ASP.NET DoS Vulnerability {2}

by Alexander H
There has been controversy over recently a discovered vulnerability in Microsoft’s ASP.NET Web development platform. A new exploit code has emerged and been published online, increasing the risk of potential attacks on users. The patched denial-of-service (DoS) vulnerability was first announced last December at the Chaos Communication Congress, Europe’s largest and oldest hacker conference. “This vulnerability could allow an anonymous attacker to efficiently consume all CPU resources on a web server or even on a cluster of web servers” (Constantin). In ASP.NET, a single specially crafted 100kb HTTP request can consume anywhere upwards of 100% for one CPU core ranging from 1-2 minutes. An attacker can also repeatedly issue such requests on the server, causing CPU performance to diminish substantially, causing a denial of service condition for even multi-core servers. Recently, an anonymous hacker who goes by the name of HybrisDisaster, published a proof-of-concept exploitation for the ASP.NET vulnerability online. He encourages users to download it, use it how they see fit and spread it. With the high likelihood of someone releasing attack code for this DoS vulnerability played a significant role in Microsoft’s decision to release an out-of-band patch. It is highly recommended that Webmasters that use ASP.NET Web applications immediately deploy the Microsoft patches, which also address other ASP.NET vulnerabilities. read more...

Common Threats of Cloud Computing {2}

by Edwin T
The peer reviewed article i chose for this weeks post is about the services that cloud providers are offering that can be potential threats. The article focuses on virtualization and the impact it has on cloud security. As we already know, virtualization means that a single physical machine known as a host can run multiple operating systems at the same time, known as virtual machines. The first threat discussed is VM Hopping. With VM hopping, an attacker has control of one virtual machine and tries to gain control of another. VM hopping is a considerable threat because serveral VM’s can run on the same host making them all targets for the attacker. Another threat that caught my attention was the VM Denial of Service. “VM’s share physical resources, such as CPU, memory disk, and network bandwidth.” DoS in virtualization happens when one machine uses all of the resources. Making the host unable to launch more VMs, preventing the service. One effective way to reduce the occurance of a DoS attack is to limit the resource allocation for each machine. read more...