Node.js is vulnerable to hash flooding. Install security updates now! https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ …
Here’s how hash flooding attacks work:
-
-
Replying to @mathias
Hash table insertions are O(1) in the best case, but O(n) in case of a hash collision. For n items, that’s O(n) vs. O(n²).
1 reply 2 retweets 13 likes -
Replying to @mathias
Hash flooding attacks trigger the worst-case scenario by sending precomputed data, where all keys hash to the same value.
1 reply 3 retweets 7 likes -
Replying to @mathias
If this data somehow gets inserted in a hash table on the server-side, the attack takes effect.
1 reply 1 retweet 4 likes -
Replying to @mathias
A handful of HTTP requests, each sending just a few KB of data, is enough to hang the server CPU for minutes.
1 reply 3 retweets 7 likes -
Replying to @mathias
This attack is possible when the attacker knows the hashing function (duh, open source) and the hashing seed used on the server (whoops!).
2 replies 4 retweets 10 likes
Check out @hashseed’s write-up for more details: https://v8project.blogspot.com/2017/08/about-that-hash-flooding-vulnerability.html …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.