Establishing Digital Trust: Don't Sacrifice Security for Convenience
A German hacker group has released a new DDoS tool designed to enable a single PC to take down a Web server using a secure connection.
"The THC-SSL-DOS tool ... purportedly exploits a flaw in Secure Sockets Layer (SSL) renegotiation protocol by overwhelming the system with multiple requests for secure connections," writes CNET News' Steven Musil. "SSL renegotiation allows Web sites to create a new security key over an already established SSL connection."
"A German group known as [The] Hacker's Choice said it released the exploit to bring attention to flaws in SSL, which allows sensitive data to flow between Web sites and an individual user's computer without being intercepted," Musil writes.
Go to "New attack tool targets Web servers using secure connections" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.