Tag Archives: denial of service attack

DoS crashes updated iPads, iPhones

A denial of service attack has been disclosed in the latest version of Apple iOS. The attack targets Safari in iOS 5.1.1 and a proof of concept was published online. Alienvault security researcher Alberto Ortega said the attack may also affect previous versions of the Apple operating system. The attack was successfully demonstrated on iPhone, iPad and iPod Touch. Ortega said the error was a “step to achieve a real exploitation”. “iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses  to have something “usable’.” Ortega reported the error to Apple at the time of disclosure but had no response from the notoriously security silent company. “When JavaScript function match() gets a big buffer as parameter the browser unexpectedly crashes. By extension, the function search() is affected too,” Ortega said in the advisory. Source: http://www.crn.com.au/News/302620,dos-crashes-updated-ipads-iphones.aspx

Taken from:
DoS crashes updated iPads, iPhones

FBI Warns Companies of Anonymous DDoS Attacks

The Cyber Division of the Federal Bureau of Investigation warned several large corporations of the potential for distributed denial of service (DDoS) and data exfiltration attacks scheduled for today, May 25. The attacks are being coordinated by the rogue movement Anonymous in an an exercise termed “Operation NewSon”. In denial of service attacks, generally a large amount of information is sent to a web server at such high frequency that it overwhelms the processing capacity or causes the system to shut down. The net effect is that the server can not longer operate correctly and the targeted website is rendered inaccessible. DDoS attacks can also inflict serious damage to targeted systems, as well as collateral damage to associated nodes. Anonymous is known for having targeted the websites of businesses like PayPal, Visa, MasterCard, PostFinance Bank, Amazon, Bank of America, as well as numerous government agencies, and continues to use DDoS attacks as a method of furthering their political views in various conflicts around the world. Anonymous was also behind the HBGary Federal breach had led to the release of tens-of-thousands of company emails which revealed multiple instances of ethically questionable covert operations involving the security company. Swedish file-sharing website The Pirate Bay – typically aligned with Anonymous in their anti-copyright orientation – recently issued a statement in opposition to the popular hacktivist tactic of DDoS attacks. Source: http://threatpost.com/en_us/blogs/fbi-warns-top-firms-anonymous-protest-hacks-may-25-052412?

Read more here:
FBI Warns Companies of Anonymous DDoS Attacks

US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks

By John E Dunn, techworld.com More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found. The survey of 1,000 US-based IT professionals across a range of industries found that only 3 percent were using DDoS mitigation systems or services, with a quarter claiming they had no protection whatsoever against the threat. Eleven percent used intrusion detection/prevention systems even though such technology is (in common with firewalls, routers and switches) widely seen as an inadequate defence against contemporary DDoS bombardment, Neustar said. “Experts point out that during DDoS attacks these ‘defences’ become part of the problem. They quickly become bottlenecks, helping achieve an attacker’s goal of slowing or shutting you down. Moreover, firewalls won’t repel attacks on the application layer, an increasingly popular DDoS vector,” the authors note. A third of those questioned said DDoS attacks lasted for a day or more with 11 percent mentioning over a week. There didn’t appear to be any clear pattern that related attack length to industry segment, except that the travel industry appeared slightly more vulnerable to attacks lasting longer than 24 hours. Two thirds said the direct cost of all this DDoS was about $10,000 (£6,200) per hour or $240,000 per day, with 13 percent reckoning it as being $100,000 per hour. The most vulnerable to high costs was retail, a sector that depends on online sales to generate cashflow, followed by finance. The main anxiety in advance of DDoS attacks was the negative impact on customers, ahead of brand reputation damage and even direct costs. Companies such as Neustar have a vested interest in talking up the difficulty of dealing with DDoS the better to market protection services. However, the company said it accepted that there was no simple answer to countering DDoS attacks; even the best protection systems available still required trained, skilled staff to deploy and manage them. “With attacks becoming more sophisticated – mixing brute-force bandwidth assaults and surgical strikes on applications – in-depth knowledge and experience make a huge difference. There is no ‘magic box’ that can out-think attackers on its own.” Source: http://www.pcworld.com/businesscenter/article/255772/us_firms_are_overreliant_on_firewalls_to_protect_against_ddos_attacks.html

View original post here:
US Firms Are Over-Reliant on Firewalls to Protect Against DDoS Attacks