mrkitty - Slashdot User

Submission + - Unicode Encoding Implementation Flaw Widespread

Submitted by LordNikon on Monday May 21, 2007 @12:26PM

LordNikon writes: According to CERT "Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.". Proof of concepts affecting IIS are already being posted to security mailing lists, and Cisco IPS and other IDS products are also affected.

Submission + - NASA can't pay for killer asteroid hunt

Submitted by

CGISecurity.com

on Tuesday March 06, 2007 @12:37AM

CGISecurity.com writes: "NASA officials say the space agency is capable of finding nearly all the asteroids that might pose a devastating hit to Earth, but there isn't enough money to pay for the task so it won't get done. "We know what to do, we just don't have the money," said Simon "Pete" Worden, director of NASA's Ames Research Center.""

Submission + - Adobe Acrobat Universal Cross Site Scripting

Submitted by

QASec.com

on Wednesday January 03, 2007 @12:04AM

QASec.com writes: "An unpatched vulnerability in Adobe Acrobat Reader allows all websites hosting a PDF file to be affected by Cross Site Scripting."

Slashdot Top Deals