A group of hackers has launched an application that allows an ordinary user can take over a web server, even if the server is using a secure connection.
Hacking tools are THC-SSL-DOS, on Monday (10/24/2011). These tools work by exploiting a bug in the protocol “Secure Sockets Layer (SSL) renegotiation.” Attacking the victim by sending a request for access to the website to enter a secure connection, the huge amount. SSL renegotiation itself is a protocol that allows a website to create a security key on the way to a existing SSL.
The famous German hacker community with the name of Hacker Choice said THC-SSL-DOS exists to attract attention and broadcasting is still the presence of holes in the SSL, which allows sensitive data to flow between the website and the user’s computer can be intercepted. “We hope that SSL security issues are not lost in the wind,” said an unidentified hacker community in a blog. “The industry should move to correct this problem so that people feel safe again. SSL using outdated methods to protect sensitive data is increasingly complex, SSL is not suitable for use in the 21st century.”
Utilization this error can still be done on a server that does not allow SSL renegotiation, said the hacker community, but requires some modifications and some supporters of team unity. The community said that the exploitation of this bug can still take over a server that uses a standard DSL connection, a personal laptop units.
0 Comments.