Today I came across a post over on acunetix.com about a new form of DOS attack against HTTP servers allowing POST requests. This vulnerability was discovered by OWASP and a link to the paper can be found at http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf
POST /fake_page HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1;)
If the POST data is then very slowly sent over a long period of time, the victim server blocks until either all of the data is received or the client closes the connection.
Yesterday saw the much anticipated release of ‘phrack’, the (black|grey|white) hat hackers bible of what’s current in the security world.
FireShepherd offers a temporary solution to the current threat of people sniffing Web 2.0 cookies with the FireSheep plugin.