Search Results

Search found 417 results on 17 pages for 'malicious'.

Page 11/17 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 | Next Page >

How can I fix a computer that is infested with malware and is extremely unresponsive? [closed]

- by fredley

Possible Duplicate: How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? I'm troubleshooting a Windows 7 PC for a friend. A couple of days ago it started running 'slow'. It turns out 'slow' is about 15 minutes to the first glimpse of the desktop, and another 30 to show icons. It is possible to open Task Manager, and nothing seems awry, CPU usage at 1-5%, plenty of memory free. The machine is clearly infested with malware though, in particular a program called 'Optimizer Pro' is demanding money to 'remove 5102 files slowing down my computer'. This seems highly suspicious. My problem is though, that I can't access msconfig (I left it for a couple of hours after having hopefully typed it into the Start Menu and hit enter - nothing seems to have loaded), or anything at all basically. I can boot from a Linux Live CD, but can I actually do anything useful from there? System Restore hasn't fixed it either, and Safe Mode exhibits the same behavior.

Read the article
How to removeTrojan PB [duplicate]

- by user266901

This question already has an answer here: How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? 15 answers How to remove trojan PB from windows 7 system? previously i had installed Norton 360 antivirus. the subscription was expired two months back. Recently i have purchased quick heal total security. while installing quick heal antivirus i get the message 'system infected by Trojan PB' Their is an option to remove Trojan PB by restarting computer. However the infection does not get removed. Please advice for removal of Trojan PB

Read the article
Security against IP spoofing [on hold]

- by user1369975

I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try to bring the services down and access the fake services. These ports adopt a blocking process of a connection request and record the IP and port of the client. These are logged and aren't granted access on service on port 80. But what to do if the client spoofs his IP? How can I modify my system?

Read the article
How to redirect a specific url through a proxy for multiple services?

- by CrystalFire

I have a website hosted on 000webhost.com for free. I am unable to connect directly to the site because Comcast has blocked a portion of 000webhost's servers for free accounts due to other people hosting malicious content. In order to maintain my website, I cannot use my computer to directly connect to the server. I am wondering if there is a way by which I can specifically forward attempts to access the server through a proxy, transparently. The current system that I am on is Windows, but I also have systems running Mac OSX and Linux, so solutions for any system could be fine. I've found answers which work for http, but I'm looking for a solution which will let me use all the other functions as well, such as ftp and ssh.

Read the article
Who should own /var/www? [closed]

- by John

Possible Duplicate: How should I structure my users/groups/permissions for a web server? I've seen a few answers to this on the internet, but I'm looking for a definitive answer. I have a new Ubuntu 12.04 LTS server with LAMP. Apache is set to run as "www-data" and /var/www is set as having "root" as the owner and "root" as the group. The permissions for /var/www are "drwxr-xr-x" which I believe translates to 755 numerically. I know that /var/www should not be owned by "www-data" because then buggy/malicious code could have a field day. However, should I keep it as root:root (inconvenient) or should I change it to ubuntu:ubuntu, the default user that Ubuntu preconfigures for you to log in with? Should the permissions remain at 755? I've been administrating systems for a while with no big security issues, but I'm trying to get really serious about security, double-check everything, and make sure that there are no gaps in my knowledge.

Read the article
how to manage a multi user server on linux?

- by user1175942

I'm working on a university project, where I have Tomcat as a web server, and I want to create a multi user environment on top of linux, so every user that logs into my website has his own credentials, and he can access only his own data (files and folders...). The main issue is that the purpose of the website is executing code on the server-side, so I must have a good (reasonable) protection against malicious code. (a user destroying his own user is fine by me) I thought that defining a linux-user for every website-user is the best solution - it isolates each user from the other, and I can define each one's permissions. Can I create users in linux using shell commands? Can I configure max quota/memory/cpu for a user? Anyone has another idea for managing that kind of multi-user environment?

Read the article
XSS attack to bypass htmlspecialchars() function in value attribute

- by Setzer

Let's say we have this form, and the possible part for a user to inject malicious code is this below ... <input type=text name=username value=<?php echo htmlspecialchars($_POST['username']); ? ... We can't simply put a tag, or a javascript:alert(); call, because value will be interpreted as a string, and htmlspecialchars filters out the <,,',", so We can't close off the value with quotations. We can use String.fromCode(.....) to get around the quotes, but I still unable to get a simple alert box to pop up. Any ideas?

Read the article
C Privilege Escalation (With Password)

- by AriX

Hey everyone, I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice? Thanks! P.S. No, this isn't anything malicious, this is on an iPhone.

Read the article
Java HTML parser/validator

- by at

We allow people to enter HTML code on our wiki-like site. But only a limited subset of HTML to not affect our styling and not allow malicious javascript code. Is there a good Java library on the server side to ensure that the code entered is valid? We tried creating an XML Schema document to validate against. The only issue there is the libraries we used to validate gave back cryptic error messages. What I want is for the validation library to actually fix the issue (if there was a style="" attribute added to an element, remove it). If fixing it is not easy, at least allow me to report a message to the user with the location of the error (an error code that I can present a nice message from is fine, probably even preferable).

Read the article
Preventing LDAP injection

- by Matias

I am working on my first desktop app that queries LDAP. I'm working in C under unix and using opends, and I'm new to LDAP. After woking a while on that I noticed that the user could be able to alter the LDAP query by injecting malicious code. I'd like to know which sanitizing techniques are known, not only for C/unix development but in more general terms, i.e., web development etc. I thought that escaping equals and semicolons would be enough, but not sure. Here is a little piece of code so I can make clearer the question: String ldapSearchQuery = "(cn=" + $userName + ")"; System.out.println(ldapSearchQuery); Obviously I do need to sanitize $userName, as stated in this OWASP ARTICLE

Read the article
Unique identifier for an email

- by Skywalker

I am writing a C# application which allows users to store emails in a MS SQL Server database. Many times, multiple users will be copied on an email from a customer. If they all try to add the same email to the database, I want to make sure that the email is only added once. MD5 springs to mind as a way to do this. I don't need to worry about malicious tampering, only to make sure that the same email will map to the same hash and that no two emails with different content will map to the same hash. My question really boils down to how one would combine multiple fields into one MD5 (or other) hash value. Some of these fields will have a single value per email (e.g. subject, body, sender email address) while others will have multiple values (varying numbers of attachments, recipients). I want to develop a way of uniquely identifying an email that will be platform and language independent (not based on serialization). Any advice?

Read the article
CMS Preventing Bad HTML Insertion by Client?

- by Jascha

I'm building a small CMS in PHP for a client and something I've noticed that comes up fairly often is a client will enter a bit of HTML in a field without closing his/her tag. I'm wondering if there is some parsing technique to prevent bad HTML from rendering my whole output page in italics because the user forgot to add a closing </i> tag. I'm not worried about XSS or malicious html, just a forgotten tag here and there as it's the client who is managing the content. Forgive me if this is a duplicate question, I did some searching, but could not find an appropriate answer. -J

Read the article
Best Practices for Sanitizing SQL inputs Using JavaScript?

- by Greg Bulmash

So, with HTML5 giving us local SQL databases on the client side, if you want to write a select or insert, you no longer have the ability to sanitize third party input by saying $buddski = mysql_real_escape_string($tuddski) because the PHP parser and MySQL bridge are far away. It's a whole new world of SQLite where you compose your queries and parse your results with JavaScript. But while you may not have your whole site's database go down, the user who gets his/her database corrupted or wiped due to a malicious injection attack is going to be rather upset. So, what's the best way, in pure JavaScript, to escape/sanitize your inputs so they will not wreak havoc with your user's built-in database? Scriptlets? specifications? Anyone?

Read the article
How can I sandbox Python in pure Python?

- by Blixt

I'm developing a web game in pure Python, and want some simple scripting available to allow for more dynamic game content. Game content can be added live by privileged users. It would be nice if the scripting language could be Python. However, it can't run with access to the environment the game runs on since a malicious user could wreak havoc which would be bad. Is it possible to run sandboxed Python in pure Python? If not, are there any open source script interpreters written in pure Python that I could use? The requirements are support for variables, basic conditionals and function calls (not definitions).

Read the article
avoid dialog box when netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); is

- by ganapati

Hi i got to create.write,read a local file within the javascript using XPCom. For that i have included the below line at the beginning of javascript. netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); But when the above script executes, a dialog box appears saying **Internet security** A script from "file://" is requesting enhanced abilities that are UNSAFE and could be used to compromise your machine or data: Run or install software on your machine Allow these abilities only if you trust this source to be free of viruses or malicious programs. ______ _______ | Deny | | Allow | -------- --------- But i dont want the dialog box to be appeared.How can i avoid it?. Thanks.

Read the article
Is Transport security a bad practice for the WCF service over the Internet?

- by Sergey

Hello, I have a WCF service accessible over the Internet. It has wsHttpBinding binding and message security mode with username credentials to authenticate clients. The msdn says that we should use message security for the Internet scenarios, because it provides end-to-end security instead of point-to-point security as Transport security has. What if i use transport security for the wcf service over the Internet? Is it a bad practice? Could my data be seen by malicious users? Thanks, Sergey

Read the article
How to prevent DOS attacks using image resizing in an ASP.NET application?

- by Waleed Eissa

I'm currently developing a site where users can upload images to use as avatars, I know this makes me sound a little paranoid but I was wondering what if a malicious user uploads an image with incredibly large dimensions that will eat the server memory (as a DOS attack), I already have a limit on the file size that can be uploaded (250 k) but even that size can allow for an image with incredibly large dimensions if the image for example is a JPEG that contains one color and created with a very low quality setting. Taking into consideration that the image is uploaded as a bitmap in memory when being resized (ie. not compressed), I wonder if such DOS attacks occur, even to check the image dimensions it has to be uploaded in memory first, did you hear about any attacks that exploited this? Am I too worried?

Read the article
SQL Injection with Plain-Vanilla NHibernate

- by James D

Hello, Plain-vanilla NHibernate setup, eg, no fluent NHibernate, no HQL, nothing except domain objects and NHibernate mapping files. I load objects via: _lightSabers = session.CreateCriteria(typeof(LightSaber)).List<LightSaber>(); I apply raw user input directly to one property on the "LightSaber" class: myLightSaber.NameTag = "Raw malicious text from user"; I then save the LightSaber: session.SaveOrUpdate(myLightSaber); Everything I've seen says that yes, under this situation you are immune to SQL injection, because of the way NHibernate parameterizes and escapes the queries under the hood. However, I'm also a relative NHibernate beginner so I wanted to double-check. *waves hand* these aren't the droids you're looking for. Thanks!

Read the article
PHP - a different open_basedir per each virtual host

- by Lopoc

Hi I've came across on this problem, I have a sever running apache and php. We have many virtual hosts but we've noticed that a potentially malicious user could use his web space to browse other user's files(via a simple php script) and even system files, this could happens due to the php permissions. A way to avoid it is to set the open_basedir var in php.ini, yhis is very simple in a single host system, but in case of virtual hosts there would be a basebir per each host. Ho can I set dis basedir per each user/host? is there a way to let apache hereditate php privileges of the php file that has been requested E.G. /home/X_USER/index.php has as owner X_USER, when apache read the file index.php it checks its path and owner, simply I'm looking for a system set php basedir variable to that path. Thank in advance Lopoc

Read the article
How to secure connection between PHP and Android

- by Elad Cohen

I am developing an application for the Android that requires a connection with PHP pages in order to add sensitive data to a database that will affect the application. Since it's very easy to reverse engineer an android app, one can simply find the url where the data is sent to and manipulate it. I thought about creating a registration based on IMEI, but one can still able to manipulate it for his malicious purposes. I have also checked OAuth but I didn't really understand how it works and if it can help in my condition. What can I do to fully secure my application? Thanks in advance! EDIT: By the way, what I am mostly trying to achieve here is to make sure the requests are being sent from an Android and not from any other device.

Read the article
Using Custom HttpHandler to redirect users in Sharepoint

- by BeraCim

Hi all: I need to redirect a user to a different page if they visit a certain set of pages in a web. There is one condition: I'm not allowed to touch the IIS. I have googled around and found a thing called the custom HttpHandler for WSS 3.0. It sounded like something that I can use to capture the URL the user enters (the most malicious way to get to a page that should really be redirected) and redirect them to another page/web. But having not have the chance to use it yet, I was wondering am I on the right track by using a Custom HttpHandler to redirect a user to a different page in Sharepoint using C#? Many thanks.

Read the article
var undefined = true;

- by Andreas Grech

I'm doing some experimenting with this malicious JavaScript line: var undefined = true; Every uninitialized variable in JavaScript has the value of undefined which is just a variable that holds the special value of 'undefined', so the following should execute the alert: var undefined = true, x; if (x) { alert('ok'); } But it doesn't, and my question is why? On further experimentation, I tried the following: var undefined = true, x = undefined; if (x) { alert('ok'); } This time, the alert is executed. So my question is...since in the first snippet x holds undefined (because it is not initialized), why didn't the alert execute? The strange thing is that when explicitly stating that x is undefined (x = undefined), the alert executed...

Read the article
Safety of Amazon Community AMIs

- by Koran

Hi, I am working for a scientific project and would like to use the Amazon EC2 to host the same. Now, I was going through the existing AMIs to create my own, but I found one AMI in the community list of AMIs - which fits perfectly. My question is the following - are the community AMIs safe? Is it possible for a malicious user to create an AMI in such a way that say the usernames/passwords etc can be sent to a remote server or something? Does Amazon do any sort of checking to make sure it cannot happen? I couldnt find the answers to these in Amazon site. I am pretty sure that you guys would have felt the same issues - could you please provide your answers? Regards K

Read the article
Key logging in .NET

- by Moshe

Is it possible to write a key logger in Visual Basic.NET? Is this the right language to be using? So far, I've gotten a console app to read input and append to a file. 1)How can I make a .NET program "catch" all keyboard input? 2)How do I make a process not show up in Task Manager? This is not for a virus, but rather a parental control program for a specific clientele. No malicious intent here.

Read the article
How to preserve hyperlink when submitting via php form into MySQL

- by TheTub

Hi All, I've created a form that stores free text fields into a MySQL database. All works fine and the data is displayed back as intended when viewed. Except for one niggle. In an attempt to prevent malicious attacks I have used mysql_real_escape_string to remove any unwanted code from the input. However, I need to be able to preserve hyperlinks and basic html. For example, I want to store the following: <p align="left">Please follow this <a href="link.html">link</a></p> But the link is being stored as \"link.html\" as the quotes are being escaped. How can I preserve this link and other html? Many thank TT

Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 | Next Page >