attacker
RSS attackerVulnerabilities in MS Internet Explorer
White Paper Two new vulnerabilities in Microsoft Internet Explorer versions 5.5 and 6.0 pose a serious security risk that can allow an attacker to execute programs of his/her choice on vulnerable systems. Execute Programs" means that the attacker can do... [03 Jul 2008]
Techniques to Validate Host-Connectivity
White Paper This can let an attacker map and discover previously unknown firewalled hosts. Advanced host mapping bypasses many forms of intrusion detection systems, filters, and routers, essentially enabling an attacker to map and discover previously unknown... [03 Jul 2008]
Coping with Remote Administration Tools
White Paper A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a "client" in the attacker's machine, and a "server" in the victim's machine. [03 Jul 2008]
Dynamic Best Practices of Vulnerability Management
White Paper Once vulnerability is discovered, it is only a matter of time before an attacker develops the worm, virus or intrusion that can take advantage of the defect. The goal of the security team is to reduce risks by identifying and eliminating weaknesses... [03 Jul 2008]
New Attacks on ISO 9796-1 & 2
White Paper Coppersmith assert that if one can get the signer to sign just a few particular messages chosen by the attacker, the attacker can actually recover the signer's private key! These standards under attack cover not only RSA, but also Rabin (public... [03 Jul 2008]
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
White Paper By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service. This could potentially give the attacker the ability to take any desired action on the... [03 Jul 2008]
%u Encoding IDS Bypass Vulnerability
White Paper Since %u encoding is not a standard and IDS systems do not decode %u strings, it is possible for an attacker to %u encode his/her attack against an IIS web server without an IDS system detecting the attack. [03 Jul 2008]
Microsoft Security Bulletin MS01-058: 13 December 2001 Cumulative Patch for IE
White Paper Run code of attacker’s choice. Who should read this bulletin: Customers using Microsoft® Internet Explorer. Impact of vulnerability: Maximum Severity Rating: Critical Recommendation: Customers using IE should install the patch immediately. [03 Jul 2008]
Microsoft Security Bulletin MS01-060: SQL Server Text Formatting Functions Contain Unchecked Buffers
White Paper Run code of attacker’s choice on server Who should read this bulletin: Database administrators using Microsoft® SQL Server. Impact of vulnerability: Denial of service Maximum Severity Rating: Moderate [03 Jul 2008]
Writing Priveleged Programs
White Paper Writing privileged programs able to resist a concerted attacker has always been a very difficult process. The difficulty lies in the complex interactions between various system calls and the program's environment. [03 Jul 2008]
Trusting Software: Malicious Code Analyses
White Paper Malicious code is a real danger to defense systems, regardless of whether it is a programming flaw that can be exploited by an attacker, or something more directly sinister in nature, such as a computer virus or Trojan horse. [03 Jul 2008]
The Key to Security: On the Internet, Nobody Knows You're a Dog
White Paper An important development has taken place with respect to the expansion of computing attacks and the level of sophistication on the side of the attacker. During the 1980s and early 1990s hacking was almost an academic hobby of some computer geeks... [03 Jul 2008]
Recommended Action for Mitigation of SNMP Protocol Vulnerabilities
White Paper If not properly mitigated, these vulnerabilities could cause denial-of-service interruptions, equipment failure and possibly provide an attacker with unauthorized network access. The vulnerabilities can be found in more than 100 manufacturers... [03 Jul 2008]
Protecting Passwords: Part 2
White Paper An attacker will surely say, "I can't remember my password! The best approach is to have the people provide the actual password. The problem is obvious: How do you distinguish people who genuinely can't remember their passwords from attackers... [03 Jul 2008]
Multiple Remote DoS Vulnerabilities in DCE/RPC Deamons
White Paper An unauthenticated remote attacker that can talk to the endpoint on which the server is listening can crash the server. Many DCE/RPC servers don't do proper parameter validation, and can be crashed by sending an improperly formatted request. [03 Jul 2008]
