The Absurdly Underestimated Dangers of CSV Injection http://georgemauer.net/2017/10/07/csv-injection.html …
-
-
Replying to @jedisct1
Crazy, I never thought of that. Excellent paper. (But scary.)
1 reply 0 retweets 0 likes -
Replying to @bortzmeyer @jedisct1
it reminds me how DNS packets could be used to upload corporate data to a rogue DNS server : scary too
1 reply 0 retweets 0 likes -
I don't see the relationship (except it's an attack, but there are many different attacks). Care to elaborate?
1 reply 0 retweets 0 likes -
Because comparing code execution and data exfiltration seems strange.
1 reply 0 retweets 0 likes -
Replying to @bortzmeyer @jedisct1
right. the point is both methods are quite not easy to detect unless one logs everything (dns or http requests) and parses logs for attacks
1 reply 0 retweets 0 likes -
The CSV attack against Excel is completely undetectable in the logs.
2 replies 1 retweet 0 likes
Replying to @bortzmeyer @goozby
Yes. Pretty scary.
2:57 AM - 10 Oct 2017
from Paris
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.