At the 28th Chaos Communication Congress security conference in Berlin, Germany researchers demonstrated a newly realized vulnerability that is present in most web frameworks. Alexander “alech” Klink and Julian “zeri” Wälde delivered a demonstration and lecture titled "Efficient Denial of Service Attacks on Web Application Platforms". In their lecture they explained in detail how most web programming languages utilize hashes and manage collisions.
According to an exclusive report by ns "The type of hashing used by PHP, Java, Python and JavaScript in this attack is not a cryptographic hash, it is a simple mathematical hash used to speed up storing and retrieving data posted to web pages."
Under normal circumstances, the collisions in the hashes are managed by built-in language constructs and are not really an issue. However, in these types of attacks, the attacker can send pre-calculated values that will result in all of the hash values being the same, which will crash the majority of servers. On that same Sophos post, they stated that, "An example given showed how submitting approximately two megabytes of values that all compute to the same hash causes the web server to do more than 40 billion string comparisons." which is an nearly inconceivable for just looking some data for a webpage. Apparently the keepers of the language Perl, went ahead and did something about this vulnerability some time ago, but nobody else followed suit, so they are all at risk. Hopefully, the people behind PHP, Python, and other applicable languages will actually pay attention this time and go ahead and make the necessary changes.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
security-news
,
vulnerablity