Security musings (reflectorium)
Security musings (reflectorium)
Tuesday, June 08, 2004
Sanctum Paper on HTTP response splitting, web cache poisoning attacks, and related topics
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)
Sanctum published paper on "Divide and Conquer - HTTP response splitting, web cache poisoning attacks, and related topics" in March 2004. I read it last nights. It's an excellent read, very technical, with some sample code. It discusses the behaviour of common platforms, incl. IE 6.0 SP1, Squid 2.4, Apache/2.0, Netcache/5.2 and WebLogic 8.1 SP1. - It reads almost like a scientific paper, with a lot of helpful practical information. I think it really helps to understand some of the often-over-looked risks in web services security.
- After reading the paper, cache poisoning is no longer a remote possibility. (I know we've seen report on it being used for years, but this paper adds a new twist.)
Comments:
Post a Comment
Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.
RSS Feed now atom.xml!
My public bloglines universe
Essential Security Web-Sites
Internet Head Up Display,
Internet Storm Center incl. Handler's Diary
NewsNow.co.uk on Virii and Security -
Messagelabs stats,
Trendmicro,
Symantec,
CAI,
McAffee,
F-Secure
-- securityfocus,
packetstorm
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/
related blogs: general and family research