| Blog : Home | ||||||
|
Historical Blogs ISS Blog Gunter is a regular contributor to the ISS X-Force blog "Frequency-X". You can find some of these contributions stored here on TechnicalInfo.net. X-Force Newsletter In 2006, Gunter started an educational monthly security report for ISS customers that delved in to current threats from an X-Force perspective. You can read some of these contributions here. SC Magazine Column From 2001 through to 2004, Gunter had his own column in the UK edition of SC Magazine called "Consultants Corner". You can read the opinion column pieces here. 
Technicalinfo.net
RSS Feed |
Blog
2007 Vulnerability Disclosure Rates According to X-Force, there has been a 5.4 percent year-on-year decrease in the annual disclosure of new vulnerabilities. Why? In this blog entry I examine the probable influences in the decrease - decreasing vulnerability appeal, vendor security testing improvements, professional bug-hunters and vulnerability purchase programs... [more] Posted: January 21st, 2008 User-Agent Attacks The concept was quite simple. While most Web sites do a good job of scrubbing user input of unwanted HTML tags and JavaScript, the backend Web traffic analysis engines tend not to. Since just about all Web servers offer various online analysis tools for administrators to review visitor statistics, if these tools didn’t scrub the data correctly it would be possible to launch an attack against the administrator when they logged in. [more] Posted: January 7th, 2008 Hacking a Boeing 787? The FAA document entitled “Special Conditions: Boeing Model 787-8 Airplane; Systems and Data Networks Security--Isolation or Protection From Unauthorized Passenger Domain Systems Access” raises the possibility of mile-high hacking a fly-by-wire, multi-million dollar, aircraft. [more] Posted: January 4th, 2008 WHOIS Cross-site Scripting There’s been a little fuss over a recent posting concerning the threat of WHOIS cross-site scripting. To get your attention, it starts with “This is massive.” Now don’t get me wrong, there is a threat, but it is marginal – and I’ll explain why in a little bit. What’s all the fuss about? Basically, when you register a new domain name (or manage an existing domain name), you... [more] Posted: January 1st, 2008 Hacking Barcodes "Barcode systems susceptible to serious hacker attacks" - so says Heise Security, in their article posted yesterday concerning FX's presentation at this weeks 24th Chaos Communication Congress. The article describes a few of the threats to systems that rely upon barcodes (on and two dimensional) - in particular their ease of manipulation for scamming purposes and the possibilities for code injection attacks. [more] |
|||||
