Personal Blogs
Gunter maintains his (regularly updated) personal security blog over at:
(because the blogging software is better)

Historical Blogs
ISS Blog
Gunter is a regular contributor to the ISS X-Force blog "Frequency-X".  You can find some of these contributions stored here on

X-Force Newsletter
In 2006, Gunter started an educational monthly security report for ISS customers that delved in to current threats from an X-Force perspective. You can read some of these contributions here.

SC Magazine Column
From 2001 through to 2004, Gunter had his own column in the UK edition of SC Magazine called "Consultants Corner". You can read the opinion column pieces here.

RSS Feed RSS Feed

Over the years, Gunter has been blogging at a variety of sites. Below you can access most of his older posts, along with new posts specific to content (and updates) of this key site -

Gunter's primary personal blogging site moved from here over to blogger in 2009, and you can find his latest security blogs here...

Gunter's (new) Blog...

Site Content Blog
ISS Blog Entries
X-Force Newsletter
SC Magazine Column

Posted: July 11th, 2009
Blogging and Damballa
Gunter's changed jobs and is now blogging regularly on security in new places...   [more]
Posted: November 2, 2008
Continuing Business with Malware Infected Customers Whitepaper
The problem facing online businesses going forward is, if upwards of one-third of their customers are likely to be using computers infected with malware to conduct business transactions with them, how should they continue to do business with an infected customer base? This new whitepaper discusses many of the best practices businesses can adopt for their Web application design and back-office support processes in order to minimize the growing threat of man-in-the-browser malware, along with helping to reduce several of the risks posed with continuing to do business customers likely to be operating infected computers...   [more]

Posted: August 31, 2008
SEO Code Injection Attack Whitepaper
Following several requests, there's a new whitepaper covering the new attack vector of SEO Code injection...   [more]
Posted: February 10th, 2008
2007 Vulnerability Disclosure Rates
According to X-Force, there has been a 5.4 percent year-on-year decrease in the annual disclosure of new vulnerabilities. Why? In this blog entry I examine the probable influences in the decrease - decreasing vulnerability appeal, vendor security testing improvements, professional bug-hunters and vulnerability purchase programs...   [more]

Posted: January 21st, 2008
User-Agent Attacks
The concept was quite simple. While most Web sites do a good job of scrubbing user input of unwanted HTML tags and JavaScript, the backend Web traffic analysis engines tend not to. Since just about all Web servers offer various online analysis tools for administrators to review visitor statistics, if these tools didn’t scrub the data correctly it would be possible to launch an attack against the administrator when they logged in.   [more]

Posted: January 7th, 2008
Hacking a Boeing 787?
The FAA document entitled “Special Conditions: Boeing Model 787-8 Airplane; Systems and Data Networks Security--Isolation or Protection From Unauthorized Passenger  Domain Systems Access” raises the possibility of mile-high hacking a fly-by-wire, multi-million dollar, aircraft.   [more]

Posted: January 4th, 2008
WHOIS Cross-site Scripting
There’s been a little fuss over a recent posting concerning the threat of WHOIS cross-site scripting. To get your attention, it starts with “This is massive.” Now don’t get me wrong, there is a threat, but it is marginal – and I’ll explain why in a little bit. What’s all the fuss about? Basically, when you register a new domain name (or manage an existing domain name), you...   [more

Posted: January 1st, 2008

Hacking Barcodes
"Barcode systems susceptible to serious hacker attacks" - so says Heise Security, in their article posted yesterday concerning FX's presentation at this weeks 24th Chaos Communication Congress. The article describes a few of the threats to systems that rely upon barcodes (on and two dimensional) - in particular their ease of manipulation for scamming purposes and the possibilities for code injection attacks.   [more

    Copyright 2001-2008 © Gunter Ollmann