QUOTE
Websites and Apps Vulnerable to Low-Bandwidth, Bot-Free Takedown
By Gregg Keizer, Computerworld Dec 29, 2011 11:25 pm
Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100 , it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.
The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.
Klink and Walde, who presented their findings at the Chaos Communication Congress (CCC) conference in Berlin on Wednesday, traced the flaw to those languages' -- and others' -- handling of hash tables, a programming structure used to quickly store and retrieve data.
Read more about at:
http://www.pcworld.c....html#tk.hp_new
By Gregg Keizer, Computerworld Dec 29, 2011 11:25 pm
Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100 , it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.
The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.
Klink and Walde, who presented their findings at the Chaos Communication Congress (CCC) conference in Berlin on Wednesday, traced the flaw to those languages' -- and others' -- handling of hash tables, a programming structure used to quickly store and retrieve data.
Read more about at:
http://www.pcworld.c....html#tk.hp_new
