DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th December 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default 28C3: Denial-of-Service attacks on web applications made easy

From http://h-online.com/-1401863

Quote:
At the 28th Chaos Communication Congress (28C3) in Berlin on Wednesday, security researchers pointed out dangerous vulnerabilities in popular scripting languages and web application platforms such as PHP, ASP.NET, Java and Python. Alexander 'alech' Klink from security firm n.runs and TU Darmstadt researcher Julian Wälde warned that the hashing methods used to find individual objects in large amounts of data are vulnerable to simple attacks which could, in turn, be exploited to launch massive "Denial-of-Service" (DoS) attacks.

[snip]

Klink explained that web programming languages tend to use the DJBX33A or DJBX33X hash functions developed by Daniel Bernstein. He said that identical string segments can be detected, and the described collisions triggered, in DJBX33A; this hash function is used in such languages as PHP5, Ruby 1.8 and Java, as well as in systems based on Java, such as Tomcat and Glassfish. PHP4, ASP.NET, Python and JavaScript use DJBX33X or comparable algorithms and can be compromised via "Meet in the Middle" attacks, added Klink.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Open Government Platform: first source code made available J65nko News 0 7th December 2011 06:26 AM
New denial of service tool knocks out encrypting servers J65nko News 1 26th October 2011 08:05 AM
Netherlands open source report says no savings can be made J65nko News 6 17th March 2011 08:33 AM
OpenBSD GUI Applications qmemo OpenBSD Packages and Ports 17 6th August 2008 11:07 AM
Made Multimedia Server with FreeBSD 7 mfaridi FreeBSD Installation and Upgrading 6 17th May 2008 08:04 AM


All times are GMT. The time now is 07:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick