Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - HTTP is "broken" with critical DDOS flaw, say rese->

Submitted by huzur79
huzur79 (1441705) writes "Researchers from Proactive Risk, an IT security firm, will demonstrate at an upcoming application security conference a systemic flaw in the HTTP protocol that can easily be exploited through online gaming and other activities into distributed denial-of-service (DDOS) attacks that can flood web servers — even through secure connections — with very slow "POST" traffic that is difficult to distinguish from legitimate traffic, making it hard to prevent.

The demonstration will come November 8th at the OWASP 2010 conference in Washington DC and is led by researcher Wong Onn Chee, who first discovered the attack last year in Singapore, according to a report from Dark Reading, a security-focused web site. The technique can crash both IIS and Apache servers using either HTTP or HTTPS protocols, and could conceivably affect anything using a web connection, including SSL, VPN and other "more secure" systems.

http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532
http://www.proactiverisk.com/
http://www.owasp.org/index.php/OWASP_AppSec_DC_2010"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

HTTP is "broken" with critical DDOS flaw, say rese

Comments Filter:

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant

Working...