[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Websites, apps vulnerable to low-bandwidth, bot-free takedown,
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-12-30 9:57:57
Message-ID: alpine.DEB.2.02.1112300357460.21696 () infosecnews ! org
[Download RAW message or body]
http://www.computerworld.com/s/article/9223069/Websites_apps_vulnerable_to_low_bandwidth_bot_free_takedown_say_researchers
By Gregg Keizer
Computerworld
December 29, 2011
Hackers armed with a single machine and a minimal broadband connection
can cripple Web servers, researchers disclosed Wednesday, putting
uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net
programming language is one of several affected by the flaw, promised to
patch the vulnerability and offered customers ways to protect their
servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an
"out-of-band," or emergency update today. The update was released at 1
p.m. ET. Designated MS11-100, it also fixed three other bugs in ASP
.Net, one tagged "critical." None of those three had been disclosed
publicly prior to today.
The problem that caused a stir in the security community exists in many
of the Web's most popular application and site programming languages,
including ASP .Net, the open-source PHP and Ruby, Oracle's Java and
Google's V8 JavaScript, according to two German researchers, Alexander
Klink and Julian Walde.
Klink and Walde, who presented their findings at the Chaos Communication
Congress (CCC) conference in Berlin on Wednesday, traced the flaw to
those languages' -- and others' -- handling of hash tables, a
programming structure used to quickly store and retrieve data.
[...]
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic