Search Results

Search found 835 results on 34 pages for 'attack'.

Page 21/34 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28 | Next Page >

How should I start refactoring my mostly-procedural C++ application?

- by oob

We have a program written in C++ that is mostly procedural, but we do use some C++ containers from the standard library (vector, map, list, etc). We are constantly making changes to this code, so I wouldn't call it a stagnant piece of legacy code that we can just wrap up. There are a lot of issues with this code making it harder and harder for us to make changes, but I see the three biggest issues being: Many of the functions do more (way more) than one thing We violate the DRY principle left and right We have global variables and global state up the wazoo. I was thinking we should attack areas 1 and 2 first. Along the way, we can "de-globalize" our smaller functions from the bottom up by passing in information that is currently global as parameters to the lower level functions from the higher level functions and then concentrate on figuring out how to removing the need for global variables as much as possible. I just finished reading Code Complete 2 and The Pragmatic Programmer, and I learned a lot, but I am feeling overwhelmed. I would like to implement unit testing, change from a procedural to OO approach, automate testing, use a better logging system, fully validate all input, implement better error handling and many other things, but I know if we start all this at once, we would screw ourselves. I am thinking the three I listed are the most important to start with. Any suggestions are welcome. We are a team of two programmers mostly with experience with in-house scripting. It is going to be hard to justify taking the time to refactor, especially if we can't bill the time to a client. Believe it or not, this project has been successful enough to keep us busy full time and also keep several consultants busy using it for client work.

Read the article
Which linux x86 hardware keystore?

- by byeo

I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

Read the article
Finding Locked Out Users

- by Bart Silverstrim

Active Directory up to 2008 network (our servers are a mix of 2008, 2003...) I'm looking for a quick way to query AD to find out what users are locked out, preferably from a batch or script file, to monitor for possible issues with either user accounts being attacked by an automated attack or just anomalies in the network. I've Googled and my Google-fu has failed; I found a query off Microsoft's own knowledgebase that cites a string to use on Server 2003 with the management snap-in's saved queries (http://support.microsoft.com/kb/555131) but when I entered it, the query returned 400 users that a spot-check showed did NOT have a checkmark in the "Account is locked out" box under "account." In fact, I don't see anything wrong with their accounts. Is there a simple utility (wisesoft bulkadusers apparently uses this method behind the scenes, since it's results were also wrong) that will give a count of users and possibly their user object names? Script? Something?

Read the article
Need efficient way to keep enemy from getting hit multiple times by same source

- by TenFour04

My game's a simple 2D one, but this probably applies to many types of scenarios. Suppose my player has a sword, or a gun that shoots a projectile that can pass through and hit multiple enemies. While the sword is swinging, there is a duration where I am checking for the sword making contact with any enemy on every frame. But once an enemy is hit by that sword, I don't want him to continue getting hit over and over as the sword follows through. (I do want the sword to continue checking whether it is hitting other enemies.) I've thought of a couple different approaches (below), but they don't seem like good ones to me. I'm looking for a way that doesn't force cross-referencing (I don't want the enemy to have to send a message back to the sword/projectile). And I'd like to avoid generating/resetting multiple array lists with every attack. Each time the sword swings it generates a unique id (maybe by just incrementing a global static long). Every enemy keeps a list of id's of swipes or projectiles that have already hit them, so the enemy knows not to get hurt by something multiple times. Downside is that every enemy may have a big list to compare to. So projectiles and sword swipes would have to broadcast their end-of-life to all enemies and cause a search and remove on every enemy's array list. Seems kind of slow. Each sword swipe or projectile keeps its own list of enemies that it has already hit so it knows not to apply damage. Downsides: Have to generate a new list (probably pull from a pool and clear one) every time a sword is swung or a projectile shot. Also, this breaks down modularity, because now the sword has to send a message to the enemy, and the enemy has to send a message back to the sword. Seems to me that two-way streets like this are a great way to create very difficult-to-find bugs.

Read the article
iptables - drop all HTTP(S) traffic but from CloudFlare

- by Martin

I would like to allow only HTTP(S) traffic coming from CloudFlare. In that way attackers cannot attack the server directly. I know CloudFlare is not mainly a DDoS mitigator, but I would like to try it either way. I'm currently only having access to iptables (ipv4 only), but will try to install ip6tables soon. I just need to have this fixed soon. (we're getting (D)DoSed atm.) I was thinking about something like this: iptables -I INPUT -s <CloudFlare IP> --dport 80 -j ACCEPT iptables -I INPUT -s <CloudFlare IP> --dport 443 -j ACCEPT iptables -I INPUT -p tcp --dport 80 -j DROP iptables -I INPUT -p tcp --dport 443 -j DROP I know that CloudFlare has multiple IPs, but just for an example. Would this be the right way?

Read the article
Phishing site uses subdomain that I never registered

- by gotgenes

I recently received the following message from Google Webmaster Tools: Dear site owner or webmaster of http://gotgenes.com/, [...] Below are one or more example URLs on your site which may be part of a phishing attack: http://repair.gotgenes.com/~elmsa/.your-account.php [...] What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG. I have the following questions: Where is repair.gotgenes.com actually registered? How was it registered? What action can I take to have it removed from DNSs? How can I prevent this from happening in the future? This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.

Read the article
china and gmail attachs -

- by doug

"We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” [source] I don't know much about how internet works, but as long the chines gov has access to the chines internet providers servers, why do they need to hack gmail accounts? I assume that i don't understand how submitting/writing a message(from user to gmail servers) works, in order to be sent later to the other email address. Who can tell me how submitting a message to a web form works?

Read the article
Block ip for long time

- by Tiziano Dan

This question is about a iptables, I wanna to know how can I block these ip for 1hour and not only a little time.. because they make to many sql requests, I'm using it for block but it's not enough because there's anyway 100k ip who attack then too much requests for sql server. iptables -N SYN-LIMIT iptables -A SYN-LIMIT -m hashlimit --hashlimit 8/second --hashlimit-mode srcip --hashlimit-name SYN-LIMIT -j RETURN iptables -A SYN-LIMIT -j DROP iptables -I INPUT -p tcp --dport 80 --syn -j SYN-LIMIT iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 6 -j REJECT --reject-with tcp-reset How can I make the same but block IP for long time ? (Not manually !)

Read the article
How to find malicious IPs?

- by alfish

Cacti shows irregular and pretty steady high bandwidth to my server (40x the normal) so I guess the server is udnder some sort of DDoS attack. The incoming bandwidth has not paralyzed my server, but of course consuming the bandwidth and affects performance so I am keen to figure out the possible culprits IPs add them to my deny list or otherwise counter them. When I run: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I get a long list of IPs with up to 400 connections each. I checked the most numerous occurring IPs but they come from my CDN. So I am wondering what is the best way to help monitor the requests that each IP make in order to pinpoint the malicious ones. I am using Ubuntu server. Thanks

Read the article
Finding the best practice for a game simulating tool

- by Tougheart

I'm studying Java right now, and I'm thinking of this tool as my practice project. The game is "League of Legends" in case anyone knows it, I'm not actually simulating the game as in simulating game play, I'm just trying to create a tool that can compare different champions to each other based on their own abilities and items bought inside the game. The game basics are: Every player has a champion in a team of 5 players playing against another team. Each champion has a different set of abilities (usually 4) that s/he uses to do damage to opposing champions. Each champion gets stronger by buying different items, increasing the attack it deals or decreasing the damage received. What I want to do is to create a tool to be used outside the game enabling players to try out different builds for their champions and compare the figures against other champions they usually fight against. The goal is to enable players get a deeper understanding of the different item combinations (builds) that can be used during the games, instead of trying them out in real games which can be somehow very time consuming. What I'm stuck at is the best practice I should follow to make this possible using Java, I can't figure out which classes should inherit from which, should I make champions and items specs in the code or extracted from other files, specially that I'm talking about hundreds of items and champions to use in that tool. I'm self studying Java, and I don't have much practice at it, so I would really appreciate any broad guidelines regarding this, and sorry if my question doesn't fit here, I tried to follow the rules. English isn't my native language, so I'm really sorry if I wasn't clear enough, I would be more than happy to explain anything that's not understood.

Read the article
Danger in running a proxy server? [closed]

- by NessDan

I currently have a home server that I'm using to learn more and more about servers. There's also the advantage of being able to run things like a Minecraft server (Yeah!). I recently installed and setup a proxy service known as Squid. The main reason was so that no matter where I was, I would be able to access sites without dealing with any network content filter (like at schools). I wanted to make this public but I had second thoughts on it. I thought last night that if people were using my proxy, couldn't they access illegal materials with it? What if someone used my proxy to download copyright material? Or launched an attack on another site via my proxy? What if someone actually looked up child pornography through the proxy? My question is, am I liable for what people use my proxy for? If someone does an illegal act and it leads to my proxy server, could I be held accountable for the actions done?

Read the article
Tracing what program is making a network connnection? (CentOS)

- by Airjoe

I was wondering if it is possible to find out which process is trying to make a specific network connection. On a server I support which hosts websites for about 200 users, the iptables firewall keeps blocking, as it should, a connection to 212.117.169.139 on port 80. Firefox reports this as an attack page (and at the least is obvious spam, if not malicious). It seems something on this server is trying to access this site for some reason, and although it's being blocked successfully, the requests seem to be going through every two to sixty seconds and I'd like to be able to find what process or script is doing this so I can handle it appropriately. Besides doing a grep to try and find if this IP is in some file (which probably won't even work because it may be working by hostname or it may be encoded), is there any way to find out some more information? Thanks!

Read the article
How are cached Windows credentials stored on the local machine?

- by MDMarra

How are cached Active Directory domain credentials stored on a Windows client? Are they stored in the local SAM database, thus making them susceptible to the same rainbow table attacks that local user accounts are susceptible to, or are they stored differently? Note, that I do realize that they are salted and hashed, so as not to be stored in plain-text, but are they hashed in the same way as local accounts and are they stored in the same location? I realize that at a minimum they're be susceptible to a brute force attack, but that's a much better situation than being vulnerable to rainbow tables in the event of a stolen machine.

Read the article
syslog log of TCP packet

- by com

Occasionally, I noticed a lot of following messsages in syslog Nov {datetime} hostname kernel: [8226528.586232] AIF:PRIV TCP packet: IN=eth0 OUT= MAC={mac} SRC={sourceip} DST={destinationip} LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=20361 DF PROTO=TCP SPT=39950 DPT=37 WINDOW=14600 RES=0x00 SYN URGP=0 On the Internet, I found that DOS attack may cause such type of output, unfortunately, I don't understand what does this log mean. The only thing is clear for me is this log is related to network. The source host is the host where nagios is installed. Does it mean nagios somehow does behave well? And what does it mean at all?

Read the article
Custom Rule Sets in JohnTheRipper

- by user854619

I'm trying to create a custom rule set to do hash cracking. I have a SHA1 hash and a rule set that was enforced to create the password. The password must be of the form, 6-8 characters Every other letter changes case Password "shifts" characters at least one degree and at most three One odd number and one even number are at the beginning of the password One special character and one punctuation character are appended to the end of the password How can I defined a brute force attack in JohnTheRipper or similar hash cracking program? I've also attempted to write code to generate a wordlist of possible passwords, with no success. Thanks!

Read the article
Windows 2008 server unaccessible without traces in the event log

- by Rob

I am trying to figure out why a Windows 2008 server became inaccessible in terms of RDP and access to a web application. The server was turned off and then on. Look at the event log at the time it went offline, I can't find anything. And looking at misc application logs, the system was running like normal after it went offline. It has to be said that by mistake the firewall was switched off earlier, so a lot of attempts had been done to access the SQL Server with the sa user as well as RDP login. But the attempts has been going on for days, so nothing new about that. Besides the event logs, is there anywhere else I can go to examine the cause of this? I am also in doubt whether or not a DOS attack or similar would show up in the event log. From a log for a backup application running on this server I can see that an attempt was done to access a remote IP after the server went offline, but got no connection.

Read the article
My servers been hacked EMERGENCY

- by Grant unwin

I'm on my way into work at 9.30 pm on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere I'm not sure till j get there. Does anyone have any tips on how I can track this down quickly. Were in for a whole lot of litigation if I dont get the server back up asap. Any help appreciated.

Read the article
What are the current options to encrypted a partition on mac os x ?

- by symbion

I recently got my laptop stolen with some sensitive informations on it (personal source code, bank details in a secure file, passwords, etc) and I learnt the lesson: encrypt your sensitive data. Now, I am wondering what are the options to encrypt a partition (not an encrypt disk image) ? Aim: The aim is to prevent anyone (except me) to access those data. Requirement 0: The software must be able to encrypt non system partition. Requirement 1: Plausible deniability is required but preventing cold boot attack is however not an absolute requirement (I am not famous enough or have sensitive enough info to have this kind of requirement). Requirement 2 : Software taking advantage of AES hardware encryption are very welcome as I intent to get a Macbook Pro with i7 CPU (with AES-NI enabled instructions). I will have avirtual machine running in the encrypted partition. Requirement 3 : Free or reasonably cheap. Requirement 4 : Software must run on Mac OS X Snow Leopard or Lion. So far, TrueCrypt is the only option I have found. Regards,

Read the article
u32 filter udp lenght 0 to 29

- by Mark Ocok

Sep 30 18:20:02 30AA30 kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=b8:ac:6f:99:8e:b2:a8:d0:e5:bf:71:81:08:00 SRC=66.225.232.169 DST=68.68.27.84 LEN=28 TOS=0x00 PREC=0x00 TTL=49 ID=21668 DF PROTO=UDP SPT=48153 DPT=16078 LEN=8 Sep 30 18:20:02 30AA30 kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=b8:ac:6f:99:8e:b2:a8:d0:e5:bf:71:81:08:00 SRC=66.225.232.169 DST=68.68.27.84 LEN=28 TOS=0x00 PREC=0x00 TTL=49 ID=21669 DF PROTO=UDP SPT=48153 DPT=16078 LEN=8 Sep 30 18:20:02 30AA30 kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=b8:ac:6f:99:8e:b2:a8:d0:e5:bf:71:81:08:00 SRC=66.225.232.169 DST=68.68.27.84 LEN=28 TOS=0x00 PREC=0x00 TTL=49 ID=21670 DF PROTO=UDP SPT=48153 DPT=16078 LEN=8 Sep 30 18:20:02 30AA30 kernel: ** IN_UDP DROP ** IN=eth0 OUT= MAC=b8:ac:6f:99:8e:b2:a8:d0:e5:bf:71:81:08:00 SRC=66.225.232.169 DST=68.68.27.84 LEN=28 TOS=0x00 PREC=0x00 TTL=49 ID=21671 DF PROTO=UDP SPT=48153 DPT=16078 LEN=8 It's Spoofing attack dos, how to block Spoofing UDP lenght 0 to 29 using u32 Flooder target udp length udp 0 to 29

Read the article
Forensics on Virtual Private servers [closed]

- by intiha

So these days with talks about having hacked machines being used for malware spreading and botnet C&C, the one issue that is not clear to me is what do the law enforcement agencies do once they have identified a server as being a source or controller of attack/APT and that server is a VPS on my cluster/datacenter? Do they take away the entire machine? This option seems to have a lot of collateral damage associated with it, so I am not sure what happens and what are the best practices for system admins for helping law enforcement with its job while keeping our jobs!

Read the article
How do web servers enforce the same-origin policy?

- by BBnyc

I'm diving deeper into developing RESTful APIs and have so far worked with a few different frameworks to achieve this. Of course I've run into the same-origin policy, and now I'm wondering how web servers (rather than web browsers) enforce it. From what I understand, some enforcing seems to happen on the browser's end (e.g., honoring a Access-Control-Allow-Origin header received from a server). But what about the server? For example, let's say a web server is hosting a Javascript web app that accesses an API, also hosted on that server. I assume that server would enforce the same-origin policy --- so that only the javascript that is hosted on that server would be allowed to access the API. This would prevent someone else from writing a javascript client for that API and hosting it on another site, right? So how would a web server be able to stop a malicious client that would try to make AJAX requests to its api endpoints while claiming to be running javascript that originated from that same web server? What's the way most popular servers (Apache, nginx) protect against this kind of attack? Or is my understanding of this somehow off the mark? Or is the cross-origin policy only enforced on the client end?

Read the article
How to secure a new server OS installation

- by Pat R Ellery

I bought (and just received) a new 1u dell poweredge 860 (got it on ebay for $35). I finished installing Ubuntu Server (Ubuntu Server 12.04.3 LTS), install apache/mariadb/memcache/php5 works great but I am scared about security. so far I am the only one using the server but eventually more people (friends, friends of friends) will use this server, use ssh etc... I want to know what can I do to secure all the information and not get hacked, both from the web or ssh or ddos and any other attack possible. Does Ubuntu Server does it for you right away? or I have to fix it my self? Thank you EDIT: I installed (so far): All dev tools ssh server LAMP I didn't install: Graphical interface

Read the article
Exchange 2010 Prevent Authenticated Users From Sending Email From Any Address

- by Chance

I have recently been combating an SMTP AUTH attack in which one of my email accounts had been compromised and was being used to solicit spam. I have been able to identify the account and change the password however I would like to further restrict my exchange server. By default exchange 2010 allows for any authenticated user to specify any email address as the MAIL FROM address and it will accept it. Is there any way to restrict this so that only the authenticated account's email address will be able to be used as the MAIL FROM address? I have been looking through all ADPermissions for the SMTP connector however I can't find any documentation on how to accomplish this. Any suggestions would be greatly appreciated. Telnet Test Picture Telnet Test SMTP Connector Properties Pictures Permissions Tab

Read the article
Windows Phone 7 v. Windows 8 Metro “Same but Different”

- by ryanabr

I have been doing development on both the Windows Phone 7 and Windows 8 Metro style applications over the past month and have really been enjoying doing both. What is great is that Silverlight is used for both development platforms. What is frustrating is the "Same but Different" nature of both platforms. Many similar services and ways of doing things are available on both platforms, but the objects, namespaces, and ways of handling certain cases are different. I almost had a heart attack when I thought that XmlDocument had been removed from the new WinRT. I was relived (but a little annoyed) when I found out that it had shifted from the "System.Xml" namespace to the "Windows.Data.Xml.Dom" namespace. In my opinion this is worse than deprecating and reintroducing it since there isn't the lead time to know that the change is coming, maker changes and adjust. I also think the breaks the compatibility that is advertised between the WinRT and .NET framework from a programming perspective, as the code base will have to be physically different if compiled for one platform versus the other. Which brings up another issue, the need for separate DLLs with for the different platforms that contain the same C# code behind them which seems like the beginning of a code maintenance headache. Historically, I have kept source files "co-located" with the projects that they are compiled into. After doing some research, I think I will end up keeping "common" files that need to be compiled in to DLLs for the different platforms in a seperate location in TFS, not directly included in any one Visual Studio project, but added as links in the project that would get compiled into the windows 7 phone, or Windows 8. This will work fine, except for the case where dependencies don't line up for each platform as described above, but will work fine for base classes that do the raw work at the most basic programming level.

Read the article
Windows 8 "ate" 100GB of my SSD

- by Eleeist

Yesterday I've done a completely fresh Windows 8 Pro install on brand new Samsung SSD. I recall that just after the installation Windows was taking about 10GB. I've installed all the updates and when today I entered My Computer I've almost got a heart attack: disk C: 12.3 GB free of 118 GB! The file explorer, when I enter the disk highlight everything and go to Properties, tells me that the files in there take only 22.5 GB of space which seems reasonable. So where is my 100 GB?

Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28 | Next Page >