, 2005-02-09
A new round of attacks and phishing attempts use some unexpected attack vectors that we should have been paying attention to, but weren't.
Expand all |
Post comment
|
Unexpected Attack Vectors
, 2005-02-09 A new round of attacks and phishing attempts use some unexpected attack vectors that we should have been paying attention to, but weren't.
Expand all |
Post comment
|
|
|
Privacy Statement |
Security is a proces.
In this proces you don't take counter measures to prevent some small attack vectors, but you deny anythink you don't want.
If you allow your users to download things, if you allow your users to open ssl tunnels, if you allow your users to send any http header to any url, then you never can be secure.
By disallowing downloads, direct ssl and using (reverse) proxies with filters for anything but [a-Z] . [0-9] you are save for most attack vectors, the known and the not known.
Waiting untill your vendor fixes things is not an option.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/298/30482#30482