Forgot your password?
typodupeerror

+ - HTTP is "broken" with critical DDOS flaw, say rese->

Submitted by huzur79
huzur79 (1441705) writes "Researchers from Proactive Risk, an IT security firm, will demonstrate at an upcoming application security conference a systemic flaw in the HTTP protocol that can easily be exploited through online gaming and other activities into distributed denial-of-service (DDOS) attacks that can flood web servers — even through secure connections — with very slow "POST" traffic that is difficult to distinguish from legitimate traffic, making it hard to prevent.

The demonstration will come November 8th at the OWASP 2010 conference in Washington DC and is led by researcher Wong Onn Chee, who first discovered the attack last year in Singapore, according to a report from Dark Reading, a security-focused web site. The technique can crash both IIS and Apache servers using either HTTP or HTTPS protocols, and could conceivably affect anything using a web connection, including SSL, VPN and other "more secure" systems.

http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532
http://www.proactiverisk.com/
http://www.owasp.org/index.php/OWASP_AppSec_DC_2010"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

HTTP is "broken" with critical DDOS flaw, say rese

Comments Filter:

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...