[AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?

Ludovic Brenta ludovic at ludovic-brenta.org
Fri Jan 20 18:46:53 CET 2012

Previous message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Next message: [AWS] A question about some AWS default values
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pascal Obry <pascal at obry.net> writes:
> Hello there,
>
> Thanks for bringing this issue to our attention! We believe this is now
> fixed in AWS. We have introduced a randomized hash routine in AWS.Utils.
> This is the recommended way of fixing this issue by the security
> researchers. The collisions could still happen of course but it is not
> possible to create a malicious software to DoS attack an AWS server. An
> updated version is available to all our customers and an updated GPL
> version is available from the Open-DO forge
> (https://forge.open-do.org/projects/aws/).

Great, it is fortunate that I procrastinated packaging AWS for Debian
until now :)  I'll do the packaging before FOSDEM.

-- 
Ludovic Brenta.

Previous message: [AWS] Is AWS vulnerable to the latest Hash based DoS attack scheme?
Next message: [AWS] A question about some AWS default values
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the AWS mailing list