[AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Ludovic Brenta
ludovic at ludovic-brenta.org
Fri Jan 20 18:46:53 CET 2012
Pascal Obry <pascal at obry.net> writes:
> Hello there,
>
> Thanks for bringing this issue to our attention! We believe this is now
> fixed in AWS. We have introduced a randomized hash routine in AWS.Utils.
> This is the recommended way of fixing this issue by the security
> researchers. The collisions could still happen of course but it is not
> possible to create a malicious software to DoS attack an AWS server. An
> updated version is available to all our customers and an updated GPL
> version is available from the Open-DO forge
> (https://forge.open-do.org/projects/aws/).
Great, it is fortunate that I procrastinated packaging AWS for Debian
until now :) I'll do the packaging before FOSDEM.
--
Ludovic Brenta.
More information about the AWS
mailing list