There are cases in which "gentle" techniques like timing or power analyses are not enough to fulfill the attacker's goal. Or the goal itself is not to break the protection scheme but to break through it, to the end target the mechanism is protecting, in a modern reenactment of Alexander the Great's "solution" to the Gordian knot. Enter failure-inducing attacks, in which the technique is to induce a failure in the very protection mechanism itself.

There are cases in which "gentle" techniques like timing or power analyses are not enough to fulfill the attacker's goal. Or the goal itself is not to break the protection scheme but to break through it, to the end target the mechanism is protecting, in a modern reenactment of Alexander the Great's "solution" to the Gordian knot. Enter failure-inducing attacks, in which the technique is to induce a failure in the very protection mechanism itself.

URLs have associated security implications. "Interesting" ways of using them have been known by spammers for a while, but now the Microsoft Knowledge Base spoof and the February issue of Crypto-Gram have made the Internet community more aware of what URLs can do.

Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. This first of a two part series from Security Portal looks at alternative, perhaps even unusual, means to induce or exploit security vulnerabilities.

Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer. This first of a two part series from Security Portal looks at alternative, perhaps even unusual, means to induce or exploit security vulnerabilities.