Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unicode Encoding Flaw Widespread

Posted by kdawson on from the sneaking-past-the-IDS dept.

LordNikon writes "According to this CERT advisory: 'Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded HTTP traffic. By sending specially-crafted HTTP traffic to a vulnerable content scanning system, an attacker may be able to bypass that content scanning system.' A proof of concept affecting IIS is already being posted to security mailing lists. Cisco IPS and other IDS products are also affected." The CERT advisory lists 93 systems, with 6 reported as vulnerable (including 3com, Cisco, and Snort), 5 known not vulnerable (including Apple and HP), and the rest unknown.

1 of 184 comments (clear)

  1. Is "Bernard" pronounced like "burnèd"? by tepples · · Score: 0, Offtopic

    è is sometimes used to indicate that the e in a past participle is pronounced, eg learnèd (rhymes with Bernard)

    In Disney's 1994 film The Santa Clause , an elven character named Bernard (David Krumholtz), who accents his name on the last syllable, explains some of the basic rules to Santa. I've never heard "Bernard" pronounced any other way.

    Otherwise, I agree with your post.