Expert analysis
Creating Arbitrary Shellcode In Unicode Expanded Strings
The paper is intended to be read by the portion of the security community responsible for creating protective mechanisms to guard against “shellcode” type security …
Information Survivability: Required Shifts in Perspective
The events of recent years and especially of recent months have greatly increased awareness of information and infrastructure security, whether they are media reports of the …
(more) Advanced SQL Injection
This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …
Network InSecurity
This technical brief will overview the inherent flaws that plague the internet today, making it vulnerable to corporate espionage, money laundering, grand larceny, trading …
Violating Database – Enforced Security Mechanisms
This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. …
Security and open source
Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody …
OpenSSH Remote Vulnerability Roundup
In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found …
Security: Source Access and the Software Ecosystem
The goal of this paper is to explore the relationship between the security of software and the model under which that software was produced and distributed. Additionally, this …
TrueSign: Under the Hood
Electronic document exchange and digital signatures are often considered as systems both hard to understand and difficult to use for the end user. This fear is often caused by …
Achilles’ Shield: A New Internet Security System for Protecting Networks and Computer Systems Against Viruses and Malicious Code
A comprehensive look at what constitutes malicious code, the inherent weakness of all signature-based scanning methods, and the technology behind the Achilles’Shield …
Apache Chunk Handling Roundup
Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial …
Roundup on BIND Denial of Service
Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a …
Featured news
Resources
Don't miss
- State-backed phishing attacks targeting military officials and journalists on Signal
- Poland’s energy control systems were breached through exposed VPN access
- CISA orders US federal agencies to replace unsupported edge devices
- Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
- February 2026 Patch Tuesday forecast: Lots of OOB love this month