Create an Account
username: password:
 
  MemeStreams Logo

Punching them in the brain! Control logic DoS.
search
Home Agent Weblogs Social Network Post Help About

k
Picture of k
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

k's topics
Arts
  Literature
   Fiction
   Non-Fiction
   Sci-Fi/Fantasy Literature
  Movies
  Music
   Pop
   Electronic Music
   Rap & Hip Hop
   Indie Rock
   Jazz
   Punk
   Vocalist
  Photography
  TV
Business
  Tech Industry
  Management
  Markets & Investing
Games
  Video Games
   PC Video Games
Health and Wellness
  Fitness
  Medicine
  Nutrition
  Weight Loss
Home and Garden
  Cooking
  Holidays
  Parenting
Miscellaneous
  Humor
Current Events
  War on Terrorism
  Elections
Recreation
  Cars and Trucks
  Martial Arts
  Camping and Hiking
  Travel
Local Information
  United States
   Atlanta
Science
  Astronomy
  Biology
  Chemistry
  Environment
  Geology
  History
  Math
  Medicine
  Nano Tech
  Physics
Society
  Activism
  Crime
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
  Relationships
  Religion
Sports
  Football
  Skiing & Snowboarding
Technology
  Biotechnology
  Computers
   Computer Security
   Cyber-Culture
   PC Hardware
   Human Computer Interaction
   Knowledge Management
   Computer Networking
   Computing Platforms
    Macintosh
    Linux
    Microsoft Windows
   Software Development
    Open Source Development
    Perl Programming
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Punching them in the brain! Control logic DoS.
Topic: Technology 3:54 pm EST, Dec 12, 2006

Another DoS vector I see with Ajax applications is something I'm going to call Control Logic Denial of Service. All those web services and Ajax endpoints are API calls into the application. By looking at the JavaScript code that’s pushed to the client, I can see in what order and how often these webservices are contacted, as well as what the parameters are. In essence, this is a blueprint of the steps the applications takes to function normally. However, it is also a blueprint on how to use the application incorrectly. Some webservices may allocated resources where another one cleans them up. An attacker simply never calls the clean up functions. Or I simply call all the functions out of order. Even if the code fails gracefully, it is extremely expensive for a program to generate an Exception, even it gets caught.

[ Very interesting. Webservice authors take heed. -k]

Punching them in the brain! Control logic DoS.

Thread [2] - Reply


  
 
Powered By Industrial Memetics		RSS2.0