Search Results

Search found 544 results on 22 pages for 'attacks'.

Page 15/22 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >

extracting secrets from an embedded chip

- by Will

I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out - all access to this flash is policed by program code. All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-on-a-chip. How might an attacker recover the secrets in that Flash? I understand they can fuzz for vulnerabilities in the app code and exploit it, that there could be some indistinct general side channel attack or something. But how would an attacker really go about trying to recover those keys? Are there viable approaches for a determined attacker to somehow shave-down the chip or some kind of microscope attack?

Read the article
Is using GET with a tokenID for security a good idea?

- by acidzombie24

I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

Read the article
Important Security Issue: Is it possible to put binary image data into html markup code and then get

- by Joern Akkermann

Hi, it's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility? Yours, Joern.

Read the article
How can I monitor if a cookie is being sent to a domain other than the one it originated from?

- by Brendan Salt

I am trying to write a program that will verify that all cookies sent out from the machine are in fact going to the domain they came from. This is part of a larger security project to detect cookie based malicious attacks (such as XSS). The main snag for this project is actually detecting the out-going cookies. Can someone point me in the right direction for monitoring out-going HTTP traffic for cookie information? Other information about the project: This is a windows application written in C and numerous scripting languages. Thanks so much for the help.

Read the article
Is it possible to put binary image data into html markup and then get the image displayed as usual i

- by Joern Akkermann

It's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules whenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone else's uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the HTML markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your Apache user and group directly in the HTML. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility?

Read the article
What does 'salt' refer to in string-to-key (s2k) specifier?

- by WilliamKF

What does 'salt' refer to in string-to-key (s2k) specifier? It appears to be a random number generator to shake things up, but I would like to know what 'salt' stands for? For example it is written: 3.6.1.2. Salted S2K This includes a "salt" value in the S2K specifier -- some arbitrary data -- that gets hashed along with the passphrase string, to help prevent dictionary attacks. Octet 0: 0x01 Octet 1: hash algorithm Octets 2-9: 8-octet salt value Salted S2K is exactly like Simple S2K, except that the input to the hash function(s) consists of the 8 octets of salt from the S2K specifier, followed by the passphrase. But salt is not defined, although its meaning seems clear.

Read the article
Encrypt text using a number

- by Adam Matan

Project Euler I have recently begun to solve some of the Project Euler riddles. I found the discussion forum in the site a bit frustrating (most of the discussions are closed and poorly-threaded), So I have decided to publish my Python solutions on launchpad for discussion. The problem is that it seems quite unethical to publish these solutions, as it would let other people gain reputation without doing the programming work, which the site deeply discourages. My Encryption problem I want to encrypt my answers so that only those who have already solved the riddles can see my code. The logical key would be the answer to the riddle, which is always numeric. In order to prevent brute-force attacks on my answers, I want to find an encryption algorithm that takes a significantly long time (few seconds) to run. Do you know any such algorithm? I would fancy a Python package, which I can attach to the code, over an external program that might have portability issues. Thanks, Adam

Read the article
Is it inmoral to put a captcha on a login form?

- by azkotoki

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The inmediate reaction of other coworkers was a request to remove it, saying that it was innapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see innapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

Read the article
What are the internal limits to WCF

- by ligos

WCF has lots of limits imposed on it to protect against DoS attacks and other developer brainlessness. What are these limits? And how can they be overriden? Specifically, if I was to try to send a large number of messages in a short period of time to a variety of different clients, what are the internal WCF limits they may cause messages to be sent slowly. PS: this question is a much shorter version of my previous question that did not get much attention. EDIT I have answered the original question. The issue being my async calls were being turned into synchronous ones.

Read the article
What is the sense of permiting the user to use no passwords longer than xx chars?

- by reox

Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

Read the article
Hash Digest / Array Comparison in C#

- by Erik Karulf

Hi All, I'm writing an application that needs to verify HMAC-SHA256 checksums. The code I currently have looks something like this: static bool VerifyIntegrity(string secret, string checksum, string data) { // Verify HMAC-SHA256 Checksum byte[] key = System.Text.Encoding.UTF8.GetBytes(secret); byte[] value = System.Text.Encoding.UTF8.GetBytes(data); byte[] checksum_bytes = System.Text.Encoding.UTF8.GetBytes(checksum); using (var hmac = new HMACSHA256(key)) { byte[] expected_bytes = hmac.ComputeHash(value); return checksum_bytes.SequenceEqual(expected_bytes); } } I know that this is susceptible to timing attacks. Is there a message digest comparison function in the standard library? I realize I could write my own time hardened comparison method, but I have to believe that this is already implemented elsewhere.

Read the article
Is php fileinfo sufficient to prevent upload of malicious files?

- by Scarface

Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

Read the article
performance of parameterized queries for different db's

- by tuinstoel

A lot of people know that it is important to use parameterized queries to prevent sql injection attacks. Parameterized queries are also much faster in sqlite and oracle when doing online transaction processing because the query optimizer doesn't have to reparse every parameterized sql statement before executing. I've seen sqlite becoming 3 times faster when you use parameterized queries, oracle can become 10 times faster when you use parameterized queries in some extreme cases with a lot of concurrency. How about other db's like mysql, ms sql, db2 and postgresql? Is there an equal difference in performance between parameterized queries and literal queries?

Read the article
How Do I Search Between a Date Rang Using the ActiveRecord Model?

- by Russ Bradberry

I am new to both Ruby and ActiveRecord. I currently have a need to modify and existing piece of code to add a date range in the select. The current piece goes like this: ReportsThirdparty.find(:all, :conditions => {:site_id=>site_id, :campaign_id=>campaign_id, :size_id=>size_id}) Now, I need to add a range, but I am not sure how to do the BETWEEN or >= or <= operators. I guess what I need is something similar to: ReportsThirdparty.find(:all, :conditions => {:site_id=>site_id, :campaign_id=>campaign_id, :size_id=>size_id, :row_date=>"BETWEEN #{start_date} AND #{end_date}") Even if this did work, I know that using interpolation here would leave me subject to SQL injection attacks.

Read the article
Ideas for building vulnerabilities into your site?

- by Jaco Pretorius

I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks. The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc. Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge. This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC because it allows me to work with the 'raw' HTML. Any ideas on the different vulnerabilities I can use?

Read the article
Is it okay to truncate a SHA256 hash to 128 bits?

- by Sunny Hirai

MD5 and SHA-1 hashes have weaknesses against collision attacks. SHA256 does not but it outputs 256 bits. Can I safely take the first or last 128 bits and use that as the hash? I know it will be weaker (because it has less bits) but otherwise will it work? Basically I want to use this to uniquely identify files in a file system that might one day contain a trillion files. I'm aware of the birthday problem and a 128 bit hash should yield about a 1 in a trillion chance on a trillion files that there would be two different files with the same hash. I can live with those odds. What I can't live with is if somebody could easily, deliberately, insert a new file with the same hash and the same beginning characters of the file. I believe in MD5 and SHA1 this is possible.

Read the article
Is it a bad idea to have a login dialog inside an iframe?

- by AyKarsi

We're creating a website where we will be giving out code snippets to our users which they can place on their own websites. These snippets contain a link a javascript include. When clicking the link, an iframe containing the login dialog to our site opens. The user then authenticates inside the iframe, does his work and when he leaves the iframe his session is closed. We've got it working allready and it's very slick. Our main concern though is phishing. The user has absolutely now way of veryifying where the login page is really coming from. On the other hand, phising attacks are also succesfull even if the user can see the fake-url in the address bar. Would you enter your (OpenId) credentials in an iframe? Does anyone know a pattern with which we could minimise the chances of a phishing attack?

Read the article
Aes key length significance/implications

- by cppdev

Hi, I am using a AES algorithm in my application for encrypting plain text. I am trying to use a key which is a six digit number. But as per the AES spec, the key should be minimum sixteen bytes in length. I am planning to append leading zeros to my six digit number to make it a 16 byte and then use this as a key. Would it have any security implications ? I mean will it make my ciphertext more prone to attacks. Please help.

Read the article
Finding if a path between 2 sides of a game board exists

- by Meny

Hi, i'm currently working on a game as an assignment for school in java. the game cuurently is designed for Console. the game is for 2 players, one attacking from north to south, and the other from west to east. the purpose of the game is to build a "bridge"/"path" between the 2 of your sides before your opponent does. for example: A B C D E F 1 _ _ X _ _ _ 1 2 O X X _ _ _ 2 3 O X O O O O 3 4 O X O _ _ _ 4 5 X X _ _ _ _ 5 6 X O _ _ _ _ 6 A B C D E F player that attacks from north to south won (path/bridge from C to A) my problem is, what algorithm would be good to check if the user have managed to create a path (will be checked at the end of each turn). you're help would be very appreciated.

Read the article
Html encoding in MVC input

- by fearofawhackplanet

I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

Read the article
How to build a SQL statement when any combination of user input to the table is possible?

- by Greg McNulty

Example: the user fills in everything but the product name. I need to search on what is supplied, so in this case everything but productName= This example could be for any combination of input. Is there a way to do this? Thanks. $name = $_POST['n']; $cat = $_POST['c']; $price = $_POST['p']; if( !($name) ) { $name = some character to select all? } $sql = "SELECT * FROM products WHERE productCategory='$cat' and productName='$name' and productPrice='$price' "; EDIT Solution does not have to protect from attacks. Specifically looking at the dynamic part of it.

Read the article
Is it immoral to put a captcha on a login form?

- by azkotoki

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

Read the article
Images with unknown content: Dangerous for a browser?

- by chris_l

Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

Read the article
What is the Sql Server equivalent for Oracle's DBMS_ASSERT?

- by dotNetYum

DBMS_ASSERT is one of the keys to prevent SQL injection attacks in Oracle. I tried a cursory search...is there any SQL Server 2005/2008 equivalent for this functionality? I am looking for a specific implementation that has a counterpart of all the respective Oracle package members of DBMS_ASSERT. NOOP SIMPLE_SQL_NAME QUALIFIED_SQL_NAME SCHEMA_NAME I know the best-practices of preventing injection...bind variables...being one of them. But,in this question I am specifically looking for a good way to sanitize input...in scenarios where bind-variables were not used. Do you have any specific implemetations? Is there a library that actually is a SQL Server Port of the Oracle package?

Read the article
For securing forms, when do I issue the token?

- by AQuestionADayKeepsTheDrAway

So, I have a form, to make it a little more secure and potentially help prevent CSRF attacks I want to add a random token value in a hidden field that value is also stored server side in my session data. When should I issue a new token? Per form? Per page load where there is any form? Per session? I can render it invalid as soon as a form is successfully submitted but I'm wondering when to generate one. I ask as if I issue it per form or per page do I not risk the chance of a duplicate token value overwriting the existing (valid) token if a user opens a separate window but submitting the first form (with the now overwritten value)?

Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >