A group of hackers based out of Germany have released a new attack tool they claim will allow one computer (without using any bandwidth) to take down a Web server using a secure connection, cites a recent report.
The DDoS tool, exploiting the flaw, overwhelms the system with multiple requests for secure connections.
Of the vulnerabilities, an anonymous hacker from the group said, “We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”
The hackers claim to be calling attention not only to this flaw, but two other recently disclosed vulnerabilities, including a previous incident from this year wherein various Certification Authorities got hacked.
“It’s time for a new security model that adequately protects the citizens,” the group said.
The expose proves that today, more than ever, companies are susceptible to both inside and outside intrusions, having extreme ramifications on their financial stability, loss of proprietary information, market value and ability to conduct business. Find out how LTI can safeguard your enterprise. And be sure to read our recent LTI case study involving secure Web services.