Search Results

Search found 271 results on 11 pages for 'exploit'.

Page 5/11 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11  | Next Page >

  • WordPress-based ticketing systems?

    - by CarlF
    I have been asked to set up a ticketing/help desk system for a small nonprofit. Our server runs Debian GNU/Linux. Because we already have WordPress installed and plan to exploit it heavily going forward, I'm wondering whether there are any WP-based ticketing systems. Obviously, it will simplify the admin's life to have less software installed on the server. Thanks.

    Read the article

  • « Je peux m'emparer de votre mobile sous Android », affirme un ancien de la NSA qui exploite la gestion du NFC dans l'OS

    « Je peux m'emparer de votre mobile sous Android », affirme un ancien de la NSA Son exploit utilise une particularité de la gestion du NFC dans l'OS de Google En collaboration avec Gordon Fowler La célèbre conférence de hacking du Black Hat, a été particulièrement remplie du côté de la plateforme Android, avec des attaques. Certains experts en sécurité, à l'image de Sean Shulte de Trustwave's SpiderLabs, confirment que « Google a fait des progrès mais les créateurs de logiciels malicieux avancent à grand pas ». Et le nombre de failles mises à jour augmente avec la popularité grandissante de l'OS qui attire de plus en plus les regards des hacker...

    Read the article

  • Microsoft Patches Bugs, Improves Visual Studio 2012

    First, let's talk about the bug patches. Programs getting fixes include Windows, Internet Explorer, Office, the .NET Framework, Microsoft Dynamics AX and Microsoft Visual Basic. You can read the full security advisory. Out of the seven bulletins containing the fixes, three were deemed critical, which means a hacker could exploit an unpatched system by remotely executing malicious code. The remaining four were dubbed important; if exploited, they could give an attacker elevated privileges. Multiple versions of the Windows operating system and Internet Explorer should receive these patches....

    Read the article

  • Security issue about making my code public in GitHub

    - by John Doe
    I'm developing a big community/forum website and I'd like to upload my code to GitHub to have at least some sort of version control over it (because I have nothing other than a .rar file as a backup, not even SVN), to let others contribute to the project, and also perhaps using it to let my potential future employers see some of my code as some sort of curriculum. But what I'm wondering now, and I'm suprised I haven't seen anyone mention it before is the security aspect of it. Isn't publishing the code of a website a HUGE security hole? Is like giving a potential hacker or anyone who would like to find any potential exploit possible, even considering that the critical files aren't uploaded (database passwords, authentication scripts, etc.). Of course that there are millions of projects uploaded to GitHub and no one will find mine just 'by chance'. But if they look for it, it would indeed be there. Bottomline: my problem is not about copyright or licenses, but others finding exploits in my website. I'm I missing something here?

    Read the article

  • Microsoft pourrait être à l'origine de l'arrêt du Botnet « Rustock », le plus prolifique de l'histoire du spam

    Microsoft pourrait être à l'origine de l'arrêt du Botnet « Rustock » Le plus prolifique de l'histoire du spam Un groupe anonyme d'experts en sécurité a réussi à paralyser les opérations de spams produites depuis des années par Rustock, le plus prolifique Botnet de l'histoire de l'Internet. Depuis l'après-midi du 16, aucun des serveurs de contrôle et commande (CnC) de Rustock ne répond plus. Un exploit qui concorde avec une baisse drastique du nombre de pourriels à l'échelle mondiale. [IMG]http://idelways.developpez.com/news/images/rustock.png[/IMG] Bien que cette opération n'ait pas encore été revendiquée officiellement, une enquête du Wall St...

    Read the article

  • Lockdown Your Database Security

    - by Troy Kitch
    A new article in Oracle Magazine outlines a comprehensive defense-in-depth approach for appropriate and effective database protection. There are multiple ways attackers can disrupt the confidentiality, integrity and availability of data and therefore, putting in place layers of defense is the best measure to protect your sensitive customer and corporate data. “In most organizations, two-thirds of sensitive and regulated data resides in databases,” points out Vipin Samar, vice president of database security technologies at Oracle. “Unless the databases are protected using a multilayered security architecture, that data is at risk to be read or changed by administrators of the operating system, databases, or network, or hackers who use stolen passwords to pose as administrators. Further, hackers can exploit legitimate access to the database by using SQL injection attacks from the Web. Organizations need to mitigate all types of risks and craft a security architecture that protects their assets from attacks coming from different sources.” Register and read more in the online magazine format.

    Read the article

  • 6 Ways Windows 8 Is More Secure Than Windows 7

    - by Chris Hoffman
    Whatever you think of it, Windows 8 isn’t just a new interface slapped on top of Windows 7. Windows 8 has seen a lot of security improvements, including an integrated antivirus, an application reputation system, and protection from boot-time rootkits. There are also quite a few low-level security improvements under the hood. Microsoft hasn’t spelled out all of them, but Windows 8 manages memory in a more secure way and includes features that make security vulnerabilities harder to exploit. HTG Explains: Why It’s Good That Your Computer’s RAM Is Full 10 Awesome Improvements For Desktop Users in Windows 8 How To Play DVDs on Windows 8

    Read the article

  • Legal responsibility for emebedding code

    - by Tom Gullen
    On our website we have an HTML5 arcade. For each game it has an embed this game on your website copy + paste code box. We've done the approval process of games as strictly and safely as possible, we don't actually think it is possible to have any malicious code in the games. However, we are aware that there's a bunch of people out there smarter than us and they might be able to exploit it. For webmasters wanting to copy + paste our games on their websites, we want to warn them that they are doing it at their own risk - but could we be held responsible if say for instance a malicious game was hosted on an important website and it stole their users credentials and cause them damage? I'm wondering if having an HTML comment in the copy + paste code saying "Use at your own risk" is sufficient.

    Read the article

  • What are unique aspects of a software Lifecycle of an attack/tool on a software vulnerability?

    - by David Kaczynski
    At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload What kind of differences (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

    Read the article

  • Learning about security and finding exploits

    - by Jayraj
    First things first: I have absolutely no interest in learning how to crack systems for personal enrichment, hurting other people or doing anything remotely malicious. I understand the basis of many exploits (XSS, SQL injection, use after free etc.), though I've never performed any myself. I even have some idea about how to guard web applications from common exploits (like the aforementioned XSS and SQL injection) Reading this question about the Internet Explorer zero-day vulnerability from the Security SE piqued my curiosity and made me wonder: how did someone even find out about this exploit? What tools did they use? How did they know what to look for? I'm wary about visiting hacker dens online for fear of getting my own system infected (the Defcon stories make me paranoid). So what's a good, safe place to start learning?

    Read the article

  • No Cost 1-Click Remarketer Level Training

    - by martin.morganti(at)oracle.com
    The Remarketer level has proven to be a great success as a way of enabling Remarketers to Jump start a resale business with Oracle. As part of the Knowledge Zone for the 1-Click Products we have some no cost training available - the Oracle 1-Click Technology Products Guided Learning Path - which explains about the program and how to position Oracle products. We have been working to increase the training that is available for Remarketers and I am pleased to let you know that we have recently added more no cost training. The training path that we have released is the Oracle Database 11g 1-Click Technology Sales Guided Learning Path . This set of courses provides more detail on the Oracle 11G Database and will help you to better uncover and exploit opportunities for you to sell Oracle 11G as part of your solutions. So if you are interested in a No Fees, No Barriers No Excuses way to resell Oracle 1-Click products look at the Remarketer page and take the free 1-Click Guided Learning paths in the Training Section to kick start your activity.

    Read the article

  • Software Life-cycle of Hacking

    - by David Kaczynski
    At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload I propose the following questions: What kind of formal definitions (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

    Read the article

  • Google I/O 2010 - Connecting users w/ places

    Google I/O 2010 - Connecting users w/ places Google I/O 2010 - Where you at? Connecting your users with the places around them Geo 201 Marcelo Camelo, Chris Lambert, Dave Wang (Booyah) With the proliferation of GPS-enabled mobile devices, the locations of your users are now readily accessible to applications. This session will illustrate how to manage this location data and exploit the rich local information that Google offers to place your users in the context of their surroundings. For all I/O 2010 sessions, please go to code.google.com From: GoogleDevelopers Views: 65 0 ratings Time: 01:01:55 More in Science & Technology

    Read the article

  • How does the GPL static vs. dynamic linking rule apply to interpreted languages?

    - by ekolis
    In my understanding, the GPL prohibits static linking from non-GPL code to GPL code, but permits dynamic linking from non-GPL code to GPL code. So which is it when the code in question is not linked at all because the code is written in an interpreted language (e.g. Perl)? It would seem to be too easy to exploit the rule if it was considered dynamic linking, but on the other hand, it would also seem to be impossible to legally reference GPL code from non-GPL code if it was considered static! Compiled languages at least have a distinction between static and dynamic linking, but when all "linking" is just running scripts, it's impossible to tell what the intent is without an explicit license! Or is my understanding of this issue incorrect, rendering the question moot? I've also heard of a "classpath exception" which involves dynamic linking; is that not part of the GPL but instead something that can be added on to it, so dynamic linking is only allowed when the license includes this exception?

    Read the article

  • Une faille exploitable dans SharePoint est en train d'être colmatée par Microsoft, elle ne touche pa

    Patch en cours pour une faille exploitable de SharePoint Qui ne touche pas l'édition 2010 Microsoft est en train de mettre les bouchées doubles pour colmater une faille découverte dans SharePoint. Une alerte de sécurité vient d'ailleurs d'être publiée pour mettre en garde les utilisateurs de l'outil de collaboration contre une possible exploitation d'une faille zero-day. Le code de l'exploit en question aurait en effet été diffusé sur Internet.. Cette faille ne concerne cependant pas SharePoint 2010. Seuls Windows SharePoint Services 3.0 et SharePoint Server 2007 seraient touchés. En attendant la sortie effective d'un patch, Microsoft décrit une solut...

    Read the article

  • OPN Developer Services for Solaris Developers

    - by user13333379
    Independent Software Vendors (ISVs) who develop applications for Solaris 11 can exploit a number of interesting services as long as they are OPN Members with a Gold (or above) status and a Solaris Knowledge specialization: Free access to a Solaris development cloud with preconfigured Solaris developer zones through the apply for the: Oracle Exastack Remote Labs to get free access to Solaris development environments for SPARC and x86. Free access to patches and support information through MOS for Oracle Solaris, Oracle Solaris Studio, Oracle Solaris Cluster including updates for development systems  apply for the Oracle Solaris Development Initiative. Free email developer support for all questions around Oracle Solaris, Oracle Solaris Studio, Oracle Solaris Cluster and Oracle technologies integrating with Solaris 11 apply for the Solaris Adoption Technical Assistance.  

    Read the article

  • New Thinking for Supply Chain Analytics. PLM for Process. And Untangling Services Complexity.

    - by David Hope-Ross
    The first edition of the quarterly Oracle Information InDepth Value Chain and Procurement Transformation newsletter has just been published. It’s a solid round-up of news and analysis from the fast-moving world of global supply chains and supply management.  As the title of this post implies, the latest edition covers a wide array of great topics. But the story on supply chain analytics from Endeca is especially interesting. Without giving away the ending, it explores new ways of thinking about the value of information and how to exploit it for supply chain improvement. If you enjoy this edition, think about opting-in via the subscription link. It is an easy way to keep up with the latest and greatest.

    Read the article

  • L'iPad 2 est déjà jailbreaké, Cydia 1.1 y tourne parfaitement bien grâce à Comex

    L'iPad 2 est déjà jailbreaké, Cydia 1.1 y tourne parfaitement bien grâce à Comex Mise à jour du 14.03.2011 par Katleen Comme toujours, les bidouilleurs de produits à la Pomme ont fait vite. A peine sorti aux Etats-Unis, et même pas encore arrivé en France, l'iPad 2 est déjà jailbreaké. Celui qui a réalisé cet exploit est connu sous le pseudo de Comex, et il a réussi à faire tourner Cydia 1.1 sur le tablet PC d'Apple, de façon fluide et sans accroches. Le grand public devrait donc bientôt avoir en sa possession les outils lui permettant de débloquer lui aussi l'iPad 2. Wait and see... Source :

    Read the article

  • Rendering only a part of the screen in high detail

    - by Bart van Heukelom
    If graphics are rendered for a large viewing angle (e.g. a very large TV or a VR headset), the viewer can't actually focus on the entire image, just a part of it. (Actually, this is the case for regular sized screens as well.) Combined with a way to track the viewer's eyes, you could theoretically exploit this and render the graphics away from the viewer's focus with progressively less details and resolution, gaining performance, without losing perceived quality. Are there any techniques for this available or under development today?

    Read the article

  • Are there good replacements for client-side java in web programming? [closed]

    - by varesa
    Now since the latest java exploit, and many others in the past, people are again recommended to get rid of java on their computers for good. I, as a java web applications developer, am think about possible alternatives. Many seem to have gotten rid of java, so I would not like to develop for an environmet, that users do not have on their computers, and that they are not willing to install for security reasons. Are there any other real options that HTML5 + JS? (Don't take me wrong about not wanting HTML5+JS, I just want to know the options)

    Read the article

  • Distributed Computing - Hybrid Systems Considerations

    When the Cloud was new, it was often presented as an 'all or nothing' solution. Nowadays, the canny Systems Architect will exploit the best advantages of 'cloud' distributed computing in the right place, and use in-house services where most appropriate. So what are the issues that govern these architectural decisions? What can SQL Monitor 3.2 monitor?Whatever you think is most important. Use custom metrics to monitor and alert on data that's most important for your environment. Find out more.

    Read the article

  • What is needed to become a skillful and professional software developer ?

    - by silentbang
    I am interested in studying algorithms and my strong points are problem-solving and logical thinking. However what I am guided toward is web-developing languages, SQL and they seem to not exploit the best out of me. I think it's because lots of people can learn these things easily, even steal ideas and copy code. Is that wrong? I was told that "learning algorithms is just for optimization, so you just need to know it (not a deep understanding)", but I think algorithms are my savior; it differentiates one man's abilities from others'. Also I'm learning C++ to benefit my future career. Many people say that web developer is a future trend, which worries me. I don't know what I need to standout in my career, and should I balance between web and software developing or just one? Should I work hard on algorithms?

    Read the article

  • Les pirates exploiteraient déjà la faille de Windows XP divulguée par un employé de Google, qui se d

    Mise à jour du 16/06/10 Les pirates exploiteraient déjà la faille de Windows XP Divulguée par un employé de Google, qui se défend des accusations de Microsoft Tavis Ormandy, l'employé de Google qui a mis à jour une faille dans le Centre d'Aide et de Support de Windows XP et qui a publié un exploit montrant comment il était possible d'en tirer profit, se défend d'avoir eu un comportement irresponsable. Il affirme dans un Tweet que, contrairement aux dires de Microsoft, il n'a pas laissé 5 jours mais deux mois à l'éditeur de Windows (60 jours) pour colmater la faille. Ce serait donc l'inertie de Redmond qui l'aurait décid...

    Read the article

  • performing simple stack overflow on Mac os 10.6

    - by REALFREE
    I'm trying to learn about stack base overflow and write a simple code to exploit stack. But somehow it doesn't work at all but showing only Abort trap on my machine (mac os leopard) I guess Mac os treats overflow differently, it won't allow me to overwrite memory through c code. for example, strcpy(buffer, input) // lets say char buffer[6] but input is 7 bytes on Linux machine, this code successfully overwrite next stack, but prevented on mac os (Abort trap) Anyone know how to perform a simple stack-base overflow on mac machine?

    Read the article

  • performing simple buffer overflow on Mac os 10.6

    - by REALFREE
    I'm trying to learn about stack base overflow and write a simple code to exploit stack. But somehow it doesn't work at all but showing only Abort trap on my machine (mac os leopard) I guess Mac os treats overflow differently, it won't allow me to overwrite memory through c code. for example, strcpy(buffer, input) // lets say char buffer[6] but input is 7 bytes on Linux machine, this code successfully overwrite next stack, but prevented on mac os (Abort trap) Anyone know how to perform a simple stack-base overflow on mac machine?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11  | Next Page >