Techno hypemeister Steve Gibson, who clamored for headlines some months back with a dramatic prediction that the misuse of Win-XP's raw sockets would destabilize the entire Internet, has made his own inadvertent contribution to the malicious hackers' tool chest.
Gibson's Web site is littered with hyped-up bells and whistles to mystify the unsophisticated technophile, most of which are harmless; but one of his little magicians' props can be misused to launch a denial of service attack, a security researcher has discovered.
It turns out that his port scanner, ShieldsUp, can easily be directed at arbitrary IP addresses while returning the scan results to the initial user. Thus the tool would become an effective proxy for performing anonymous port scans. Even better, if such an attack were scripted, it would be possible to tie up a Web site with a torrent of Gibson's mighty NanoProbes.
The ShieldsUp flaw was mentioned briefly during a recent Blackhat session regarding the secure development of Web applications by researcher 'Thor' from HammerOfGod.com.
-1 Comments - Add comment