Data 'smuggling' opens websites to attack

BWX · Jun 15, 2005, 05:46 PM

Thousands of websites may be at risk from a new form of network attack that involves burying harmful packets of data within seemingly legitimate ones

Researchers at computer security firm Watchfire, in Massachusetts, US, discovered the attack technique, which they dub "HTTP Request Smuggling" (HRS). It exploits discrepancies in the way different combinations of software deal with the language used to transfer web pages, called Hypertext Transfer Protocol (HTTP).

Carefully crafting HTTP packets to make use of these discrepancies could enable hackers to carry out a range of nefarious acts, the researchers say. For example, an attacker could replace pages on a web site, or sneak destructive code past defences designed to filter out unsafe data packets.
_______________
Read More: News Scientist

Jun 15, 2005, 05:46 PM	#1
BWX unplugged Join Date: Nov 2002 Location: USNY Posts: 19,669 Rep Power: 110 System Specs	Data 'smuggling' opens websites to attack Thousands of websites may be at risk from a new form of network attack that involves burying harmful packets of data within seemingly legitimate ones Researchers at computer security firm Watchfire, in Massachusetts, US, discovered the attack technique, which they dub "HTTP Request Smuggling" (HRS). It exploits discrepancies in the way different combinations of software deal with the language used to transfer web pages, called Hypertext Transfer Protocol (HTTP). Carefully crafting HTTP packets to make use of these discrepancies could enable hackers to carry out a range of nefarious acts, the researchers say. For example, an attacker could replace pages on a web site, or sneak destructive code past defences designed to filter out unsafe data packets. _______________ Read More: News Scientist Last edited by MIG-31; Jun 15, 2005 at 05:56 PM. Reason: Closed the url.