Vulnerabilities of the TLS Protocol
Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS), are widely used protocols for secure online communication. They provide encryption and authentication between...
TV Virus – 1988 TV News Report
Sometimes I like to show some TV excerpt during the Cyber Security Awareness training sessions. It helps to boost the attention and to show how...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the...
CWE-672 – Operation on a Resource after Expiration or Release
Description The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. Modes of Introduction: - Architecture...
CWE-673 – External Influence of Sphere Definition
Description The product does not prevent the definition of control spheres from external actors. Typically, a product defines its control sphere within the code itself,...
CWE-674 – Uncontrolled Recursion
Description The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack....