A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion.
Lien vers l'article source