If the news is to be believed, then a newly released Denial of Service (DOS) tool can be used to bring down any SSL server just by the usage of an average laptop computer which has a connection to DSL. Learn about SSL servers hacked.
A new Denial of Service tool
The tool (and the vulnerability in SSL) has been available since long but didn’t come to notice as it was being used by hackers undercover. Recently the tool was leaked online after which they decided to make their tool public in order to “save the community”.
“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again,” said a member of the hacking outfit.
The hacking outfit has named the tool THC-SSL-DOS and they confirm that it can be used to hack into your SSL servers. God help us!
“It still works if SSL renegotiation is not supported but requires some modifications and more bots before an effect can be seen,” the group noted. “Taking on larger server farms who make use of SSL load balancers required 20 average size laptops and about 120kbit/sec of traffic,” it added.
It is actually not the first time that SSL has been opened to such attacks. Back in November 2009, a Turkish graduation student had devised a method using which he could steal Twitter login credentials even when they were being passed over a secure channel.
We will keep you updated with further news and fixes related to this vulnerability.
What do you think about SSL servers hacked issue? Let us know in the comments below.