By Steven Musil, CNET News, 25 October, 2011 09:47
Hackers have released a program they say will allow a single computer to take down a web server using a secure connection.
The THC-SSL-DOS tool, released on Monday, purportedly exploits a flaw in Secure Sockets Layer (SSL) renegotiation protocol by overwhelming the system with multiple requests for secure connections. SSL renegotiation allows websites to create a new security key over an already established SSL connection.
A German group known as Hackers Choice said it released the exploit to bring attention to flaws in SSL, which allows sensitive data to flow between websites and individual user's computers without being intercepted. "We are hoping that the fishy security in SSL does not go unnoticed," an unidentified member of the group said in a blog post.