(more) Advanced SQL Injection
This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …
This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …
This technical brief will overview the inherent flaws that plague the internet today, making it vulnerable to corporate espionage, money laundering, grand larceny, trading …
This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. …
Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody …
In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found …
The goal of this paper is to explore the relationship between the security of software and the model under which that software was produced and distributed. Additionally, this …
Electronic document exchange and digital signatures are often considered as systems both hard to understand and difficult to use for the end user. This fear is often caused by …
A comprehensive look at what constitutes malicious code, the inherent weakness of all signature-based scanning methods, and the technology behind the Achilles’Shield …
Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial …
Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a …
In the past few years, email has become the predominant purveyor of viruses. This rapid communications technology outpaces the signature-based scanner updates, allowing …
The purpose of this paper is to explain why we have concluded that the future of virus protection lies with architecture, rather than product, and why a multi-modal, modular …