Whats this a rushed out product getting a rush patch?

by Salvador A
As with all new products hitting the market or old products getting an update. There will always be some sort of vulnerability that rises up. The vulnerability that was brought up on this article was the issue with hash tables. In a nut shell Hash tables are what allow for retrieval of Data in a a fast manner by prioritizing the data within the hash table using a very specific algorithm that will determine which pieces of data get chosen/ given priority, thus increasing data retrieval times. But along with being able to retrieve data it is also susceptible, to attacks. These types of attack target the hash table collision , which essentially is what happens when two pieces of data share the same hash value. By doing this you can slow down a server up to the point where it really cannot do much but sit there and try to resolve the conflicts. The work around that was proposed and implemented was a restriction to the number of arguments allotted on a per user request style.

I think that the work around that was provided by the patch at the time is sufficient but I still feel as if all they did was duct tape the problem together. I mean sure you limit the number of arguments on the http request but what’s from stopping the hackers from, just stringing together multiple computers and executing the same request millions of times together. Since as the article mentioned the retrieval time is based off on a n^2 algorithm, where n is the number of data entries one could see how this might still pose a problem with a sufficiently large enough attack team making request for the same pieces of data. Over all it was  a great article with input on how some systems can be hacked through simple data retrieval request.

Reference:

Peter Sayer, IDG News (29 December 2011). Flaw in Web App Frameworks Pushes Microsoft to Patch ASP.Net Promptly. Retrieved on (20 February 2012) From: http://www.pcworld.com/businesscenter/article/247092/flaw_in_web_app_frameworks_pushes_microsoft_to_patch_aspnet_promptly.html

1 thought on “Whats this a rushed out product getting a rush patch?”

  1. If you just wanted to slow a computer down, you could do that through even easier ways with a network. It’s not good security, but on the other hand it fixes the problem, and leaves open the weakness that can’t be addressed anyway.

Comments are closed.