JPEG vulnerability and image-based attacks
MS04-028 disclosed a vulnerability in Windows JPEG processing. A walk through what it means.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged vulnerability — 5 results.
OpenSSH challenge-response: a serious vulnerability
A serious OpenSSH vulnerability has been disclosed in the challenge-response authentication code. The patch is available; the impact is substantial.
An emerging IIS exploit pattern
A new IIS vulnerability has been disclosed, this time in the indexing service handler. The exploitation pattern matches what I have been predicting; the next several weeks are going to be busy.
IIS Unicode aftermath: the broader pattern
A week on from MS00-078. The exploitation pattern played out as expected. Time to step back and think about what this category of vulnerability tells us, and what I expect over the next year.
MS00-078: the IIS Unicode directory traversal
Today Microsoft published MS00-078, a directory-traversal vulnerability in IIS exploited via Unicode-encoded URL characters. The bug is exactly the structural pattern I wrote about last year. The exploitation is going to be widespread.