Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Insider threats and software

From: michaelslists at gmail.com (silky)
Date: Wed, 15 Aug 2007 09:44:25 +1000
i really don't see how this is at all an 'insider' attack; given that
it is the common attack vector for almost every single remote exploit
strategy; look into the inner protocol of the specific app and form
your own messages to exploit it.



On 8/15/07, Gary McGraw <gem at cigital.com> wrote:

Hi sc-l,

My darkreading column this month is devoted to insiders, but with a twist.  In this article, I argue that software 
components which run on untrusted clients (AJAX anyone?  WoW clients?) are an interesting new flavor of insider 
attack.

Check it out:
http://www.darkreading.com/document.asp?doc_id=131477&WT.svl=column1_1

What do you think?  Is this a logical stretch or something obvious?

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________




-- 
mike
http://lets.coozi.com.au/
Previous By Date Next
Previous By Thread Next

Current thread: