[AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?

Pascal Obry pascal at obry.net
Fri Jan 20 17:25:14 CET 2012

Previous message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Next message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello there,

Thanks for bringing this issue to our attention! We believe this is now
fixed in AWS. We have introduced a randomized hash routine in AWS.Utils.
This is the recommended way of fixing this issue by the security
researchers. The collisions could still happen of course but it is not
possible to create a malicious software to DoS attack an AWS server. An
updated version is available to all our customers and an updated GPL
version is available from the Open-DO forge
(https://forge.open-do.org/projects/aws/).

Kind regards,

Pascal

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|    http://www.obry.net  -  http://v2p.fr.eu.org
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver keys.gnupg.net --recv-key F949BD3B

Previous message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Next message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the AWS mailing list