A German hacker group released a hacking tool that utilizes SSL flaw could easily take a website with minimal power.
Group known as Team Hackers Choice (THC) released a further proof of concept that will force vendors to patch issues that revolve around using SSL. "We decided to make the official release after realizing that the tool is leaked to the public a few months ago," said a member of the THC.
In contrast to traditional DDoS requires a large number of bots, TCH SSL DOS only takes a few bots to take down a website and a single laptop to drop the server resources. "We hope that security in SSL unnoticed.
Industry must take steps to fix the problem so that the citizens safe. SSL uses the aging method of protecting personal data is complex, not suitable for the 21st century, "said one member of the group.
Although rarely used in practice, research shows that today most serve SSL features enabled by default, so they are vulnerable in front of the attack. However, by disabling SSL on the server will not make problems disappear.
Fred Mauer, senior cryptographer at THC, believe that the time has come for a new security model that offers adequate protection for the internet, as lately, SSL is very weak from a number of viewpoints.
Download THC-SSL-DOS here: