Search Results

Search found 71 results on 3 pages for 'hijack'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/3 | < Previous Page | 1 2 3  | Next Page >

  • In a SSL web application, what would be the vulnerabilities of using session based authentication?

    - by Thomas C. G. de Vilhena
    I'm not sure the term even exists, so let me explain what I mean by "session based authentication" through some pseudo-code: void PerformLogin(string userName, string password) { if(AreValidCredentials(userName, password)) { Session.Set("IsAuthenticated", true); } else { Message.Show("Invalid credentials!"); } } So the above method simply verifies the provided credentials are valid and then sets a session flag to indicate that the session user is authenticated. Under plain HTTP that is obviously unsafe, because anyone could hijack the session cookie/querystring and breach security. However, under HTTPS the session cookie/querystring is protected because client-server communication is encrypted, so I believe this authentication approach would be safe, wouldn't it? I'm asking this because I want to know how authentication tickets can improve web applications security. Thanks in advance!

    Read the article

  • Is there any good reason I would want my website to be framed?

    - by minitech
    I'm building a website that's not security-critical in any way at all, so having somebody put a page in an <iframe> is not particularly dangerous to its users. However, as my website doesn't have script plugins that will be used anywhere else, is there any reason why I shouldn't just apply: X-Frame-Options: Deny to every page on my website? Is there any valid reason for any other website to embed mine? I've seen plenty of content-stealing ones and attempts to hijack user accounts, but never an actual good usage of frames that's not an explicit feature of the website.

    Read the article

  • Dual-boot question involving separate HD and windows 8

    - by user286976
    I use an external HD with Ubuntu+GRUB on it. This allows me to effectively "hijack" most systems. Basically it's a permanent LiveUSB - my own system wherever I go. I use it for recovery mainly when Windows systems muck up, and for portability (as I can have my system on the go, without effecting the pc I'm borrowing, much like a LiveCD). I'm about to update to Windows 8 now [on a new, different computer]. Is there any special measure I should take to do this? I've seen a similar post here, but the OP had both harddrives plugged in simultaneously - that's not exactly my setup. Thank you :) EDIT: added for clarification that this is for a totally new computer.

    Read the article

  • Creating Bitmaps from ARGB strings (in actionscript-3)???

    - by ashenwraith
    Hi, in actionscript 3, what's the fastest way to dump your data (not from a file) into a bitmap for display? I have it working with setPixels and colored rects but that's way too slow/inefficient. Is there a way to load in the raw bytes or hijack the loader class to put in custom loader data? What would be the best/fastest--should I start writing a byte encoder?

    Read the article

  • I removed my-freeze.com NetAssistant, but now can't access two websites

    - by Firefly
    I used "Revo Uninstaller" to uninstall the spyware which left me with a problem using Internet Explorer so then downloaded the free version of "Hijack This" from the website and, not reading the Super User answer correctly, used fix for the general issues it found and saved the log file of the other queries. NetAssistant is completely gone or appears to have - Malwarebytes Malware remover cannot find anything and most Google searches now seem to work correctly. However in removing it I seem to have made an error and now whenever I search for and try to open or try to directly access two sites which I had tried to access via NetAssistant whilst infected IE8 says they cannot be displayed. One of them is Wikipedia and I use both regularly. I am not sure at what point this happened I think it may have been after using Revo Uninstaller and the second section where it looks for references to netassistant (in the registry?). Not sure if this is relevant but I can remember deleting some flags or something relating to Internet Explorer but not sure what. Any suggestions?

    Read the article

  • Big square ads appear in lower right corner of both IE and Chrome

    - by BrianK
    In both IE and Chrome, large ads appear in the lower right corner of the browser window. Sometime they look reputable like for Microsoft, but sometimes they are big flashing boxes that say "You have won". Right now I am looking at "Need to lose 30 lbs?" I ran Microsofot Security Essentials and it didn't find anything. I then ran Windows Defender Offline (boot from CD). WDO found five things lincluding browser hijack that caused the wrong page to appear after clicking a link. It reported that it cleaned successfully, after which I ran a quick scan to confirm. After rebooting I still see the ads. Do I still have an infection? Any other tools to try? What about ComboFix? Thanks Update: Here's a screenshot - on superuser

    Read the article

  • VMWare and ALT GR key results in missing characters

    - by donat
    For some odd reason WMware products hijack the AltGy-key despite I make sure that other keys are used as hot keys to release mouse and keyboard from the virtual machine. While this is not a problem for US keyboards, european however who extensively use AltGR for characters such as pipe (|), at-sign (@), left brace ({) and right brace (}). This seem to happen both in Windows and Linux and I can not seem to find a solution that works for both. :( Anyone have an idea how to fix this without the need to modify the guest OS every time? Thank you.

    Read the article

  • Fixing/Extending Standard Windows File Open/Save Dialog [closed]

    - by scunliffe
    Possible Duplicate: Change left side link of the Save As Dialog for a DropBox one? Almost every time I use the standard Windows (XP) File Open/Save Dialog I get frustrated in how long it takes me to navigate to where I want to go. :-( (I won't even get into the MS Office dialog that makes things even worse) This is the dialog I'm referring to (with some notes) Notes: Wouldn't a Drive list be handy in here? C:\, D:\, E:\, etc. What about a breadcrumb URI? (the magenta list of links) Why isn't Program Files one of the icons on the left? (green) I'm always going in there for something Why can't I type "../../../" to navigate up multiple directories in the File name box? (blue) There has got to be some utilities out there that can "hijack" or "overwrite" this core windows dialog to provide a much better set of options. I'm looking for any/all solutions to help fix this dialog.

    Read the article

  • DNS security (hijacking?)

    - by Jongsma
    I am hosting my website on Linode and am also using their DNS/naming servers. (ns1.linode.com etc.) It occurred to me that I never have had to authenticate that the domain is mine when I added it to the domain to the DNS manager, or at any other point. I now wonder whether it would be possible for other Linode users to 'hijack' my domain by simply adding the same domain zone and pointing it to their own server. I wouldn't know how Linode could determine which are the real/authentic records. How can I be sure this doesn't happen?

    Read the article

  • 'hijacking' gui and mapping certain controls to certain functions. VNC. TouchOSC

    - by Nick
    I need a VNC LIKE application which rather than sharing the screen, can take control of a specific application and then share that functionality across a network to multiple clients. Obviously, VNC requires use of the mouse and therefore only one user can do something at one time, this is NOT what I am after. I am after something that can hijack the graphic user interface, map certain controls, and then display them in another piece of software (perhaps like TOUCHOSC) The software I would like to map and share is called YAMAHA STUDIO MANAGER and is used to control certain Yamaha audio hardware, and in my case a Yamaha LS9 and M7CL mixing console. Its free.

    Read the article

  • Why no final dot for domain names?

    - by user41150
    I recently learned that a fully qualified domain name ends in a dot, e.g. www.microsoft.com.. Why do I almost never see this? We casually toss around www.microsoft.com, a relative domain name, without a second thought. It's not mere pedantry, because it seems there's a security issue: someone in your network could create www.microsoft.com.example.com. to hijack your requests to www.microsoft.com. Why doesn't the internet community have a tradition of using genuinely fully qualified domain names?

    Read the article

  • How do I check if a program can potentially be a virus?

    - by acidzombie24
    I am running Windows XP in a VM. I want to download a few applications and install the one by one and check if they potentially can be a virus. I assume virus would need to add something to the startup folder, or the application in the startup section in the registry or add a service. What else might it do to become active? Anyway, how can I check to see if a program may be a virus? I use hijack this to get a list of processes and I simply compare it from before I installed to after and see if there's anything different. Is this good enough? My main OS is Windows 7 but I do not have that in a VM and don't see a reason to test with that.

    Read the article

  • How to get a clipboard paste notification and provide my own data?

    - by Uwe Keim
    For a small utility I am writing (.NET, C#), I want to monitor clipboard copy operations and clipboard paste operations. My idea is to provide my own data when pasting into an arbitrary application. The monitoring of a copy operation can be easily done by using a clipboard viewer. Something that seems much more advanced to me is to write a "clipboard paste provider": Answer to "what formats are available" queries of applications. Supply data to application paste operations. I found this posting and this posting, but none of them seems to really help me. What I guess is that I somehow have to mimic/hijack the current clipboard. Question: Is it possible to "wrap" the clipboard in terms of paste operations and provide my own kind of "clipboard proxy"? Thanks Uwe

    Read the article

  • handle SIGSEGV in Linux?

    - by user303967
    Hi all, I need handle the SIGSEGV in my Linux app. The reason is some clean up(3-partry lib) must be done before generate core-dump. What is more, the clean up must be performed in the context of calling thread, cannot do in signal handler. So I plan in signal handler to pass the control to the calling thread, after the clean up finished, then use raise(SIGSEGV) to generate the core-dump. The real problem seems the signal_handler cannot pass the control to calling thread, no matter I use post_sem or some others. Any idea to handle this case? Possbile to hijack the SIGSEGV, then in SIGSEGV hander return to another thread to perform some clean up? signal(SIGSEGV, signal_handler); signal_handler() { ... post_sem(); ... } calling thread() { wait_sem(); clean_up(); ... }

    Read the article

  • Can Tomcat provide seperate (or HTTPS only) sessions for HTTPS requests?

    - by Joe
    I have a web application which contains both secure (SSL) and non-secure pages. A user can login to the site and must appear logged-in in both the SSL and non-SSL areas. (NB. SSL isn't implemented via Tomcat, but via Apache HTTPD servers which sit in front of Tomcat - so Tomcat has no SSL configuration.) The logged-in state is currently maintained via a servlet session (using Tomcat's vanilla session management). The obvious issue with this approach is that the JSESSIONID cookie is transported over both HTTP and HTTPS connections, meaning that it's potentially possible to intercept it and hijack the session. Are there any solutions to this without rolling our own session management (i.e. does Tomcat cater for this situation)? I'm prepared to implement our own session management, but don't want to reinvent something that may already be supported.

    Read the article

  • Block all other input to an application and control it from a wrapper in Java

    - by Oren
    I have a windows application which has a complex GUI that I would like to hide from users. In order to do this, I would like to create a wrapper with an extremely simple interface that overlays this application and automates a number of actions when a user clicks a single button on the wrapper. (I hope "wrapper" is the proper term.) Is it possible to use Java to block input to the underlying application so that users cannot inadvertently mess up the automation? How would I go about this? Also, how can I automate key presses and clicks to the application without hijacking the mouse? Is this possible in Java? I have looked at java.awt.Robot, but it appears to hijack the mouse. I have also looked at AutoIT, but it too hijacks the mouse and does not integrate with Java. Neither of these options seem powerful enough for what I need, but I do not know how else to proceed.

    Read the article

  • help in security assignment

    - by scatman
    i have to write a program that sniffs network packets (part1-the simple part). and i have to update the program (part2) so that it will be able to terminate connections. the specific requirements are: construct raw packets by specifying data link layer and network layer information including appropriate source and destination MAC and IP addresses. These packets are intended to terminate the connection. To do so, you should used SOCK_RAW as the socket type to be able to set the header information by yourself. can anybody give me some ideas on the second part? should i hijack the session,apply a dos attack on one of the users?? all i need is some tips of how to terminate the connection. i am using c programming language. and this is a course assignment for the security course.

    Read the article

  • How to intercept deallocate callbacks of Core Foundation objects in Objective-C.

    - by Matteo
    I'm writing an Eiffel wrapper for AppKit and Foundation and I need to hijack all -dealloc methods. Thanks to the dynamic nature of Objective-C it is pretty easy to do that. But the problem is it only works with some of the Foundation or AppKit objects. There are certain objects (e.g. NSString, NSArray, NSDate, ...) that are actually CF objects so the dealloc method doesn't get called. Instead the deallocate callbacks of the allocator that allocated the CF object is called. Is there a way to intercept that?

    Read the article

  • Is there an easy way in Python to wait until certain condition is true?

    - by Checkers
    I need to wait in a script until a certain number of conditions become true? I know I can roll my own eventing using condition variables and friends, but I don't want to go through all the trouble of implementing it, since some object property changes come from external thread in a wrapped C++ library (Boost.Python), so I can't just hijack __setattr__ in a class and put a condition variable there, which leaves me with either trying to create and signal a Python condition variable from C++, or wrap a native one and wait on it in Python, both of which sound fiddly, needlessly complicated and boring. Is there an easier way to do it, barring continuous polling of the condition? Ideally it would be along the lines of res = wait_until(lambda: some_predicate, timeout) if (not res): print 'timed out'

    Read the article

  • Capturing Mac OS X System Audio output with Python

    - by richbs
    Hello, I've been trying to "hijack" the Mac OS X system audio using PyAudio and save to a wav in python. That is, I do not want to record from an input device such as a microphone. I want to grab the sound output from any or all applications. I have followed the tutorials on the PyAudio site but these do not appear to cover my use case and when I try to read from the output stream I unsurprisingly get the paCanNotReadFromAnOutputOnlyStream exception. Fair enough! Is there a way to do what I am proposing with the PyAudio or other FOSS Python Library?

    Read the article

  • Disable form submission via Enter key on only _some fields

    - by justSteve
    I want to retain the conventional 'form submits when i press Enter' behavior because users are familiar with. But by reflex, they often hit enter when they finish with a text input box - but before they are actually done with the complete form. I'd like to hijack the Enter key only when then focus is on a certain class of input. Looking Related Questions this looks like what I'm looking for: if (document.addEventListener) { document.getElementById('strip').addEventListener('keypress',HandleKeyPress,false); } else { document.getElementById('strip').onkeypress = HandleKeyPress; } but the if (document.addEventListener) { is unfamiliar.

    Read the article

  • Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?

    - by jackweirdy
    In the HTTPS/SSL section of chrome://chrome/settings, I see the following: What does this mean, and is there something wrong? I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites. From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site. My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication. NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs. What I'd like to know is: Is this correct? - The big red boxes make me think no Is this malicious or benign? What can I do to resolve this problem? (If indeed it is a problem) Thanks :)

    Read the article

  • HP c6180 driver refuses to install - "must reboot to continue delete files and continue install" loo

    - by Aszurom
    User called me last night, can't get HP drivers to install for printer. 500 meg download for latest c6180 driver. PC says "computer must be restarted to delete some files, then setup will continue." and it won't pass that point. (that's not exact phrasing of the error, and I'm not on the system now) Target machine is XP SP2. I upgraded to SP3. Fully patched. Ran malwarebytes, spybot, hijack this and turned off all startup entries. I noted that windows update also failed on optional printer driver updates for other printers installed on the machine. Went to printer server properties, removed all print drivers from system, deleted all printer ports. Made sure no services were marked disabled. After 5 hours of fighting this I started to get desperate, and uninstalled anything that referenced HP in the machine at all. Still no cure. I'm 6 hours into this and completely stumped. Google returns nothing applicable except unanswered requests for help on same topic.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3  | Next Page >