Unexpected attack vectors
We've seen a lot of interesting attacks recently, ones that arose from leveraging unexpected openings that we should have been paying attention to, but weren't.
For instance, most of us know that virtually all anti-virus software packages will now scan ZIP attachments, and this is obviously a good thing. You'd think, or assume, that A/V software would also scan other compressed filetypes as well, like GZ, SIT, and RAR. However that's not usually the case, as some people discovered just a few days ago when it was revealed that viruses hidden inside RAR files passed right by A/V software from major vendors.
By Scott Granneman at SecurityFocus.
[ Read more ]