Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Unicode Encoding Implementation Flaw Widespread

Submitted by LordNikon
LordNikon (584915) writes "According to CERT "Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.". Proof of concepts affecting IIS are already being posted to security mailing lists, and Cisco IPS and other IDS products are also affected."

The universe does not have laws -- it has habits, and habits can be broken.

Working...