SecurityRatty: tag: technique

An improved clock-skew measurement technique for revealing hidden services

2008-06-26 05:12:21 by Steven J. Murdoch in Light Blue Touchpaper

...technique which would dramatically reduce the noise of clock-skew measurements from low-frequency clocks. The basic idea, shown below, is to only request timestamps very close to a clock transition, where the quantization noise is lowest. This requires the attacker to firstly lock-on to the phase of the clock, then keep tracking it even when...

Tags: clock-skew measurement technique, clock, clock-skew, clock transition, clock source, clock skew, magnitude lower noise, tcp, tcp timestamps

Blind SQL Injection Discovery And Exploitation Technique

2008-06-03 09:23:34 by Editor in Help Net Security - Articles

This paper describes a technique to deal with blind SQL injection spot with ASP/ASP.NET applications running with access to XP CMDSHELL. It is possible to perform a pen test against this scenario by

Tags: technique, net applications, paper describes, test, aspasp, scenario, perform, access, deal

The Impact of Dans DNS Debacle on Internet Risk

2008-07-30 08:11:30 by Burton Group in Security and Risk Management Strategies Blog

...technique invented by Dan. It combines two vulnerabilities that have been well-known for some time the ability to guess non-random transaction IDs and the use of Additional RRs to insert new entries into the DNS cache. A fix against either of these vulnerabilities also negates the attack itself The fundamental question that determines the...

Tags: dns servers, servers, impact, dns, dns servers cache, risk impact revolves, major dns vendors, risk, major dns vulnerability

The Impact of Dan???s DNS Debacle on Internet Risk

2008-07-30 08:11:30 by Burton Group in Security and Risk Management Strategies Blog

...technique invented by Dan. It combines two vulnerabilities that have been well-known for some time ??? the ability to guess non-random transaction IDs and the use of Additional RRs to insert new entries into the DNS cache. A fix against either of these vulnerabilities also negates the attack itself The fundamental question that determines the...

Tags: dns, impact, major dns vendors, risk impact revolves, dns servers, servers, risk, dns server implementations, major dns

BlackHat Recap

2008-08-12 22:43:18 by Chris Eng in Zero in a bit

...technique for exploiting vulnerabilities in web browsers. Of course, the media has sensationalized the impact of their findings, but ultimately, this is still significant as far as browser-based exploits are concerned. Its worth mentioning that part of the technique allowing them to load a .NET DLL at an arbitrary location under Vista was...

Tags: favorite, favorite talk, talk, sotirovdowd talk, scott stenders talk, completely reliable technique, reliable, attack, technique

BlackHat Recap

2008-08-12 22:43:18 by Chris Eng in Zero in a bit

...technique for exploiting vulnerabilities in web browsers. Of course, the media has sensationalized the impact of their findings, but ultimately, this is still significant as far as browser-based exploits are concerned (here is a more accurate report ). Its worth mentioning that part of the technique allowing them to load a .NET DLL at an...

Tags: favorite, favorite talk, talk, sotirovdowd talk, scott stenders talk, completely reliable technique, reliable, attack, technique

Mitigating Exploitation Techniques

2008-10-03 00:07:00 by sdl in The Security Development Lifecycle

...techniques have been developed and refined to the point that very little expertise has been needed to successfully exploit software vulnerabilities. These refinements have lowered the bar for attackers and drastically increased the probability that an attack will be successful. This has led to the need for mitigation techniques that can...

Tags: techniques, mitigation technique, mitigation, mitigation techniques attempt, exploitation, mitigation techniques, exploitation techniques, successful exploitation attempt, successful

The Random JS Malware Exploitation Kit

2008-01-15 20:49:56 by HASH0x8be7244 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...technique is hosting everything on the infected domain. Sample random and local malware locations bunburyymas.com/ihkxtmzl bunburyymas.com/odjiffkl techicorner.com/bcuoixqf otcash.com/ktehxwmj otcash.com/soqutkue otcash.com/bemkwijz Sample .js random filenames cgolu.js; czynd.js; eenom.js; eqfps.js; erztp.js; frpmg.js; iggmy.js;...

Tags: random, malware, random attack approach, cgi, local malware locations, cgi-bincert, cgi-binss, cgi-binoptions, cgi-binpstore

Models and Reductionism - Reducing Clouds Into Streams

2008-04-14 01:17:58 by Greg Reemler in The Complex Event Processing Blog

...technique for problem solving. Likewise, eliminating uncertainty and assuming causality is a way to reduce complexity CEP was envisioned todiscover causal relationships in complex, uncertain,cloudydataand the current state-of-the-art of software from the streaming SQL vendors do not have this capability, unless you reduce all event models to...

Tags: complex event, complex, software tools, software, cep, cep products, reduce complex, cep software, reduce posets

Spying on Computer Monitors Off Reflective Objects

2008-05-20 10:44:31 by schneier in Schneier on Security

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo