Submission + - HTTP is "broken" with critical DDOS flaw, say rese (darkreading.com)
The demonstration will come November 8th at the OWASP 2010 conference in Washington DC and is led by researcher Wong Onn Chee, who first discovered the attack last year in Singapore, according to a report from Dark Reading, a security-focused web site. The technique can crash both IIS and Apache servers using either HTTP or HTTPS protocols, and could conceivably affect anything using a web connection, including SSL, VPN and other "more secure" systems.
http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532
http://www.proactiverisk.com/
http://www.owasp.org/index.php/OWASP_AppSec_DC_2010