Search Results

Search found 354 results on 15 pages for 'vulnerability'.

Page 12/15 | < Previous Page | 8 9 10 11 12 13 14 15  | Next Page >

  • CodePlex Daily Summary for Friday, December 17, 2010

    CodePlex Daily Summary for Friday, December 17, 2010Popular ReleasesVCC: Latest build, v2.1.31217.1: Automatic drop of latest buildBCrypt.Net: BCrypt.Net R4: Fixed a integer overflow at workFactor = 31LiveChat Starter Kit: LCSK v1.0: This is a working version of the LCSK for Visual Studio 2010, ASP.NET MVC 3 (using Razor View Engine). this is still provider based (with 1 provider Sql) and this is still using WebService and Windows Forms operator console. The solution is cleaner, with an installer to create tables etc. Let me know your feedbackOrchard Project: Orchard 0.9: Orchard Release Notes Build: 0.9.253 Published: 12/16/2010 How to Install OrchardTo install the Orchard tech preview using Web PI, follow these instructions: http://www.orchardproject.net/docs/Installing-Orchard-Using-Web-PI.ashx Web PI will detect your hardware environment and install the application. --OR-- Alternatively, to install the release manually, download the Orchard.Web.0.9.253.zip file. The zip contents are pre-built and ready-to-run. Simply extract the contents of the Orch...SharpDropBox Client for .NET: WP7 SharpDropBox Client - 0.1 Technology Preview: I decided to go ahead and release this. It works well for simple browsing folder structure/downloading files (and login works). See samples for an example of how to use it. I am in progress with a couple other methods which aren't currently working.SQL Monitor: SQL Monitor 2.9: 1. automatically set sql for new query if a object is selected(table/sp/function/view)SplendidCRM: SplendidCRM 5.0 Community Edition: SplendidCRM Software has adopted the GNU Affero General Public License Version 3 (AGPLv3) for its Community Edition. This release includes the full set of SQL source code in the Community Edition, something that was previously only available in the Professional and Enterprise Editions. An article on the subject of Commercial Open-Source licensing has been posted at http://www.codeproject.com/KB/architecture/splendid-guide-article6.aspx.DotSpatial: DotSpatial 12-15-2010: This release contains a few minor bug fixes and hopefully the GDAL libraries for the 3.5 x86 build actually built to the correct directory this time.DotNetNuke® Community Edition: 05.06.01 Beta: This is the initial Beta of DotNetNuke 5.6.1. See the DotNetNuke Roadmap a full list of changes in this release.MSBuild Extension Pack: December 2010: Release Blog Post The MSBuild Extension Pack December 2010 release provides a collection of over 380 MSBuild tasks. A high level summary of what the tasks currently cover includes the following: System Items: Active Directory, Certificates, COM+, Console, Date and Time, Drives, Environment Variables, Event Logs, Files and Folders, FTP, GAC, Network, Performance Counters, Registry, Services, Sound Code: Assemblies, AsyncExec, CAB Files, Code Signing, DynamicExecute, File Detokenisation, GU...Access Control Service Samples and Documentation (Labs): Samples-R3: Contains latest ACS samples (corresponding to R3 release) that show how to integrate ACS with web services, ASP.NET websites (Web Forms and MVC) and on how to interact with the ACS Management Service. The Readmes for these samples are available here.TweetSharp: TweetSharp v2.0.0.0 - Preview 5: Documentation for this release may be found at http://tweetsharp.codeplex.com/wikipage?title=UserGuide&referringTitle=Documentation. Note: This code is currently preview quality. Preview 5 ChangesMaintenance release with user reported fixes Preview 4 ChangesReintroduced fluent interface support via satellite assembly Added entities support, entity segmentation, and ITweetable/ITweeter interfaces for client development Numerous fixes reported by preview users Preview 3 ChangesNumerous ...EnhSim: EnhSim 2.2.2 ALPHA: 2.2.2 ALPHAThis release adds in the changes for 4.03a at level 85 To use this release, you must have the Microsoft Visual C++ 2010 Redistributable Package installed. This can be downloaded from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=A7B7A05E-6DE6-4D3A-A423-37BF0912DB84 To use the GUI you must have the .NET 4.0 Framework installed. This can be downloaded from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9cfb2d51-5ff4-4491-b0e5-b386f32c0992 - The spirit ...Silverlight Contrib: Silverlight Contrib 2010.1.0: 2010.1.0 New FeaturesCompatibility Release for Silverlight 4 and Visual Studio 2010FlickrNet API Library: 3.1.4000: Newest release. Now contains dedicated Windows Phone 7 DLL as well as all previous DLLs. Also contains Windows Help file documentation now as standard.mojoPortal: 2.3.5.8: see release notes on mojoportal.com http://www.mojoportal.com/mojoportal-2358-released.aspx Note that we have separate deployment packages for .NET 3.5 and .NET 4.0 The deployment package downloads on this page are pre-compiled and ready for production deployment, they contain no C# source code. To download the source code see the Source Code Tab I recommend getting the latest source code using TortoiseHG, you can get the source code corresponding to this release here.Microsoft All-In-One Code Framework: Visual Studio 2010 Code Samples 2010-12-13: Code samples for Visual Studio 2010SuperWebSocket: SuperWebSocket Drop 2: Changes: based on SuperSocket 1.3 supported sub protocol supported SSL/TLS encryption (wss) in Sync socket mode fixed some data communication bugsWii Backup Fusion: Wii Backup Fusion 0.9 Beta: - Aqua or brushed metal style for Mac OS X - Shows selection count beside ID - Game list selection mode via settings - Compare Files <-> WBFS game lists - Verify game images/DVD/WBFS - WIT command line for log (via settings) - Cancel possibility for loading games process - Progress infos while loading games - Localization for dates - UTF-8 support - Shortcuts added - View game infos in browser - Transfer infos for log - All transfer routines rewritten - Extract image from image/WBFS - Support....NETTER Code Starter Pack: v1.0.beta: '.NETTER Code Starter Pack ' contains a gallery of Visual Studio 2010 solutions leveraging latest and new technologies and frameworks based on Microsoft .NET Framework. Each Visual Studio solution included here is focused to provide a very simple starting point for cutting edge development technologies and framework, using well known Northwind database (for database driven scenarios). The current release of this project includes starter samples for the following technologies: ASP.NET Dynamic...New ProjectsaoleFilter: This is a Filter by MagicshuiChocottone: Simple to-do listData Access Engine (DAE): Data Access Engine (DAE) is an open source and free .NET component to access all popular DBMSs such as Microsoft SQL Server, MySQL, Oracle, Microsoft Access, SQLite and databases that connected by ODBC. DAE helps to connect different DBMSs at the same time. DependencyEvaluation: Programmatically sort your objects based on dependencies. Would work as a compiler framework, project planning, data binding, etc.Doc2Text Converter: A converter that can convert document files(like .doc,.ppt,and .pdf) to plain text.Dynamics AX Test Runner for Visual Studio 2010: Invoke Dynamics AX Test cases from within Visual Studio 2010 and retrieve the results.ExtensibleExtensions: Pack of extensions, firstly text utilities like pluralize, capitalize will be included.FluentHttp: .NET fluent api wrapper for creating restful web requests.K:L:O:N:K Updater Service: The K:L:O:N:K Updater Service is a deployment tool which can be used to deploy Microsoft Installer (msi ), zip or other file formats. A directory is setup to be the deployment directory. Put files into this directory and the packages are distributed and installed at clients.Keyki: my code repositoryLED Editor: Simple project for editing a LED sequence ...Maui: SchedulerMcAfee Vulnerability Manager - Delta Report: Processes two .CSV files generated by McAfee Vulnerability Manager to highlight which vulnerabilities were patched or are still outstanding.milkway Project: A java web project under Spring. Galaxy is an enterprise wiki system.Minecraft Save Wizard: Do you like minecraft ? Do you like it so much that you wish there were more worlds ? Well now you can have as many worlds as you desire. Simply move them to and from your saves folder to a backup folder using this software. It couldn't be simpler ;)Minis Manager: A manager for miniature figures to use for rpgs etc.Model2Form: An ASP.NET Control similar to GridView but it auto builds a Web From in run-time by binding a Model. OBD C# Wrapper: OBD C# Wrapper I want to help peaople to get data from an OBD system. The idea is to create a C# class with preconfigured methods for load values and for use them in a GUI. With this class people have to focalized on the GUI design and not on the interface with OBD.Opalis Extension Local Group and User Management: A Opalis Integration pack allowing for management of local computer groups and users.Opalis Integration Pack: VMWare VSphere: An integration Pack for Opalis. Extending Opalis to integrate fully with VMWare. Built using the Vmware Powershell CMDLets wrapped in C#.Opalis Utilities: An integration pack for Opalis. Extending Opalis to provide some addition UtilitiesOrchard Maps: A Maps module for OrchardOur ICProject: IC 2011 projectpatterns & practices: Project Silk: Project Silk provides guidance and sample implementations that describe and illustrate recommended practices for building next generation web applications using web technologies like HTML5, jQuery, CSS3 and IE9. pianduan: ????pob: xna game in developmentpscommand Firefox Extension: A Firefox extension which allows user to invoke PowerShell commands on links.R.NET: R.NET enables .NET Framework to collaborate with R statistical computing. R.NET requires .NET Framework 4 and R.dll. You already have the DLL in the `bin' folder if you installed R environment, and you need no other extra installations. R.NET is developed in C#.Rough Set tool set: Rough Set Tool SetSerial Port Terminal (SPTerm): Serial Port Terminal (SPTerm) is used for basic communication using serial port (com). Sending bytes and ASCII from PC can be done using SPTerm. It is useful for micro controller projects for UART and simple transmission. Hex data can be sent out directly from text box in SPTermSLGame: NullThe Jumping Point: TJP is a 2 player sidescroller based on SFML. TJP is developed in C++ and will be available for both linux and windows.UIT CRM: Ð? án môn h?c Qu?n lý d? án CNTT c?a nhóm. (tru?ng ÐH CNTT - ÐHQG TpHCM)

    Read the article

  • CodePlex Daily Summary for Thursday, March 25, 2010

    CodePlex Daily Summary for Thursday, March 25, 2010New ProjectsAccessibilityChecker: Accessibility Checker is custom feature developed to check accessibility requirements in a SharePoint PortalAnne Epstein - Personal Repository: Project Description This project contains multiple samples with various snippets and projects from blog posts, user group talks, and conference se...BatterySaver: BatterySaver is a simple application, in C#, that allows laptop users to perform actions based on battery notification events (switching from batte...dtxJson: C# coded JSON (JavaScript Object Notation) parser.eCamp: eCamp is a modular and extensible electronic camp management application. Written in C# and WPF, it follows many of the latest technology trends su...epdevplatform: epdevplatformERP: Environment Colaborative Resources ProjectFaceLight - Simple Silverlight Face Detection: FaceLight is a simple facial recognition method that can be used with Silverlight 's webcam. It searches for a certain sized skin color region in a...Forum PAF - The Open Source .Net Forum - From Viet Nam - By Thomas John (jntpaf): The Open Source .Net Forum - From Viet Nam ------------------------- Các phần mềm cần thiết để chạy Forum PAF: 1. .Net Framework 2.0 (trở lên) 2....Gawam Savel - Sistema de Avaliação Eletrônica: Projeto de TCC ...Html5 Helpers and tools for Asp.Net MVC: Html5 Helper aims to provide a generic helper context to produce HTML5 content in ASP.NET MVCIfeanyi Echeruo's WPF Recipes: WPF Recipes C# code samples showing how to solve some non-trivial problems in WPFITM 495 - iPhone App: school project iphone appKnowledge Exchange: Stack Overflow Inspired Knowledge ExchangeMailCheck: Mail检查程序。NetBoard: NetBoard is a lightweight system designed to act as the Blackboard in a micro-blackboard architecture for use within an OO system - even when withi...RodBass.com: RodBass.comsemanticrest: This is a vision of semantics mashups for rest web services.StatSpaceUI: StatSpaceUITFS Merge Tool: A small tool for merging changesets between TFS branches.The Interface To End All Interfaces: We interfaced everything, so that you can implement anything...Tim - Open Source Projects And Samples: Open source projects / Samples for http://tim.bellette.netWindows XNA: A place for those who enjoy there XNA Game Studio programing on Windows. For a place to share XNA Game Studio games for Windows in English. I'm loo...XAML Code Snippets addin for Visual Studio 2010: Provides support for adding XAML code snippets in the Visual Studio 2010 code editor for XAML in WPF and Silverlight projects.New ReleasesAnyWorks: AnyWorks1.2Bin: AnyWorks1.2AnyWorks: AnyWorks1.2Src: AnyWorks1.2AppFabric Caching Admin Tool: AppFabric Caching Admin Tool 1.0: System Requirements:.NET 4.0 RC AppFabric Caching Beta2 Test On:Win 7 (64x) Note: Must run as Administrator !!!ASP.NET Wiki Control: Release 1.1: - Modified text and varchar columns to nvarchar for unicode support. - Modified path info logic to disable its use if the page's raw url currently...B&W Port Scanner: Black`n`White Port Scanner 2.0: Fast Cross-Platform Port Scanner with Vulnerability Detection Tools. 3 vulnerability detection tools are included in this version: - Detection of ...BatterySaver: 0.1: Initial Release This is the initial release of the application. The application is very much beta with lots of changes upcoming. Known Issues The...BatterySaver: 0.2: Changes+ Add support for enabling and disabling devices (6)Compare .NET Objects: Version 1.2.0.0: New Features: Compare Generic Classes that Implement IList Indexers Compare Datasets Compare DataTables Compare DataRows Consider IList and...Controlled Vocabulary: 1.0.0.3: System Requirements Outlook 2007 / 2010 .Net Framework 3.5 Installation 1. Close Outlook (Use Task Manager to ensure no running instances in the b...crudwork is a library of reuseable classes for developing .NET applications: crudwork 2.2.0.2: minor changes. new guid for msi and new strongly named guidDigitallyCreated Utilities: DigitallyCreated Utilities v1.0.0: This release is the v1.0.0 version of DigitallyCreated Utilities. Binary Distribution The binary distribution contains the following: Compiled bin...DirectQ: Release 1.8.2: Adds several bugfixes and improved functionality. This release supersedes 1.8.1 which will be shortly removed. A very big THANK YOU to everyone w...DotNetNuke® Community Edition: 05.03.01: Major Highlights Issue fixed issue with the email notifications where the From and To addresses were swapped. Issue fixed with signature ch...Encrypted Notes: Encrypted Notes 1.5: This is the latest version of Encrypted Notes (1.5). It has an installer - it will create a directory 'CPascoe' in My Documents. Once you have ext...EnhSim: Release v1.9.8.1: Release v1.9.8.1Adding in the Glyph of Flame Shock changes in 3.3.3FlickrNet API Library: 3.0 Beta: A brand new version of the FlickrNet library, exposing 100% of the Flickr API's methods, along with streamlined class and method names. All classe...Forum PAF - The Open Source .Net Forum - From Viet Nam - By Thomas John (jntpaf): Forum PAF - The Open Source .Net Forum: A, Các phần mềm cần thiết để chạy Forum PAF: 1. .Net Framework 2.0 (trở lên) 2. Ajax Extension 1.0 (trở lên) 3. Sql Server 2005 (Sql Server Expr...HydroDesktop - CUAHSI Hydrologic Information System Desktop Application: HydroDesktop 0.7.3735 Alpha Installer: This is the testing release of the HydroDesktop 0.7 alpha version. Features supported in this version include: Search for data and download of Hydr...MDownloader: MDownloader-0.15.9.56953: Fixed Uploading.com links detection.MiniTwitter: 1.10: MiniTwitter 1.10 更新内容 追加 未読管理時に未読数をタブに表示する機能を実装 サイレントモードを実装(通知領域アイコンを右クリックして出るメニューから切り替え) 修正 「お気に入りワードを含む項目だけ表示する」オプションが機能していなかった問題を修正NoteExpress User Tools (NEUT) - Do it by ourselves!: NoteExpress User Tools 1.9.1: 测试版本:NoteExpress 2.5.0.1147 #修正一个改动的bugOneCMS: OneCMS 2.6: OneCMS 2.6 is finally here! Along with various bug fixes 2.6 also brings with it many new features such as the videos module, plugins system, and m...Quantity System Framework: Quantity System Calculator 1.1.9.93: Experience the new edition of the quantity system with text support and function treated as values now you can multiply functions and divide funct...Selection Maker: Selection Maker 1.4: some minor bugs fixed. icon added for running and uninstalling the application.sPATCH: sPatcher v0.8a: + Disabled patchers proxy settings to increase connection speed sPatch - Server Example *Contains a sample Patch that "downgrades" PWI 1.4.2 Clien...VSTT 2008 Quick Reference Guide: VS Performance Testing Quick Reference V2.0: Visual Studio Performance Testing Quick Reference Guide (Version 2.0)WeatherBar: WeatherBar 2.0: WeatherBar 2.0 Changelog: Introduced application settings. Modified UI. Ability to switch between Fahrenheit and Celsius (application-wide). ...WillStrohl.LightboxGallery Module for DotNetNuke: WillStrohl.LightboxGallery v1.02.01: This version of the Lightbox Gallery Module adds the following features: Upgraded the Autocomplete jQuery plugin Fixed an IE8 error that was occu...Windows XNA: Base Defense Alpha 0.339: Alpha 0.338 had a really bad bug that made the game crash, that is what I get for coding after 3am... I also made some AI for the Raptor. So now it...WPF Dynamic Data Display: Silverlight DynamicDataDisplay v0.2 - Spring 2010: Silverlight version of WPF DynamicDataDisplay charting library The version 0.2 shows a greater performance comparing with version 0.1 while having...Most Popular ProjectsMetaSharpRawrWBFS ManagerASP.NET Ajax LibrarySilverlight ToolkitMicrosoft SQL Server Product Samples: DatabaseAJAX Control ToolkitLiveUpload to FacebookWindows Presentation Foundation (WPF)ASP.NETMost Active ProjectsRawrjQuery Library for SharePoint Web ServicesFarseer Physics EngineBlogEngine.NETFacebook Developer ToolkitNB_Store - Free DotNetNuke Ecommerce Catalog ModulePHPExcelTable2ClassFluent Ribbon Control SuiteLINQ to Twitter

    Read the article

  • VoteCounts: bookmarklet to display up/down votes even for rep<1k

    - by SztupY
    Screenshot / Code Snippet About This small bookmarklet will allow anyone to use the "vulnerability" of the API that it allows you to check the up/down vote count - a feat you could normally achieve by being a 1k+rep user. Mainly useful for sites where you don't have this amount of rep, but want to check the stats of the more controversial questions (usually on meta) No API key is actually used here, but it's trivial to add one. License I don't think a code like this deserves anything other than WTFPL Download It's the following line (javascript - 375 bytes): javascript:(function(){a='jsonp';c=' .vote-count-post';d='up_vote_count';e='down_vote_count';$.ajax({url:document.location.href.replace(/(http:\/\/)(.*)(\/questions\/.*)\/.*/,'$1api.$2/1.0$3'),dataType:a,jsonp:a,success:function(x){b=x.questions[0];$('#question'+c).html(b[d]+"-"+b[e]);$.each(b.answers,function(z,y){$('#answer-'+y.answer_id+c).html(y[d]+"-"+y[e])})}})})() EDIT: This is longer, but it will make the result look like exactly on SO. Took a while to make it exactly 508 chars, so it works with IE too. javascript:(function(){w=function(t,q){l='_vote_count';h='up'+l;j='down'+l;k='</div>';s='<div style="color:';$(t).html(s+'green">'+(q[h]?'+':'')+q[h]+k+'<div class="vote-count-separator">'+k+s+'maroon">'+(q[j]==0?'':'-')+q[j]+k)};a='jsonp';c=' .vote-count-post';$.ajax({url:document.location.href.replace(/(http:\/\/)(.*)(\/questions\/.*)\/.*/,'$1api.$2/1.0$3'),dataType:a,jsonp:a,success:function(x){b=x.questions[0];w('#question'+c,b);$.each(b.answers,function(z,y){w('#answer-'+y.answer_id+c,y)})}})})() Platform For any jquery/bookmarklets compatible browser. Tested with Chrome, FF3.6 and IE8 for SU,SO,MSO Contact sztupy.hu Code It was written in notepad already in minified form. Used firebug to debug. Code is above. Contribute(=decrease code size or make the output nicer) any way you want. I'd be great if you'd do the second code shorter than 508 bytes. Known bugs If a question has more than 30 answers then some of the answers won't be resolved. This can be solved easily for <=100 answers, but for questions with more than 100 answers this is more difficult EDIT: updated to API version 1.0. Answers doesn't work yet.

    Read the article

  • HTG Explains: Do Non-Windows Platforms Like Mac, Android, iOS, and Linux Get Viruses?

    - by Chris Hoffman
    Viruses and other types of malware seem largely confined to Windows in the real world. Even on a Windows 8 PC, you can still get infected with malware. But how vulnerable are other operating systems to malware? When we say “viruses,” we’re actually talking about malware in general. There’s more to malware than just viruses, although the word virus is often used to talk about malware in general. Why Are All the Viruses For Windows? Not all of the malware out there is for Windows, but most of it is. We’ve tried to cover why Windows has the most viruses in the past. Windows’ popularity is definitely a big factor, but there are other reasons, too. Historically, Windows was never designed for security in the way that UNIX-like platforms were — and every popular operating system that’s not Windows is based on UNIX. Windows also has a culture of installing software by searching the web and downloading it from websites, whereas other platforms have app stores and Linux has centralized software installation from a secure source in the form of its package managers. Do Macs Get Viruses? The vast majority of malware is designed for Windows systems and Macs don’t get Windows malware. While Mac malware is much more rare, Macs are definitely not immune to malware. They can be infected by malware written specifically for Macs, and such malware does exist. At one point, over 650,000 Macs were infected with the Flashback Trojan. [Source] It infected Macs through the Java browser plugin, which is a security nightmare on every platform. Macs no longer include Java by default. Apple also has locked down Macs in other ways. Three things in particular help: Mac App Store: Rather than getting desktop programs from the web and possibly downloading malware, as inexperienced users might on Windows, they can get their applications from a secure place. It’s similar to a smartphone app store or even a Linux package manager. Gatekeeper: Current releases of Mac OS X use Gatekeeper, which only allows programs to run if they’re signed by an approved developer or if they’re from the Mac App Store. This can be disabled by geeks who need to run unsigned software, but it acts as additional protection for typical users. XProtect: Macs also have a built-in technology known as XProtect, or File Quarantine. This feature acts as a blacklist, preventing known-malicious programs from running. It functions similarly to Windows antivirus programs, but works in the background and checks applications you download. Mac malware isn’t coming out nearly as quick as Windows malware, so it’s easier for Apple to keep up. Macs are certainly not immune to all malware, and someone going out of their way to download pirated applications and disable security features may find themselves infected. But Macs are much less at risk of malware in the real world. Android is Vulnerable to Malware, Right? Android malware does exist and companies that produce Android security software would love to sell you their Android antivirus apps. But that isn’t the full picture. By default, Android devices are configured to only install apps from Google Play. They also benefit from antimalware scanning — Google Play itself scans apps for malware. You could disable this protection and go outside Google Play, getting apps from elsewhere (“sideloading”). Google will still help you if you do this, asking if you want to scan your sideloaded apps for malware when you try to install them. In China, where many, many Android devices are in use, there is no Google Play Store. Chinese Android users don’t benefit from Google’s antimalware scanning and have to get their apps from third-party app stores, which may contain infected copies of apps. The majority of Android malware comes from outside Google Play. The scary malware statistics you see primarily include users who get apps from outside Google Play, whether it’s pirating infected apps or acquiring them from untrustworthy app stores. As long as you get your apps from Google Play — or even another secure source, like the Amazon App Store — your Android phone or tablet should be secure. What About iPads and iPhones? Apple’s iOS operating system, used on its iPads, iPhones, and iPod Touches, is more locked down than even Macs and Android devices. iPad and iPhone users are forced to get their apps from Apple’s App Store. Apple is more demanding of developers than Google is — while anyone can upload an app to Google Play and have it available instantly while Google does some automated scanning, getting an app onto Apple’s App Store involves a manual review of that app by an Apple employee. The locked-down environment makes it much more difficult for malware to exist. Even if a malicious application could be installed, it wouldn’t be able to monitor what you typed into your browser and capture your online-banking information without exploiting a deeper system vulnerability. Of course, iOS devices aren’t perfect either. Researchers have proven it’s possible to create malicious apps and sneak them past the app store review process. [Source] However, if a malicious app was discovered, Apple could pull it from the store and immediately uninstall it from all devices. Google and Microsoft have this same ability with Android’s Google Play and Windows Store for new Windows 8-style apps. Does Linux Get Viruses? Malware authors don’t tend to target Linux desktops, as so few average users use them. Linux desktop users are more likely to be geeks that won’t fall for obvious tricks. As with Macs, Linux users get most of their programs from a single place — the package manager — rather than downloading them from websites. Linux also can’t run Windows software natively, so Windows viruses just can’t run. Linux desktop malware is extremely rare, but it does exist. The recent “Hand of Thief” Trojan supports a variety of Linux distributions and desktop environments, running in the background and stealing online banking information. It doesn’t have a good way if infecting Linux systems, though — you’d have to download it from a website or receive it as an email attachment and run the Trojan. [Source] This just confirms how important it is to only run trusted software on any platform, even supposedly secure ones. What About Chromebooks? Chromebooks are locked down laptops that only run the Chrome web browser and some bits around it. We’re not really aware of any form of Chrome OS malware. A Chromebook’s sandbox helps protect it against malware, but it also helps that Chromebooks aren’t very common yet. It would still be possible to infect a Chromebook, if only by tricking a user into installing a malicious browser extension from outside the Chrome web store. The malicious browser extension could run in the background, steal your passwords and online banking credentials, and send it over the web. Such malware could even run on Windows, Mac, and Linux versions of Chrome, but it would appear in the Extensions list, would require the appropriate permissions, and you’d have to agree to install it manually. And Windows RT? Microsoft’s Windows RT only runs desktop programs written by Microsoft. Users can only install “Windows 8-style apps” from the Windows Store. This means that Windows RT devices are as locked down as an iPad — an attacker would have to get a malicious app into the store and trick users into installing it or possibly find a security vulnerability that allowed them to bypass the protection. Malware is definitely at its worst on Windows. This would probably be true even if Windows had a shining security record and a history of being as secure as other operating systems, but you can definitely avoid a lot of malware just by not using Windows. Of course, no platform is a perfect malware-free environment. You should exercise some basic precautions everywhere. Even if malware was eliminated, we’d have to deal with social-engineering attacks like phishing emails asking for credit card numbers. Image Credit: stuartpilbrow on Flickr, Kansir on Flickr     

    Read the article

  • Reset / Remove - Google Keywords

    - by Herr Kaleun
    Summary: My site is ranking for filthy keywords and i would like to remove them from google ranking/keywords. Background: My server was hacked using the timthumb exploit/security vulnerability, apparently i was the last person on earth to read the news about the exploit, several months after it appeared. Anyway, the "hacker" was so friendly to modify the index.php file in such a fashion, that it generated random sexual oriented keywords if the website is fetched as google-bot. So if you would fetch it as google bot/it gets indexed, you would get randomly generated keywords like: sex videos teenager teen sex adult sex preteen A LINK TO A RANDOM CONTENT OF MY WEBPAGE anime sex videos a rough list something similar to that, about 180-200 per page. I've discovered it far too late, so that google had me indexed for the words "sex" and certain adult oriented keywords, about roughly 2000. I've removed all the content, toke the site down, replaced the index.php with a static HTML and added a "ERROR 410" title to the website so that the content is no longer here and removed permanently. I've also applied for a manual review of my website, about 1.5 months ago but still, the keywords are there, and very strange, some of the keyword rankings actually "improve" over time. Here are some screenshots from webmasters tools: Question: How can i remove this filthy keywords and re-rank my website as a "normal" website on the fastest way? I want to "REMOVE" the keywords if possible. Please help me or point me into a direction. Thank you

    Read the article

  • Security Issue in LinkedIn &ndash; View any 3rd profile without a premium account.

    - by Shaurya Anand
    Originally posted on: http://geekswithblogs.net/shauryaanand/archive/2013/06/25/153230.aspxI discovered this accidently when my wife forwarded a contact on LinkedIn from her tablet, using the mobile interface of the website. On opening the contact on my desktop, I was surprised to see, I need to upgrade my account to view the contact. Doing some research along with my wife, I found this simple security vulnerability from LinkedIn that can let anyone view a contact’s full profile even when you have a “not upgraded” LinkedIn account and that the contact is a “3rd + Everyone Else”. Here’s an example of what I am talking about. I just made a random search on LinkedIn for a contact whose name starts with Sacha. Do note, this is just a walkthrough and I am not publicizing any Sacha. I check the “3rd + Everyone Else” and find a “LinkedIn Member”. On clicking this person’s profile to view, I am presented with the following page, asking me to upgrade. Make a note of this page’s web address and you get the profile id from it. For example, for this contact, the page address is: http://www.linkedin.com/profile/view?id=868XXX35 The Profile Id for this contact is 868XXX35. Now, open following page where the Profile Id is the same as the one we grabbed a moment earlier. https://touch.www.linkedin.com/?#profile/868XXX35 The mobile page exposes this contact information and you even get the possibility to connect to this person without an introduction mail (InMail). I hope someone from LinkedIn sees and issues a fix for this. I am pretty sure, it’s something that they don’t want the user to do without purchasing an upgrade package.

    Read the article

  • Trigger IP ban based on request of given file?

    - by Mike Atlas
    I run a website where "x.php" was known to have vulnerabilities. The vulnerability has been fixed and I don't have "x.php" on my site anymore. As such with major public vulnerabilities, it seems script kiddies around are running tools that hitting my site looking for "x.php" in the entire structure of the site - constantly, 24/7. This is wasted bandwidth, traffic and load that I don't really need. Is there a way to trigger a time-based (or permanent) ban to an IP address that tries to access "x.php" anywhere on my site? Perhaps I need a custom 404 PHP page that captures the fact that the request was for "x.php" and then that triggers the ban? How can I do that? Thanks! EDIT: I should add that part of hardening my site, I've started using ZBBlock: This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout. But ZBBlock doesn't do quite exactly what I want to do, it does help with other spam/script/hack blocking.

    Read the article

  • Usual Suspects: Typical 3rd Party Entities in E-Commerce [closed]

    - by zharvey
    I am doing some requirements/analysis for a web app that I'd like to build (Ruby/Java developer here). This web app would have a store front, shopping cart and would need to be totally compliant with all e-com best practices. It's amazing how much non-technical info comes up when you search for phrases like "how does e-commerce work", but very little comes up in the way of technical details. As such, I'm having extreme frustration finding answers to what I consider pretty straight-forward questions. I came here because I believe this question is not off-topic; if it is, please leave a comment as to why this question does not belong here and I will happily remove it myself (upvotes if your comment can point me to the correct place for this question!). So then: What 3rd parties will I need to work with to have a modern, web-compliant e-com site? So far I can account for a payment gateway provider like Authorize.net and an SSL certificate provider like Trustwave. Any others? What other standards besides PCI compliance will I be held to (besides governing laws, of course!)? Vulnerability scans: PCI compliance requires quarterly scans: if I'm a "Level 4" (low volume) Merchant does that still apply to me? Irregardless, my backend architecture is quite huge, with web servers, app servers, database, message brokers and more. Do each of these servers need to be scanned?!? If not what servers do need to get these quarterly scans? I usually hate to ask micro-questions inside of one large one, but these are so closely-related I just felt like asking them all separately would be spamming the site with too many petty questions. Thanks in advance!

    Read the article

  • 64kb limit on the size of MSMQ Multicast Messages

    - by John Breakwell
    When Windows 2003 came out, Microsoft introduced the ability to broadcast messages to any machines that were listening back. All you had to do was send out a message on a particular port and IP address and any client that had set up a Multicast queue with matching port and IP address would get a copy. Since its introduction, there have been a couple of security vulnerabilities that needed to be removed: Microsoft Security Bulletin MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) Microsoft Security Bulletin MS08-036 Vulnerabilities in Pragmatic General Multicast (PGM) could allow denial of service (950762) The second of these, MS08-036, was resolved through an undocumented change in functionality. Basically, a limit of 64kb was put on the maximum size of a message that could be broadcast using the Multicast method. Obviously this has caused a few problems for any existing MSMQ Multicast applications that expected to be able to send larger messages. A hotfix has been developed to resolve this problem. 961605 FIX: Multicast messages larger than 64 kilobytes (KB) are not delivered as expected by using Message Queuing 3.0 after security update MS08-036 is installed A registry change is required: Open the registry with Regedit Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RMCAST\Parameters\ Create a DWord called MaxpacketSize Set the value to the desired number of bytes. You can set it to a value between zero and 4MB. If you specify anything above 4MB, it will default to 64K. A reboot is needed after adding this value.

    Read the article

  • Oracle Linux Partner Pavilion Spotlight III

    - by Ted Davis
    Three days until Oracle OpenWorld 2012 begins. The anticipation and excitement are building. In today's spotlight we are presenting an additional three partners exhibiting in the Oracle Linux Partner Pavilion at Oracle OpenWorld ( Booth #1033). Fujitsu will showcase a Gold tower system representing the one-millionth PRIMERGY server shipped, highlighting Fujitsu’s position as the #4 server vendor worldwide. Fujitsu’s broad range of server platforms is reshaping the data center with virtualization and cloud services, including those based on Oracle Linux and Oracle VM. BeyondTrust, the leader in providing context aware security intelligence, will be showcasing its threat management and policy enablement solutions for addressing IT security risks and simplifying compliance. BeyondTrust will discuss how to reduce security risks, close security gaps and improve visibility across your server and database infrastructure. Please stop by to see live demonstrations of BeyondTrust’s award winning vulnerability management and privilege identity management solutions supported on Oracle Linux. Virtualized infrastructure with Oracle VM and NetApp storage and data management solutions provides an integrated and seamless end user experience. Designed for maximum efficiency to allow for native NetApp deduplication and backup/recovery/cloning of VM’s or templates. Whether you are provisioning one or multiple server pools or dynamically re-provisioning storage for your virtual machines to meet business demands, with Oracle and NetApp, you have one single point-and-click console to rapidly and easily deploy a virtualized agile data infrastructure in minutes. So there you have it!  The third install of our Partner Spolight. Check out Part I and Part II of our Partner Spotlights from previous days if you've missed them. Remember to visit the Oracle Linux team at Oracle OpenWorld.

    Read the article

  • Is this buffer overflow working on Mac OSX? [migrated]

    - by cobie
    Was reading through some text and playing around with attempting to write past the size of an array in C i.e buffer overflow. The text indicates that whenever you attempt to write to say array[5] when the length of the array is 5 then you get a segmentation fault but I dont seem to be getting that When using the code below. The code actually runs. #include <stdio.h> #include <string.h> int main () { int i; int array[5] = {1, 2, 3, 4, 5}; for (i = 0; i <= 255; i++) { array[i] = 10; } int len = sizeof(array) / sizeof(int); printf("%d\n", len); printf("%d\n", array[254]); } On execution of the last statement, a 10 is printed. Am wondering whether this is a vulnerability or if there is something I am missing. I am running the code from iterm2 on a macbook pro.

    Read the article

  • ???:2013?10??PSU???!

    - by ??
    ???:2013?10??PSU???!10?16? Oracle ??????PSU/SPU(CPU)????,????????????:??11.2.0.4 ?????8??????,?????PSU????11.2.0.4???,???????PSU??2014?1???? 12.1.0.1??????PSU(12.1.0.1.1)??GI?PSU;   ?????PUS???EXADATA???-GI?PSU???EXADATA???;  ????????PDB?????,???????????????;  ?12c????,SPU??????????,??????PSU,??????????????;11.2.0.2.12?11.2.0.2?????PSU      ???????????"Patch Set Update and Critical Patch Update October 2013 Availability Document" (Doc ID 1571391.1)?,     ??????:"3.1.4.4 Oracle Database 11.2.0.2", ? 11 ????????;     ?????????Oracle????????????,????????     ??"Release Schedule of Current Database Releases" (Doc ID 742060.1) ???;     ??????PSU????????11.2.0.2?PSU?????,??????????????;11.2.0.2.12 ? 11.1.0.7.17 PSU ??????????????,???????????????.10.2.0.5.13 ?PSU????,??????????????     10.2(.0.5)?????????(Extended Support)???7????,?????10.2.0.5 PSU?????;     ?????????,Oracle????"limited extended support"???,Limited Extended Support ????????????????,     ???????????PSU?????     ???????"limited extended support" ????????????,???????????????????PSU,     ??????????????PSU?,????PSU???,?????oracle License???????????10.2.0.4 ??,??????????PSU???;????PSU???,??????MOS??:Note: 1571655.1 Critical Patch Update October 2013 Database Known IssuesNote:1571653.1 Critical Patch October 2013 Database Patch Security Vulnerability Molecule MappingNote:1571731.1 Oracle Grid Infrastructure Patch Set Update 12.1.0.1.1 Known IssuesNote:1571652.1 Oracle Grid Infrastructure Patch Set Update 11.2.0.3.8 Known IssuesNote:1571651.1 Oracle Database Patch Set Update 12.1.0.1.1 Known IssuesNote:1571650.1 Oracle Database Patch Set Update 11.2.0.3.8 Known IssuesNote:1571649.1 Oracle Database Patch Set Update 11.2.0.2.12 Known IssuesNote:1571647.1 Oracle Database Patch Set Update 11.1.0.7.17 Known IssuesNote:1571645.1 Oracle Database Patch Set Update 10.2.0.5.13 Known IssuesNote:1227443.1 Patch Set Updates Known Issues Notes

    Read the article

  • Delphi and Microsoft ATL security issue

    - by Jens Nordenbro
    My impression is that standard Delphi uses the Win32 API. Recently Microsoft has been communicating a problem regarding ATL that requires application developers to rebuild ATL-using applications after installing an update on their machines. Will this practice be the general case also for Delphi developers, or are they in the clear with the exception of Delphi code using third party ATL COM objects? Sources: Microsoft Security: Protect your computer from the Active Template Library (ATL) security vulnerability MSDN VC++ DevCenter: Active Template Library Security Update for Developers Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution Microsoft Security Bulletin MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260) Microsoft Security Bulletin MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

    Read the article

  • Setting HTTPONLY for CLASSIC ASP Session Cookie - URGENT HELP NEEDED PLEASE!!!

    - by E.Shafii
    Hello all, Does anyone know exactly how to set HTTPONLY on classic ASP session cookies? This is the final thing that's been flagged in a vulnerability scan and needs fixing ASAP, so any help is appreciated. ~~~A LITTLE MORE INFORMATION ON MY PROBLEM~~~ Can anyone please help me with this? I need to know how to set HTTPONLY on the ASPSESSION cookie created by default from ASP & IIS. This is the cookie automatically created by the server for all asp pages. If needed i can set HTTPONLY on all cookie across the site. Any help on how to do this would be massively appreciated. Thanks Thanks Elliott

    Read the article

  • How to allow my Asp.net MVC 3 web app using MathJax to accept user input $x<y>z$ ?

    - by Recycle Bin
    I am developing a mathematics site using Asp.Net MVC 3 + Razor + MathJax. MathJax is a javascript library to render TeX or LaTeX codes on the web browser. And TeX or LaTeX codes represent mathematics contents such as an inline math $y=mx+c$ and a displayed math \[y=mx+c\]. Right now my site can accept input, for example, $x<y$. However it cannot accept $x<y>z$ because the framework regards this input is vulnerable to XSS and XSRF. Shortly speaking, what I should do to accomplish what I want but it does not open security vulnerability.

    Read the article

  • Django - How to do CSFR on public pages? Or, better yet, how should it be used period?

    - by orokusaki
    After reading this: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it I came to the conclusion that it is not valid to use this except for when you trust the person who is using the page which enlists it. Is this correct? I guess I don't really understand when it's safe to use this because of this statement: This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. The reason it's confusing is that to me an "external URL" would be on that isn't part of my domain (ie, I own www.example.com and put a form that posts to www.spamfoo.com. This obviously can't be the case since people wouldn't use Django for generating forms that post to other people's websites, but how could it be true that you can't use CSRF protection on public forms (like a login form)?

    Read the article

  • Dangers of Windows API and Administrator accounts?

    - by Brett Powell
    I wrote a game server plugin last night that allowed me to create a user account and set it as administrator, which is a huge problem. Of course the simple fix is to create a basic user account with limited privileges for the game servers, so they would not have access to do things like this. I wanted to find out if there's anything else in the Windows API that would create such a huge vulnerability though? I guess I want to just make sure that when the client's game servers accounts are moved to limited access accounts, we won't have to worry about any of them using the windows API to sabotage the machines. There is already enough exploits in the game itself to worry about, without having to worry about client's taking over the machines with plugins lol. Some of the questions relative would be... Can you disable/enable Remote Desktop from c++? Can you get a list of AD user groups from c++? (not that a user belongs to, but a complete list)

    Read the article

  • Replay attacks for HTTPS requests

    - by MatthewMartin
    Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

    Read the article

  • Reported error code considered SQL Injection?

    - by inquam
    SQL injection that actually runs a SQL command is one thing. But injecting data that doesn't actually run a harmful query but that might tell you something valuable about the database, is that considered SQL injection? Or is it just used as part to construct a valid SQL injection? An example could be set rs = conn.execute("select headline from pressReleases where categoryID = " & cdbl(request("id")) ) Passing this a string that could not be turned into a numeric value would cause Microsoft VBScript runtime error '800a000d' Type mismatch: 'cdbl' which would tell you that the column in question only accepts numeric data and is thus probably of type integer or similar. I seem to find this in a lot of pages discussing SQL injection, but don't really get an answer if this in itself is considered SQL injection. The reason for my question is that I have a scanning tool that report a SQL injection vulnerability and reports a VBScript runtime error '800a000d' as the reason for the finding.

    Read the article

  • Twitter xAuth vs open source

    - by Yorirou
    Hi I am developing an open source desktop twitter client. I would like to take advantage on the new xAuth authentication method, however my app is open source which means that if I put the keys directly into the source file, it may be a vulnerability (am I correct? The twitter support guy told me). On the other hand, putting the key directly into a binary also doesn't make sense. I am writing my application in python, so if I just supply the pyc files, it is one more seconds to get the keys, thanks to the excellent reflection capatibilities of Python. If I create a small .so file with the keys, it is also trivial to obtain the key by looking at the raw binary (keys has fixed length and character set). What is your opinion? Is it really a secutiry hole to expose the API keys?

    Read the article

  • Historical security flaws of popular PHP CMS's?

    - by VirtuosiMedia
    I'm creating a PHP CMS, one that I hope will be used by the public. Security is a major concern and I'd like to learn from some of the popular PHP CMS's like Wordpress, Joomla, Drupal, etc. What are some security flaws or vulnerabilities that they have they had in the past that I can avoid in my application and what strategies can I use to avoid them? What are other issues that I need to be concerned with that they perhaps didn't face as a vulnerability because they handled it correctly from the start? What additional security features or measures would you include? Please be as specific as possible. I'm generally aware of most of the usual attack vectors, but I want to make sure that all the bases are covered, so don't be afraid to mention the obvious as well. Assume PHP 5.2+.

    Read the article

  • Do I need to sanitize the callback parameter from a JSONP call?

    - by christian studer
    I would like to offer a webservice via JSONP and was wondering, if I need to sanitize the value from the callback parameter. My current server side script looks like this currently (More or less. Code is in PHP, but could be anything really.): header("Content-type: application/javascript"); echo $_GET['callback'] . '(' . json_encode($data) . ')'; This is a classic XSS-vulnerability. If I need to sanitize it, then how? I was unable to find enough information about what might be allowed callback strings.

    Read the article

  • Does it make sense to study COBOL?

    - by Alon
    I have had a talk with a friend of mine about the relative vulnerability of different types of IT workers to unexpected unemployment (e.g. layoffs, company going out of business, obsolete skills etc.) as it seems COBOL developers (or maintainers?) seems very secure in their positions, regardless of the state if the economy or even how good they are. With so much critical COBOL code being around on the one side and the deminishing number of COBOL know-hows on the other , it actually makes sense to recommend someone starting their way in the IT world and looking for a relativity secure job to study and intern in COBOL! what do you think ?

    Read the article

  • Is there any injection vunerability in the body of an email?

    - by Brett
    Hey guys..... AFAIK there is only a vulnerability within the HEADERS of an email when using user data correct? I am using the below function to sanitize my data, however I have some textarea fields on the page & hence these may contain linebreaks.. so was wondering if that user data is only going to be put in the body of the email, can it not bother with being sanitized - apart from stripping html of course? Here is the function: function is_injected($str) { $injections = array('(\n+)', '(\r+)', '(\t+)', '(%0A+)', '(%0D+)', '(%08+)', '(%09+)' ); $inject = join('|', $injections); $inject = "/$inject/i"; if (preg_match($inject,$str)) { return true; } else { return false; } } As a side note, surprised there wasn't currently a tag for mail-injection / email-injection. Thanks!

    Read the article

  • (Secure) alternative to TLS / SSLv3 ?

    - by CSkau
    Toying with an idea for a F2F networked application I've just been reading up on secure communication. I quickly settled with the idea of using TLS / SSL as the basis for any communication since it employs Public Key encryption at the protocol level and thus is perfect for my needs. However I was surprised to read (on wikipedia) that the newest version of TLS, SSLv3 uses a mix of MD5 and SHA-1 "because if any vulnerability was found in one of these algorithms the other would prevent it from compromising SSLv3". However, as I take it, lately both have been found flawed ! So my questions are thus: Does this not mean that SSLv3 is basically flawed, or am I not reading close enough ? And if so does a "secure" alternative to SSLv3 exist ?

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15  | Next Page >