UK IT Industry Awards

Where am I? >
Home >
News >
Security

Hackers use SSL security tool to attack servers

By Stuart Sumner

Follow Stuart on Twitter

25 Oct 2011

Be the first to comment

Researchers have released details of a tool that they claim enables denial-of-service (DoS) attacks by using SSL (Secure Sockets Layer), a cryptographic protocol designed to improve internet security.

Further reading

The tool was released by a group called "The Hacker's Choice" (THC), and, according to its web site, it is unique among DoS tools.

"The tool departs from traditional DoS tools as it does not require any bandwidth and just a single attack computer," a THC representative wrote on the site.

Traditional DoS attacks bombard a server with requests until its processing capacity is full, preventing genuine users from accessing any content it hosts.

In order to generate sufficient requests, most DoS tools, including that used by hacktivist group Anonymous to attack Paypal and Mastercard's servers, among others, rely on simultaneous attacks from a large number of users.

This new tool differs in that it can operate from just one computer. Rather than bombarding a server with requests for information, it sends multiple session requests, requiring multiple SSL handshakes (or renegotiations) to authenticate the identities of both parties.

This requires a large amount of server resources, which eventually will cause the server to fail.

1 2

Reader comments

Add your comment

Have your say on this article

Your name
Email address
Comment title
Your comment

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

Submit

Newsletters

Sign up for our FREE newsletters

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

Yes! These firms are spending billions on the rights to sue one another, rather than focusing on creating new products.

87 %

No! The knowledge that firms are stringently searching for any IP infringement means that new products must be genuinely innovative, and borrow nothing from previous designs if they are to remain in stores and out of the courtroom.

5 %

It doesn't matter! The only useful thing left to be invented is time travel, so I can go back to a time when I had more hair.

8 %

Influence - Consumerisation

The UK IT Awards 2012

Case studies & reports

Cloud computing insights from 110 implementation projects

Case studies from large organisations across all sectors

The lesson of 2012: prepare now for increased data volumes

... And rich media, and flexible working, and peaks in traffic ...

More case studies and reports

Upcoming Events

Gain better control of your data with enterprise database consolidation

Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.

Date: 31 May 2012

Time: 11:00 AM

Top 10 causes of IT disasters – and how to deal with them

Concept image of data backup with life preserving floating on background of binary data

Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.

Date: 13 Jun 2012

Time: 11:00 am

More events

Job of the week

More IT Jobs

IT job alerts

Receive the latest jobs direct to your inbox

IT job finder

IT salary checker

Are you being paid what you are worth?

Check Salary

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093