Tag: DoSAttack

Articles tagged with DoSAttack

DoSAttack Articles

Password reset flaw: when anyone can reset your password

29 May, 2024

During rigorous testing, security researchers uncovered a significant weakness in the password reset mechanisms used by numerous online platforms. By exploiting the seemingly harmless phone number field, an attacker can compromise a victim's account. The vulnerability lies in the mishandling of a four-digit code, which, instead of being sent solely to the owner's phone, is also included in the server's response. This oversight turns a seemingly harmless feature into a gateway for hackers to infiltrate users' digital lives.

READ article

Why you shouldn't (again) roll your own cryptography - real-life case in 2024.

Mateusz Lewczak

17 May, 2024

In the last part of our series "Why You Shouldn't Roll Your Own Cryptography," I talked about a custom hashing algorithm using Triple-DES. Today, I'll present another case from a desktop application that used a completely custom "hashing" algorithm. It's important to note that the application was written in a native language, so some reverse engineering will be involved.

READ article

Crashing servers with digits: floating-point numbers DoS vulnerabilities

Martin Matyja

10 March, 2024

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a system or network, in this case – a web application. One sophisticated form of such an attack exploits vulnerabilities in the processing of floating-point numbers. In our scenario, attackers manipulate the system's handling of floating-point arithmetic, leading to inaccurate calculations and potential system failures. This method challenges the reliability of numerical computations and poses a serious threat to the stability and availability of targeted systems.

READ article

A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?