Ubuntu security notice for 12.10 and 12.04 regarding the Ruby vulnerabilities we reported lwn.net/Articles/53949 /cc
Follow
HashDoS
@hashDoS
HashDoS’s Tweets
And another case where #hashDoS cannot be exploited because something weird in parsing leads to a different DoS beforehand m(
1
One idea for exploiting Cocoa hashDoS: .plist's are everywhere. Fill them with colliding keys.
2
1
Replying to
and insert them into NSMutableDictionary. Inserting 10000 colliding strings: ~4 sec, non-colliding strings: 0.32 sec.
1
3
2
We began purging hashtables from #OpenBSD network stack 10+ years ago for this reason: CCC talk on hash-flooding DOS youtube.com/watch?v=wGYj8f
2
29
16
Replying to
If you're not tied to hash tables then I recommend crit-bit trees. See also cr.yp.to/talks.html#201 ("Data-structure lock-in").
4
9
14
Replying to
1
2
More details on the attack on MurmurHash presented during our hash-flooding presentation at #29c3: emboss.github.com/blog/2012/12/1
1
9
6
8
8
13
8
5
slides of our #29c3 talk "Hash-flooding reloaded: attacks and defenses" 131002.net/siphash/siphas with
1
17
11
5
1
Exploiting hashDoS II:
3
3
4
1
2
MurmurHash3 (now used in #Java etc.) fails to protect against #hashdos: many collisions for any key here 131002.net/siphash/murmur /cc
1
11
7
Replying to
multicollisions (as useful for DoS) can probably be found too; more news later today...
2
1
(...) Jenkins' hash() doesnt protect against #hashdos; SpookyHash and CityHash128 seem a bit better; SipHash is still unattacked yet
2
to recap: Python's hash doesnt hide its secret; CityHash64 fails to protect against #hashdos; MurmurHash3 (Java) is hardly better (...)
1
4
(1) choose a random seed for MurmurHash3_x86_32 (2) hash the 8-byte strings x=58a1826c0000b13b and y=0000000000000000 (3) collision!
1
7
4
about 1500 CityHash64-colliding ASCII strings per second on my machine (FX-8150); and that's very unoptimized code...
1
universal multicollisions for Google's CityHash64 hash function with 128-bit secret 131002.net/siphash/cityco (details in citycollisions.cc)
2
10
4
we exploited #Python's hash() weakness to recover the secret seed (_Py_HashSecret); PoC script here 131002.net/siphash/poc.py (with )
3
36
23
new version of the SipHash paper, including the attack on Python's hash() 131002.net/siphash/siphas
4
3
Planned #hashDOS prevention in Java: Optional in 7 collections, default in 8, and the original fix in ConcurrentHashMap mail.openjdk.java.net/pipermail/jdk7
5
1
HashDos: 42% of IIS sites are still Vulnerable: The latest OWASP podcast features Troy Hunt, a Software Architec... bit.ly/M8TLjK
1
1
Just learned from that there seems to be a #hashDoS fix in the JDK8 repository: hg.openjdk.java.net/jdk8/tl/jdk/re #java
1
1
1
… and the second COTS software I'm looking at which still uses an application server vulnerable to #hashDoS. It's been four months!
2
BTW: it does not look like PHP 5.3.12/5.4.2 that most probably will be released tomorrow will fix the broken HashDOS fix.
2
6
1
“: #Security update available for #Adobe #ColdFusion - Details at adobe.ly/x1vqel” another #HashDoS update.
1
So, your choice now: Trivial #hashDoS vuln with PHP <5.3.9 or code execution with 5.3.9 thexploit.com/sec/critical-p (kudos )
62
8
Replying to
1