Ringin 'in the new year comes a new attack of course that will draw attention. Here is some information with the latest Hashdos attack and also include more details here. Here is also the latest info twitter.
The target of this attack is to web programming languages and web dev frameworks. It is unique in that it is independent of the actual web application. By our team of Eng who discussed internally, most of the attack works by using knowledge of hash functions used by different application frameworks to generate hash collisions. The attack was a bit more smarts in that it is specifically designed for field names which then lead in hashing collisions. The result of this attack can cause ankle processor web servers. Some of the proposed solutions can be found in the following technet.com blog.
In summary, the proposed solution is to limit the number of fields that can be submitted. With NetScaler Application Firewall (AppFW), it can provide strong protection using AppFW consistency check on the ground. With this control, NetScaler AppFW not allow field names that came with the form. What's even more to jazz about AppFW consistency check on the ground is that it is free session! See my previous blog on free session security if you do not already read about it.
0 Komentar