THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this [...]
Tag Archive | "ssl renegotiation bug"
Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month. IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it. The fix is [...]
You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The [...]
When this SSL Renegotiation bug hit the news, most people said it was a theoretical attack and was of no practical use in the real world. But then people tend to say that about most things don’t they until they get pwned up the face. It turns out the rather obscure SSL flaw can be [...]