Researchers Release tool that can take down Secure Websites

The THC-SSL-DOS tool released on Monday exploits a flaw in SSL(Secure Sockets Layer) renegotiation protocol by flooding the web service with multiple renegotiation requests over a  already established SSL connection for a new key. This works in same way as more common DOS(Denial of service) attacks , except the fact that this flaw in SSL renegotiation takes up more resources than a single HTTP request, hence leading to taking down a large webserver with a single computer.

The tool was released by a group of German Researchers called the Hackers Choice to exploit the flaw in SSL, which is used in many of the secure web services like Email, Banking etc, to transfer secure data across the network between user and a website without interception by a third person.
The Researchers said in a blog post- “We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century,”.
This exploit can allow a single laptop to take down an average server with a greater Bandwidth over a standard DSL connection . It can also take down multiple larger Webservers with few computers. The group claims that the attack would also work on non SSL enabled websites with few modifications on the tool.
For more info-The Hackers Choice