works on servers that have not enabled SSL renegotiation, the group said, but requires some modifications and more computers. The group said that the operation will allow a single laptop IBM to end media server in a standard DSL connection.
The tool is available on Unix and Windows binary code. The technical details are available here.
THC tool-SSL-DOS, which was published on Monday, allegedly exploits a flaw in the Secure Sockets Layer renegotiation (SSL) by overloading the system with multiple applications for secure connections. SSL renegotiation allows Web sites to create a new security key through an already established connection SSL.
A German group called Choice said hackers exploit published to draw attention to flaws in SSL, which allows sensitive data to flow between Web sites and individual users' computers without being intercepted."We expect the SSL security on the fish does not go unnoticed," said an unidentified member of the group in a blog. "The industry should intervene to resolve the problem so that citizens are safe and secure again. SSL is to use a method of aging the protection of private data is complex, unnecessary and unfit for the 21st century."
The exploit still works on servers that have not enabled SSL renegotiation, the group said, but requires some modifications and more computers. The group said that the operation will allow a single laptop IBM to end media server in a standard DSL connection.
The tool is available on Unix and Windows binary code. The technical details are available here.
