Secure Coding mailing list archives
Insider threats and software
From: fw at deneb.enyo.de (Florian Weimer)
Date: Wed, 15 Aug 2007 22:19:22 +0200
* Gary McGraw:
My darkreading column this month is devoted to insiders, but with a twist. In this article, I argue that software components which run on untrusted clients (AJAX anyone? WoW clients?) are an interesting new flavor of insider attack.
I really wish this were something new. 8-( In client/server applications, it's not too uncommon that the client connects to the server with a hard-coded password, uses that to download some kind of authentication table, and looks up a user-supplied password in it. If it's not found, the authentication fails. Apparantly, you can save some client licenses with such a setup.
Current thread:
- Insider threats and software Gary McGraw (Aug 14)
- Insider threats and software silky (Aug 14)
- Insider threats and software Gary McGraw (Aug 16)
- Insider threats and software silky (Aug 16)
- Insider threats and software Paco Hope (Aug 17)
- Insider threats and software Crispin Cowan (Aug 28)
- Insider threats and software Gary McGraw (Aug 16)
- Insider threats and software silky (Aug 14)
- <Possible follow-ups>
- Insider threats and software Pierre Parrend (Aug 16)
- Insider threats and software Michael S Hines (Aug 16)
- Insider threats and software {EOG} Gary McGraw (Aug 16)
- Insider threats and software Michael S Hines (Aug 16)