Due to a vulnerability in several programming languages, ASP.NET being one of them, Microsoft has released an Out of Band security update (MS11-100) to fix the problem. This vulnerability can bring down a website by using a small, bot-free, program sending HTTP requests. If you are running a web server, make sure you update your machines!
The problem that caused a stir in the security community exists in many of the Web’s most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle’s Java and Google’s V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.
Klink and Walde, who presented their findings at the Chaos Communication Congress (CCC) conference in Berlin on Wednesday, traced the flaw to those languages’ — and others’ — handling of hash tables, a programming structure used to quickly store and retrieve data.
Unless a language randomizes hash functions or takes into account "hash collisions" — when multiple data generates the same hash — attackers can calculate the data that will trigger large numbers of collisions, then send that data as a simple HTTP request. Because each collision chews up processing cycles on the targeted server, a hacker using relatively small attack packets could consume all the processing power of even well-equipped servers, effectively knocking them offline.
Microsoft confirmed that a single 100K specially-crafted HTTP request sent to a server running ASP .Net would consume 100% of one CPU core for 90-110 seconds.
MSTechpages.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn commission fees by advertising and linking to the following web sites. Amazon.com
Cooler Master Hyper 212 Black CPU Air Cooler, SickleFlow 120 Edge PWM Fan, Aluminum Top Cover, 4 Copper Heat Pipes, 152mm Tall, AMD Ryzen AM5/AM4, Intel LGA 1851/1700/1200 Brackets
$29.99 (as of March 5, 2025 18:33 GMT -07:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
SSK 1TB USB Drive, External SSD USB Fast 550MB/s 2-in-1 Dual Drive USB Type C+ USB A 3.2 Gen2 Solid State Thumb Drive SSD Stick for iPhone 15/PS4/Android Phone/Tablet/Windows/Mac
$69.29 (as of March 6, 2025 18:34 GMT -07:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
GIGABYTE Radeon RX 9070 Gaming OC 16G Graphics Card, PCIe 5.0, 16GB GDDR6, GV-R9070GAMING OC-16GD Video Card
Now retrieving the price.
(as of March 6, 2025 18:34 GMT -07:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)