[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAAfuxnLU=3paaPuYRibqbXcf3f2KgFp+61QEbC9ArN2wsqLv9w@mail.gmail.com>
Date: Tue, 25 Oct 2011 16:47:58 +0200
From: Dan Luedtke <maildanrl@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: THC SSL DOS tool released
On Mon, Oct 24, 2011 at 4:14 PM, <rm@...fault.net> wrote:
> Today the German hacker group "The Hacker's Choice" officially
> released a new DDoS tool. The tool exploits a weakness in SSL to kick a
> server off the Internet.
Finally!
Thank you!
Until we have a better technology, I'd like to discuss short-term
solutions* to this issue.
Instead of CAs we could use notaries like suggested here:
a) http://convergence.io/details.html
b) http://www.youtube.com/watch?v=Z7Wl2FW2TcA
To make it more difficult to DOS servers using SSL, the protocol could
somehow be modified to challenge the client with some useless** but
cpu-heavy calculation before the server starts acting. Of course it
must be something that does not involve heavy calculation at the
server side, otherwise its just dumb. It's just an idea, and I do not
know if and how this is possible at all.
SSL is dead, long live SSL? I don't see another option at the moment.
Nevertheless, it is good the tool is out in the wild now.
weird thoughts,
danrl
* Caution: short-term solutions tend to be more persistent than expected :)
** e.g. bitcoins pooled mining ;)
--
Dan Luedtke
http://www.danrl.de
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists