Search Results

Search found 1652 results on 67 pages for 'anti hacking'.

Page 14/67 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Rainbow Tables: How to improve upon them??

    - by CVS-2600Hertz-wordpress-com
    I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

    Read the article

  • How to change socket bind port of program? without source code.

    - by hunmr
    Hello everyone, PROBLEM: I have a program dummy.exe on windows. this program will bind to UDP port 5060, after started. but another program also want to bind port 5060. WHAT I HAVE DONE: using windbg to start dummy.exe, and set breakpoint on ws2_32!bind when the breakpoint hit, i changed the parameter (port value) with command ew this dummy.exe will bind to the new port, and worked well. QUESTION: How can i do that easily? write a simple windows debugger? Maybe i can hacking or modify the dummy.exe file, but how to do that? what's your way to achieve this? thanks

    Read the article

  • Is this an acceptable UI design decision?

    - by DVK
    OK, while I'm on record as stating that StackExchange UI is pretty much one of the best websites and overall GUIs that I have ever seen as far as usability goes, there's one particular aspect of the trilogy that bugs me. For an example, head on to http://meta.stackoverflow.com . Look at the banner on top (the one that says "reminder -- it's April Fool's Day depending on your time zone!"). Personally, I feel that this is a "make the user do the figuring out work" anti-pattern (whatever it's officially called) - namely, instead of making your app smart enough to only present a certain mode of operations in the conditions when that mode is appropriate, you simply turn on the mode full on and put an explanation to the user of why the mode is on when it should not be (in this particular example, the mode is of course displaying the unicorn gravatars starting with 00:00 in the first timezone, despite the fact that some users still live in March 31st). The Great Recalc was also handled the same way - instead of proactively telling the user "your rep was changed from X to Y" the same nearly invisible banner was displayed on meta. So, the questions are: Is there such an official anti-pattern, and if so,m what the heck do i call it? Do you have any other well-known examples of such design anti-pattern? How would you fix either the SO example I made or you your own example? Is there a pattern of fixing or must it be a case-by-case solution?

    Read the article

  • Virus - Isn' t there any online solution ?

    - by Sarang
    In our daily life, we come across various Viruses. In this internet world, we do have lots of type of viruses come to visit us ! A programmer can create a Virus using programming & it can be put on internet. It flows across the world & harm all the system. Don't do we have a same way to run an Anti-virus that flows across the internet & can protect the network from being affected by Viruses ? Please give any Idea...

    Read the article

  • firefox aliased/jagged fonts in xfce

    - by hasen j
    I've been using linux mint 7 for a couple of weeks now and I'm pretty happy with it, but I wanted to try out other desktops, e.g. KDE/Xfce I'm not sure if it's KDE's fault of Xfce's, but firefox's font rendering sucks now, it renders jagged/aliased fonts. I'm using xfce right now, My Xfce settings Manager > appearance > fonts settings roughly look like this: Default Font: Sans | 9 Rendring : [x] Enable anti-aliasing Hinting: None Sub-pixel Order: None But it's as if firefox ignores these settings!

    Read the article

  • how to report a malicious site (http://newss.gr) to google, microsoft and mozilla so that they will prompt

    - by Jayapal Chandran
    Hi, I completed a project an year ago. Now a few modification were needed. While i try to test there was an index.html with a malicious script which had an iframe to this site's jar file. and kaspersky anti virus blocked it. So i browsed the ftp to find the file and i deleted it. and also disabled directory listing. May be the ftp details of the site owner would have been hacked. I want to report this site to google, msn and mozilla and other antivirus programs. How to do that. any idea? I hope kaspersky would have updated it in their database but still i want to explicitly inform it about this. here is the popup kaspersky showed.

    Read the article

  • My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

    - by Cyril Gupta
    I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

    Read the article

  • Is this normal or does my AVG anitivirus have a virus? [closed]

    - by user390480
    Possible Duplicate: Computer is infected by a virus or a malware, what do I do now? [Note: This is not a duplicate and should not be closed as a duplicate as this is nothing like the other question. I am not asking if I have a virus, nor am I asking "what do I do now". I know that I have a virus and I know what to do. However, I am asking if these are normal AVG ads or if it has been taken over.] My Windows XP PC started acting strange and I am right now actually in Linux running off of a USB drive. I am running Avast under Linux and it has discovered some viruses on my XP drive. Some of the strange things happening in XP were: I could not get to Google.com My Hosts file was set to hidden and read only My Hosts file had an entry of ::1 And AVG had ads in it I've never seen before. Maybe it is normal but I Binged for AVG anti-virus and become.com but found no information. (The red lines and question mark are by me) Any thoughts?

    Read the article

  • Am I safe on Windows if I continue like this?

    - by max
    Of all the available tons of anti-malware software for Windows all over the internet, I've never used any paid solution(I am a student, I have no money). Since the last 10 years, my computers running Windows have never been hacked/compromised or infected so badly that I had to reformat them(of course I did reformat them for other reasons). The only program I have for security is Avast Home Edition, which is free, installed on my computers. It has never caused any problems; always detected malware, updated automatically, has an option to sandbox programs and everything else I need. Even if I got infected, I just did a boot-time scan with it, downloaded and ran Malwarebytes, scanned Autoruns logs, checked running processes with Process Explorer and did some other things and made sure I cleaned my computer. I am quite experienced and I've always taken basic precautions like not clicking suspicious executables, not going to sites which are suspicious according to WOT, and all that blah. But recently I've been doing more and more online transactions and since its 2012 now, I'm doubtful whether I need more security or not. Have I been just lucky, or do my computing habits obviate the need to use any more(or paid) security software?

    Read the article

  • Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés

    Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés Mise à jour du 11.03.2011 par Katleen Pour sa deuxième journée, le Pwn2Own a encore fait quelques victimes, mais en a aussi épargné certains. Les victimes potentielles de la journée étaient les systèmes d'exploitation mobile mais aussi Firefox (3.6), le navigateur qui n'avait pas été malmené hier. Seulement, Sam Dash, qui devait lui régler son compte, ne s'est pas présenté au concours. "Je ne peux pas écrire une code d'exploitation viable" pour ce challenge, s'est-il justifié. En revanche, l'iPhone 4 et le BlackBerry Torch sont tombés. Pour le s...

    Read the article

  • FairSearch : Nokia et Oracle rejoignent la coalition anti-Google, qui porte sa lutte contre l'abus de position dominante aux mobiles

    FairSearch : Nokia et Oracle rejoignent la coalition anti-Google Qui l'accuse d'abus de position dominante FairSearch, l'organisation vouée d'après ses membres à défendre la concurrence sur internet, compte désormais dans ses rangs le fabricant de téléphones mobiles Nokia, l'éditeur de solutions d'entreprise Oracle et le site d'enchères en ligne Allegro. [IMG]http://idelways.developpez.com/news/images/google-problem.jpg[/IMG] En alliance avec d'autres entreprises, dont Microsoft, ces membres accusent Google d'abus de position dominante et portent leur combat sur le terrain du mobile avec l...

    Read the article

  • Le W3C publie la proposition du standard "Do Not Track", et pose les fondements de la protection anti-traçage publicitaire

    Le W3C publie la proposition du standard "Do Not Track" Et pose dans deux brouillons les fondements de la protection anti-traçage publicitaire Mise à jour du 15 novembre 2011 par Idelways Les premiers objectifs sont atteints par le groupe de travail « Tracking Protection » du W3C, dédié à la standardisation d'une solution de protection antitraçage publicitaire. Créé à l'initiative « Do Not Track » de Microsoft et Mozilla, le groupe du consortium mondial vient de publier deux brouillons de spécifications que les éditeurs de navigateurs et créateurs de sites devront implémenter à terme pour rendre l'utili...

    Read the article

  • Creating a Anti-Virus softwre for URL Checking in my Website and also checking the data in the URL...

    - by Rezu
    If we give the anti-virus a URL it should be able to scan it and give us a report, Else, it should be able to scan the folder that we put all the links into... i.e. if we download the entire content of the webpage from the 10 Child links... and 1 parent webpage... and put them into a folder, the anti-virus solution should be able to scan all the 10 CHild and 1 Parent data.. and give us a report, Else, the anti-virus solution should be able to scan any incoming virus in any file or entity that is coming into our server and generate the report for that file, Please help me thanks in advance...

    Read the article

  • How to hack Drupal

    - by Ryan Nelson
    Does anyone know how to hack into a Drupal site? This is for ethical purposes, just a contest with me and my friend to see who can hack each other the most. He's got a Drupal site I need to get past. Anyone know how? Anything is useful (Gaining admin access, modifying stuff, etc.) Thanks!

    Read the article

  • php security holes POCs

    - by Flavius
    Hi Please provide examples for all of these: XSS, CSRF, SQL injection with both the source code and the attack steps for each. Other attack vectors are welcome. The most complete answer gets a accepted. The configuration is a fairly standard one, as of PHP 5.3.2, core settings: allow_call_time_pass_reference => Off => Off allow_url_fopen => On => On allow_url_include => Off => Off always_populate_raw_post_data => Off => Off arg_separator.input => & => & arg_separator.output => & => & asp_tags => Off => Off auto_append_file => no value => no value auto_globals_jit => On => On auto_prepend_file => no value => no value browscap => no value => no value default_charset => no value => no value default_mimetype => text/html => text/html define_syslog_variables => Off => Off disable_classes => no value => no value disable_functions => no value => no value display_errors => STDOUT => STDOUT display_startup_errors => On => On doc_root => no value => no value docref_ext => no value => no value docref_root => no value => no value enable_dl => Off => Off error_append_string => no value => no value error_log => syslog => syslog error_prepend_string => no value => no value error_reporting => 32767 => 32767 exit_on_timeout => Off => Off expose_php => On => On extension_dir => /usr/lib/php/modules/ => /usr/lib/php/modules/ file_uploads => On => On highlight.bg => <font style="color: #FFFFFF">#FFFFFF</font> => <font style="color: #FFFFFF">#FFFFFF</font> highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font> highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font> highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font> highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font> highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font> html_errors => Off => Off ignore_repeated_errors => Off => Off ignore_repeated_source => Off => Off ignore_user_abort => Off => Off implicit_flush => On => On include_path => .:/usr/share/pear => .:/usr/share/pear log_errors => On => On log_errors_max_len => 1024 => 1024 magic_quotes_gpc => Off => Off magic_quotes_runtime => Off => Off magic_quotes_sybase => Off => Off mail.add_x_header => On => On mail.force_extra_parameters => no value => no value mail.log => no value => no value max_execution_time => 0 => 0 max_file_uploads => 20 => 20 max_input_nesting_level => 64 => 64 max_input_time => -1 => -1 memory_limit => 128M => 128M open_basedir => no value => no value output_buffering => 0 => 0 output_handler => no value => no value post_max_size => 8M => 8M precision => 14 => 14 realpath_cache_size => 16K => 16K realpath_cache_ttl => 120 => 120 register_argc_argv => On => On register_globals => Off => Off register_long_arrays => Off => Off report_memleaks => On => On report_zend_debug => Off => Off request_order => GP => GP safe_mode => Off => Off safe_mode_exec_dir => no value => no value safe_mode_gid => Off => Off safe_mode_include_dir => no value => no value sendmail_from => no value => no value sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i serialize_precision => 100 => 100 short_open_tag => Off => Off SMTP => localhost => localhost smtp_port => 25 => 25 sql.safe_mode => Off => Off track_errors => Off => Off unserialize_callback_func => no value => no value upload_max_filesize => 2M => 2M upload_tmp_dir => no value => no value user_dir => no value => no value user_ini.cache_ttl => 300 => 300 user_ini.filename => .user.ini => .user.ini variables_order => GPCS => GPCS xmlrpc_error_number => 0 => 0 xmlrpc_errors => Off => Off y2k_compliance => On => On zend.enable_gc => On => On

    Read the article

  • Hooking DirectX EndScene from an injected DLL

    - by Etan
    I want to detour EndScene from an arbitrary DirectX 9 application to create a small overlay. As an example, you could take the frame counter overlay of FRAPS, which is shown in games when activated. I know the following methods to do this: Creating a new d3d9.dll, which is then copied to the games path. Since the current folder is searched first, before going to system32 etc., my modified DLL gets loaded, executing my additional code. Downside: You have to put it there before you start the game. Same as the first method, but replacing the DLL in system32 directly. Downside: You cannot add game specific code. You cannot exclude applications where you don't want your DLL to be loaded. Getting the EndScene offset directly from the DLL using tools like IDA Pro 4.9 Free. Since the DLL gets loaded as is, you can just add this offset to the DLL starting address, when it is mapped to the game, to get the actual offset, and then hook it. Downside: The offset is not the same on every system. Hooking Direct3DCreate9 to get the D3D9, then hooking D3D9-CreateDevice to get the device pointer, and then hooking Device-EndScene through the virtual table. Downside: The DLL cannot be injected, when the process is already running. You have to start the process with the CREATE_SUSPENDED flag to hook the initial Direct3DCreate9. Creating a new Device in a new window, as soon as the DLL gets injected. Then, getting the EndScene offset from this device and hooking it, resulting in a hook for the device which is used by the game. Downside: as of some information I have read, creating a second device may interfere with the existing device, and it may bug with windowed vs. fullscreen mode etc. Same as the third method. However, you'll do a pattern scan to get EndScene. Downside: doesn't look that reliable. How can I hook EndScene from an injected DLL, which may be loaded when the game is already running, without having to deal with different d3d9.dll's on other systems, and with a method which is reliable? How does FRAPS for example perform it's DirectX hooks? The DLL should not apply to all games, just to specific processes where I inject it via CreateRemoteThread.

    Read the article

  • how to exploit vulnerability in php

    - by Dr Deo
    i have never seen a buffer overflow exploit in live action. supporse I have found a server that seems to have vulnerabilities. Where can i get proof of the concept code preferably in c/c++ to exploit the vulnerability? eg i found this vulnerability Multiple directory traversal vulnerabilities in functions such as 'posix_access()', 'chdir()', 'ftok()' may allow a remote attacker to bypass 'safe_mode' restrictions. (CVE-2008-2665 and CVE-2008-2666). How can i get proof of concept code for educational purposes PS I am a student and my only desire is to learn

    Read the article

  • Error after installing Classified Ad Module on Drupal 7

    - by Ams
    Hello, i just installed Classified Ad but after the installation i get this error: Notice: Undefined index: type in ed_classified_form_alter() (line 218 of /home3/amineamm/public_html/chrini/sites/all/modules/ed_classified/ed_classified.module). When i look up at the php code i can't figure out how to correct it. Here is my code: function ed_classified_form_alter(&$form, $form_state, $form_id) { module_load_include('inc', 'ed_classified', 'ed_classified_utils'); if ($form['type']['#value'] == EDI_CLASSIFIED_MODULE_NAME) { if ($form_id == 'ed_classified_node_form' && $form['attachments'] && _ed_classified_variable_get('alter_attachment_text', EDI_CLASSIFIED_VAR_DEF_ALTER_ATTACHMENT_TEXT) ) { // Don't allow the attachments block to be collapsed. $form['attachments']['#collapsed']=FALSE; $form['attachments']['#collapsible']=FALSE; // Enhance the help for classified ads. // NOTE: this is appropriate for the upload_image module enhancements only! $form['attachments']['#title']=t('Photo Attachments'); $form['attachments']['#description']= _ed_classified_variable_get('alter_attachment_text_description', t(EDI_CLASSIFIED_VAR_DEF_ALTER_ATTACHMENT_TEXT_DESCRIPTION)); } } } Any suggestion ?

    Read the article

  • php security holes Proof-Of-Concept [closed]

    - by Flavius
    Hi Could you show me a Proof-Of-Concept for all of these: XSS, CSRF, SQL injection with both the source code and the attack steps for each? Other attack vectors are welcome. The most complete answer gets accepted. The configuration is a fairly standard one, as of PHP 5.3.2, core settings: allow_call_time_pass_reference => Off => Off allow_url_fopen => On => On allow_url_include => Off => Off always_populate_raw_post_data => Off => Off arg_separator.input => & => & arg_separator.output => & => & asp_tags => Off => Off auto_append_file => no value => no value auto_globals_jit => On => On auto_prepend_file => no value => no value browscap => no value => no value default_charset => no value => no value default_mimetype => text/html => text/html define_syslog_variables => Off => Off disable_classes => no value => no value disable_functions => no value => no value display_errors => STDOUT => STDOUT display_startup_errors => On => On doc_root => no value => no value docref_ext => no value => no value docref_root => no value => no value enable_dl => Off => Off error_append_string => no value => no value error_log => syslog => syslog error_prepend_string => no value => no value error_reporting => 32767 => 32767 exit_on_timeout => Off => Off expose_php => On => On extension_dir => /usr/lib/php/modules/ => /usr/lib/php/modules/ file_uploads => On => On html_errors => Off => Off ignore_repeated_errors => Off => Off ignore_repeated_source => Off => Off ignore_user_abort => Off => Off implicit_flush => On => On include_path => .:/usr/share/pear => .:/usr/share/pear log_errors => On => On log_errors_max_len => 1024 => 1024 magic_quotes_gpc => Off => Off magic_quotes_runtime => Off => Off magic_quotes_sybase => Off => Off mail.add_x_header => On => On mail.force_extra_parameters => no value => no value mail.log => no value => no value max_execution_time => 0 => 0 max_file_uploads => 20 => 20 max_input_nesting_level => 64 => 64 max_input_time => -1 => -1 memory_limit => 128M => 128M open_basedir => no value => no value output_buffering => 0 => 0 output_handler => no value => no value post_max_size => 8M => 8M precision => 14 => 14 realpath_cache_size => 16K => 16K realpath_cache_ttl => 120 => 120 register_argc_argv => On => On register_globals => Off => Off register_long_arrays => Off => Off report_memleaks => On => On report_zend_debug => Off => Off request_order => GP => GP safe_mode => Off => Off safe_mode_exec_dir => no value => no value safe_mode_gid => Off => Off safe_mode_include_dir => no value => no value sendmail_from => no value => no value sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i serialize_precision => 100 => 100 short_open_tag => Off => Off SMTP => localhost => localhost smtp_port => 25 => 25 sql.safe_mode => Off => Off track_errors => Off => Off unserialize_callback_func => no value => no value upload_max_filesize => 2M => 2M upload_tmp_dir => no value => no value user_dir => no value => no value user_ini.cache_ttl => 300 => 300 user_ini.filename => .user.ini => .user.ini variables_order => GPCS => GPCS xmlrpc_error_number => 0 => 0 xmlrpc_errors => Off => Off y2k_compliance => On => On zend.enable_gc => On => On

    Read the article

  • Black hat knowledge for white hat programmers

    - by Dinah
    There's always skepticism from non-programmers when honest developers learn the techniques of black hat hackers. Obviously though, we need to learn many of their tricks so we can keep our own security up to par. To what extent do you think an honest programmer needs to know the methods of malicious programmers?

    Read the article

  • can some hacker steal the cookie from a user and login with that name on the web site ?

    - by Aristos
    Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator. Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ? Or do you know any other automatic defense mechanism ? Thank you in advanced.

    Read the article

  • What are the attack vectors for passwords sent over http?

    - by KevinM
    I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right? Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong. Are there other vectors to be worried about outside of someone listening with a packet analyzer? I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >