SEARCH RESULTS
 
Showing 1-10 of 165 records
 
Expand article

Attacker's Royal Road to Your Company's System

2008-09-09 09:47:52 by Gunnar Peterson in 1 Raindrop
 
...attacker a Royal Road straight to your book of business Also, Vordel's conference is coming up this month in Dublin, the lineup looks good, esp. the keynote -Don Adams's (TIBCO CTO) " Service Oriented Architecture, Security and a Modern Shillelagh
 
Tags: royal road, royal road straight, system, security, keynote -don adams, tibco cto, systemic failures, claim, modern shillelagh
 
 
 
 
Expand article

Anti-Debugging Series - Part I

2008-12-02 20:56:25 by Tyler Shields in Zero in a bit
 
...attacker spend his time on other, easier, ventures. In the remainder of this series on anti-debugging we will review in depth some of the more interesting methods of each of the above classes. So bring along your debugger and your development environment and let the games begin
 
Tags: process execution breaks, execution, process, methods query process, hardware breakpoint, hardware, process information, target process, methods
 
 
 
 
Expand article

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security
 
...attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia The plan had a chance of working because, for months, in an operation one army officer likened to a...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes
 
 
 
 
Expand article

Man-in-the-Middle Attacks

2008-07-15 06:47:19 by schneier in Schneier on Security
 
...attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will The Wall Street Journal reported how this gambit played out in Colombia : "The plan had a chance of working because, for months, in an operation one army officer likened to a...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, mitm attack, bank, bank demands authentication, bank assumes, attacker inserts
 
 
 
 
Expand article

On Security & Risk Management Innovation

2008-11-12 14:23:30 by Alex in RiskAnalys.is
 
...attacker. And when you read this sort of article, that usually alludes to trying to anticipate the tactics an attacker might use to mess with your C, I, or A. Smart stuff, that, and very useful when architecting security solutions. But as I was training some folks Monday, I was thinking in the back of my head about Threat Capability (TCap) in...
 
Tags: innovation, process, process innovation, call technology innovation, technology innovation, security, risk, risk management, attackers skills
 
 
 
 
Expand article

On virtualisation

2007-05-29 16:20:00 by Niels Provos in Google Online Security Blog
 
...attacker. As with any complex application, it would be naive to think such a large codebase could be written without some serious bugs creeping in. If any of those bugs are exploitable, attackers restricted to the guest could potentially break out onto the host machine. I investigated this topic earlier this year, and presented a paper at...
 
Tags: machine, virtual machine process, virtual machine software, host machine, host, software, virtual machine, low, low level access
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...attacker to execute an arbitrary query through the application. This vulnerability allows for unauthorized, interactive, logon to a SQL server which may result in the execution of malicious commands leading to the possible modification (or deletion) of Operating System or user data Combining the use of parameterized queries and stored...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

On virtualisation

2007-05-29 16:20:00 by Niels Provos in Google Online Security Blog
 
...attacker. As with any complex application, it would be naive to think such a large codebase could be written without some serious bugs creeping in. If any of those bugs are exploitable, attackers restricted to the guest could potentially break out onto the host machine. I investigated this topic earlier this year, and presented a paper at...
 
Tags: machine, virtual machine process, virtual machine software, host machine, host, software, virtual machine, low, low level access
 
 
 
 
Expand article

More trustworthy election systems via SDL?

2008-02-04 23:34:00 by sdl in The Security Development Lifecycle
 
...attacker, or an attacker can provide a maliciously modified USB stick in place of a legitimate one, the attacker could surreptitiously take complete control over the WinEDS client . Basically, this is a potential rootkit for election systems. A threat model, a fundamental design requirement of the SDL, could help uncover such design issues...
 
Tags: machine security concerns, security concerns, election systems, election, security, security researchers, election systems margin, margin, election management system
 
 
 
 
Expand article

Cold Boot Attacks Against Disk Encryption

2008-02-21 13:29:18 by schneier in Schneier on Security
 
...attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of canned air dusting spray on them