News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Freek Lijten's Blog:
The real problem of the hash table dos attack
December 30, 2011 @ 12:53:35

In response to some of the comments being made about the hash table Denial of Service attack recently posted Freek Lijten has posted his thoughts about the real problem with the whole situation - how it was handled by the communities involved.

Interesting they may be, but I want to address what in my opinion is the real problem: The way the communication around it was handled by different projects and the fact that the exploit could still exist at all. [...] In the presentation Wälde and Klink talk about their disclosure process. The PHP project had them wait 3 weeks for a first response while this is obviously a serious matter.

He argues that things like a commit message mentioning a DoS prevention fix instead of just mentioning the fix have the potential to do more harm than good. He also points out that other communities were notified of the problem (like Python) and some still haven't responded to the issue.

This attack was the result of good research and it is important that it is disclosed. More importantly however is the fact that organisation got by with years of not noticing it and even worse, reacted very poor after being informed. I can't say I have a ready solution to avoid these kind of things in the future, perhaps that will prove to be an interesting discussion.
0 comments voice your opinion now!
dos attack hash table opinion community response


blog comments powered by Disqus

Similar Posts

Fabien Potencier: SensioLabs raises 5 million euros to boost the Symfony ecosystem

PHPMaster.com: Let's Talk: Efficient Communication for PHP and Android, Part 2

Voices of the ElePHPant: Interview with Derick Rethans

Cal Evans' Blog: Six ways to be a better client for your developer - Point 7 (bonus!)

Rami Kayyali's Blog: LAMP's Standing Still


Community Events











Don't see your event here?
Let us know!


hack package podcast facebook example composer application opinion hhvm introduction security component overview symfony2 release language code install framework unittest

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework