Search Results

Search found 417 results on 17 pages for 'malicious'.

Page 5/17 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Sandboxes Explained: How They’re Already Protecting You and How to Sandbox Any Program

    - by Chris Hoffman
    Sandboxing is an important security technique that isolates programs, preventing malicious or malfunctioning programs from damaging or snooping on the rest of your computer. The software you use is already sandboxing much of the code you run every day. You can also create sandboxes of your own to test or analyze software in a protected environment where it won’t be able to do any damage to the rest of your system.    

    Read the article

  • ISP Privacy Proposal Draws Fire

    <b>Krebs on Security:</b> "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software."

    Read the article

  • Game-over! Gaining Physical access to a computer

    Security requires defense in depth. The cleverest intrusion detection system, combined with the best antivirus, won’t help you if a malicious person can gain physical access to your PC or server. A routine job, helping a family member remove a malware infection, brings it home to Wesley just how easy it is to get a command prompt with SYSTEM access on any PC, and inspires him to give a warning about the consequences.

    Read the article

  • How Could My Website Be Hacked

    - by Kiewic
    Hi! I wonder how this could happen. Someone delete my index.php files from all my domains and puts his own index.php files with the next message: Hacked by Z4i0n - Fatal Error - 2009 [Fatal Error Group Br] Site desfigurado por Z4i0n Somos: Elemento_pcx - s4r4d0 - Z4i0n - Belive Gr33tz: W4n73d - M4v3rick - Observing - MLK - l3nd4 - Soul_Fly 2009 My domain has many subdomains, but only the subdomains that can be accessed with an specific user were hacked, the rest weren't affected. I assumed that someone entered through SSH, because some of these subdomains are empty and Google doesn't know about them. But I checked the access log using the last command, but this didn't show any activity through SSH or FTP the day of the attack neither seven days before. Does anybody has an idea? I already changed my passwords. What do you recommend me to do? UPDATE My website is hosted at Dreamhost. I suppose they have the latest patches installed. But, while I was looking how they entered to my server, I found weird things. In one of my subdomains, there were many scripts for execute commands on the server, upload files, send mass emails and display compromising information. These files had been created since last December!! I have deleted those files and I'm looking for more malicious files. Maybe the security hold is an old and forgotten PHP application. This application has a file upload form protected by a password system based on sessions. One of the malicious scripts was in the uploads directory. This doesn't seem like an SQL Injection attack. Thanks for your help.

    Read the article

  • Strange activity in My Pictures folder: Thumbnail doesn't match actual picture.

    - by Sam152
    After finding an amusing picture on a popular imageboard, I decided to save it. A few days past and I was browsing my images folder when I realised that the thumbnail generated by Windows XP in the thumbnails view did not match the actual image. Here is a comparison image: What's even stranger in this situation is that the parts of the photograph that are different have actually been replaced with what might be the correct background. Furthermore, it is a jpeg (no PNG transparency tricks) that is 343 kilobytes but only 847x847 pixels wide. What could be going on here? Could there be anything malicious in the works, or hidden data? Before anyone asks, I have checked and preformed the following: Deleted Thumbs.db to reload thumbnails. Opened image in different editors. (they appear with the text) Moved image to a different directory. Changed the extension to .rar. All these steps produce the same results. Pre actual posting update: It seems that opening the image in paint, changing the image entirely (deleting entire contents and making a red fill) will still generate the original thumbnail, even after deleting Thumbs.db etc. I'm also hesitant to post the original data, in case there is something malicious or hidden that could be potentially illegal. (Although it would be very beneficial to see if it works on other computers and not just my own).

    Read the article

  • Paranormal activity in My Pictures folder: Thumbnail doesn't match actual picture.

    - by Sam152
    After finding an amusing picture on a popular imageboard, I decided to save it. A few days past and I was browsing my images folder when I realised that the thumbnail generated by Windows XP in the thumbnails view did not match the actual image. Here is a comparison image: What's even stranger in this situation is that the parts of the photograph that are different have actually been replaced with what might be the correct background. Furthermore, it is a jpeg (no PNG transparency tricks) that is 343 kilobytes but only 847x847 pixels wide. What could be going on here? Could there be anything malicious in the works, or hidden data? Before anyone asks, I have checked and preformed the following: Deleted Thumbs.db to reload thumbnails. Opened image in different editors. (they appear with the text) Moved image to a different directory. Changed the extension to .rar. All these steps produce the same results. Pre actual posting update: It seems that opening the image in paint, changing the image entirely (deleting entire contents and making a red fill) will still generate the original thumbnail, even after deleting Thumbs.db etc. I'm also hesitant to post the original data, in case there is something malicious or hidden that could be potentially illegal. (Although it would be very beneficial to see if it works on other computers and not just my own).

    Read the article

  • Monitor programs accessing my keyboard?

    - by Anti Earth
    As of a few days ago, my computer is behaving 'erratically'. When I am typing, my pointer will randomly move to another place in the text and start typing a semi-random string of characters. ("gvyfn" is common; It has typed this about 8 times whilst I composed all the text above) It often highlights part of or all the text and overwrites it. It sometimes goes into loops of pressing Control-alt-delete down, bringing up Windows 7 menu thing. It sometimes even messes with mouseclicks; they have unexpected results, like requesting admin priveledges from applications, instead of switching to their window. I believe this is because it is holding a alt-function key down. This behaviour happens periodically, in waves. It might subside for an hour, then continue to haunt me. I believe it to be a virus or malicious program. My anti-virus (Symantec) and multiply MS rootkit removers could not find anything suspicious. I've noticed that sometimes it re-maps keys, and types gibberish when I press certain keys (though no pattern is evident). I believe a malicious program has installed a keyhook on my computer. I'm wondering... - Is there a way to let me view which programs are emulating keystrokes? - Is there a way to view what keyboard hooks are installed? (I'm also at liberty to try any other techniques to remove this blasted thing. It is easily the most fustrating computer problem I've encountered). Thanks!

    Read the article

  • Patching and PCI Compliance

    - by Joel Weise
    One of my friends and master of the security universe, Darren Moffat, pointed me to Dan Anderson's blog the other day.  Dan went to Toorcon which is a security conference where he went to a talk on security patching titled, "Stop Patching, for Stronger PCI Compliance".  I realize that often times speakers will use a headline grabbing title to create interest in their talk and this one certainly got my attention.  I did not go to the conference and did not see the presentation, so I can only go by what is in the Toorcon agenda summary and on Dan's blog, but the general statement to stop patching for stronger PCI compliance seems a bit misleading to me.  Clearly patching is important to all systems management and should be a part of any organization's security hygiene.  Further, PCI does require the patching of systems to maintain compliance.  So it's important to mention that organizations should not simply stop patching their systems; and I want to believe that was not the speakers intent. So let's look at PCI requirement 6: "Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor- provided security patches, which must be installed by the entities that manage the systems. All critical systems must have the most recently released, appropriate software patches to protect against exploitation and compromise of cardholder data by malicious individuals and malicious software." Notice the word "appropriate" in the requirement.  This is stated to give organizations some latitude and apply patches that make sense in their environment and that target the vulnerabilities in question.  Haven't we all seen a vulnerability scanner throw a false positive and flag some module and point to a recommended patch, only to realize that the module doesn't exist on our system?  Applying such a patch would obviously not be appropriate.  This does not mean an organization can ignore the fact they need to apply security patches.  It's pretty clear they must.  Of course, organizations have other options in terms of compliance when it comes to patching.  For example, they could remove a system from scope and make sure that system does not process or contain cardholder data.  [This may or may not be a significant undertaking.  I just wanted to point out that there are always options available.] PCI DSS requirement 6.1 also includes the following note: "Note: An organization may consider applying a risk-based approach to prioritize their patch installations. For example, by prioritizing critical infrastructure (for example, public-facing devices and systems, databases) higher than less-critical internal devices, to ensure high-priority systems and devices are addressed within one month, and addressing less critical devices and systems within three months." Notice there is no mention to stop patching one's systems.  And the note also states organization may apply a risk based approach. [A smart approach but also not mandated].  Such a risk based approach is not intended to remove the requirement to patch one's systems.  It is meant, as stated, to allow one to prioritize their patch installations.   So what does this mean to an organization that must comply with PCI DSS and maintain some sanity around their patch management and overall operational readiness?  I for one like to think that most organizations take a common sense and balanced approach to their business and security posture.  If patching is becoming an unbearable task, review why that is the case and possibly look for means to improve operational efficiencies; but also recognize that security is important to maintaining the availability and integrity of one's systems.  Likewise, whether we like it or not, the cyber-world we live in is getting more complex and threatening - and I dont think it's going to get better any time soon.

    Read the article

  • Where are the real risks in network security?

    - by Barry Brown
    Anytime a username/password authentication is used, the common wisdom is to protect the transport of that data using encryption (SSL, HTTPS, etc). But that leaves the end points potentially vulnerable. Realistically, which is at greater risk of intrusion? Transport layer: Compromised via wireless packet sniffing, malicious wiretapping, etc. Transport devices: Risks include ISPs and Internet backbone operators sniffing data. End-user device: Vulnerable to spyware, key loggers, shoulder surfing, and so forth. Remote server: Many uncontrollable vulnerabilities including malicious operators, break-ins resulting in stolen data, physically heisting servers, backups kept in insecure places, and much more. My gut reaction is that although the transport layer is relatively easy to protect via SSL, the risks in the other areas are much, much greater, especially at the end points. For example, at home my computer connects directly to my router; from there it goes straight to my ISPs routers and onto the Internet. I would estimate the risks at the transport level (both software and hardware) at low to non-existant. But what security does the server I'm connected to have? Have they been hacked into? Is the operator collecting usernames and passwords, knowing that most people use the same information at other websites? Likewise, has my computer been compromised by malware? Those seem like much greater risks. What do you think?

    Read the article

  • Simulating O_NOFOLLOW (2): Is this other approach safe?

    - by Daniel Trebbien
    As a follow-up question to this one, I thought of another approach which builds off of @caf's answer for the case where I want to append to file name and create it if it does not exist. Here is what I came up with: Create a temporary directory with mode 0700 in a system temporary directory on the same filesystem as file name. Create an empty, temporary, regular file (temp_name) in the temporary directory (only serves as placeholder). Open file name for reading only, just to create it if it does not exist. The OS may follow name if it is a symbolic link; I don't care at this point. Make a hard link to name at temp_name (overwriting the placeholder file). If the link call fails, then exit. (Maybe someone has come along and removed the file at name, who knows?) Use lstat on temp_name (now a hard link). If S_ISLNK(lst.st_mode), then exit. open temp_name for writing, append (O_WRONLY | O_APPEND). Write everything out. Close the file descriptor. unlink the hard link. Remove the temporary directory. (All of this, by the way, is for an open source project that I am working on. You can view the source of my implementation of this approach here.) Is this procedure safe against symbolic link attacks? For example, is it possible for a malicious process to ensure that the inode for name represents a regular file for the duration of the lstat check, then make the inode a symbolic link with the temp_name hard link now pointing to the new, symbolic link? I am assuming that a malicious process cannot affect temp_name.

    Read the article

  • Nginx Reverse proxy + SYN Flood

    - by Bradley
    We're running a nginx reverse proxy cluster, forwarding traffic to our main website, this enables us to filter out unwanted traffic/users etc, and send them off else where, now we have a few issues with SYN floods where the requests a second is overflowing the proxy + the main server causing them to become unavailable. Is there any ip tables magic that can A) Rate limit SYN packets / connections to HTTP B) Block it all together if packets a second is malicious or any advice how to use limit_rate_zone in nginx, I've googled and tried to apply a few new results and none of them work and the websites are still unavailable.

    Read the article

  • Redundant Connection Issue

    - by Adam
    I'm trying to set up a redundant connection for our web hosting servers. I have a BGP-capable router connecting two lines from two separate ISP's, one fiber (primary), one DSL (failover). I've already confirmed that I can push routes into the DSL ISP's system, so long as they aren't malicious. My question is, what do I need to do on the fiber side to make those IP's routable through the DSL? Is there something I'm missing?

    Read the article

  • Websites on Ubuntu 8.04 LTS with Plesk are infected with viruses

    - by Paddington
    I am running Plesk 9.5 on Ubuntu 8.04 LTS and have about 15 websites infected with some malicious code appended to the end of java files. I have installed Clamav and it has managed to pickup the infected files which have a pattern of starting with either /*km0ae9gr6m*/ or /*gootkitstart*/ and ending with /*qhk6sa6g1c*/ or /*gootkitend*/ My Plesk panel is up to date and security patches were installed. How can I isolate the security vulnerability on the server?

    Read the article

  • iptables intercept local traffic

    - by Anonymous
    i hope someone can help me out with somewhat simple task. I'm trying to redirect a client in my router through my desktop PC, so i can dump the traffic and analyze it (its potential source of poisoning the network with malicious packets). However i don't have a second NIC on my hands and i was hoping i can redirect all the traffic from that IP through my PC. In essence to become MITM for the client. Does anyone have any idea where to start: Current state: (localip)-(router)-(internet) And what i want to do: (localip)-(pc)-(router)-(internet)

    Read the article

  • Is there an application to check a site for infections?

    - by Chris
    A friend of mine says that a site I frequent was reported by his antivirus software to be infected with a trojan. I can't confirm this because I'm on a Mac, and he's running PC so nothing happens on my end. I'm wondering if there's a web site that I could use to check the site for infection or malicious script.

    Read the article

  • HTG Explains: Why You Shouldn’t Use a Task Killer On Android

    - by Chris Hoffman
    Some people think that task killers are important on Android. By closing apps running in the background, you’ll get improved performance and battery life – that’s the idea, anyway. In reality, task killers can reduce your performance and battery life. Task killers can force apps running in the background to quit, removing them from memory. Some task killers do this automatically. However, Android can intelligently manage processes on its own – it doesn’t need a task killer. How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

  • Open Different Types of New Google Documents Directly with These 7 New Chrome Apps

    - by Asian Angel
    Every time you want to open a new document of one kind or another in Google Drive you have to go through the whole ‘menu’ and ‘type selection’ process to do so. Now you can open the desired type directly from the New Tab Page using these terrific new Chrome apps from Google! The best part about this new set of apps is the ability to choose only the ones you want and/or need, then be able to start working on those new documents quickly without all the ‘selection’ hassle. How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

  • Leaks on Wikis: "Corporations...You're Next!" Oracle Desktop Virtualization Can Help.

    - by adam.hawley
    Between all the press coverage on the unauthorized release of 251,287 diplomatic documents and on previous extensive releases of classified documents on the events in Iraq and Afghanistan, one could be forgiven for thinking massive leaks are really an issue for governments, but it is not: It is an issue for corporations as well. In fact, corporations are apparently set to be the next big target for things like Wikileaks. Just the threat of such a release against one corporation recently caused the price of their stock to drop 3% after the leak organization claimed to have 5GB of information from inside the company, with the implication that it might be damaging or embarrassing information. At the moment of this blog anyway, we don't know yet if that is true or how they got the information but how did the diplomatic cable leak happen? For the diplomatic cables, according to press reports, a private in the military, with some appropriate level of security clearance (that is, he apparently had the correct level of security clearance to be accessing the information...he reportedly didn't "hack" his way through anything to get to the documents which might have raised some red flags...), is accused of accessing the material and copying it onto a writeable CD labeled "Lady Gaga" and walking out the door with it. Upload and... Done. In the same article, the accused is quoted as saying "Information should be free. It belongs in the public domain." Now think about all the confidential information in your company or non-profit... from credit card information, to phone records, to customer or donor lists, to corporate strategy documents, product cost information, etc, etc.... And then think about that last quote above from what was a very junior level person in the organization...still feeling comfortable with your ability to control all your information? So what can you do to guard against these types of breaches where there is no outsider (or even insider) intrusion to detect per se, but rather someone with malicious intent is physically walking out the door with data that they are otherwise allowed to access in their daily work? A major first step it to make it physically, logistically much harder to walk away with the information. If the user with malicious intent has no way to copy to removable or moble media (USB sticks, thumb drives, CDs, DVDs, memory cards, or even laptop disk drives) then, as a practical matter it is much more difficult to physically move the information outside the firewall. But how can you control access tightly and reliably and still keep your hundreds or even thousands of users productive in their daily job? Oracle Desktop Virtualization products can help.Oracle's comprehensive suite of desktop virtualization and access products allow your applications and, most importantly, the related data, to stay in the (highly secured) data center while still allowing secure access from just about anywhere your users need to be to be productive.  Users can securely access all the data they need to do their job, whether from work, from home, or on the road and in the field, but fully configurable policies set up centrally by privileged administrators allow you to control whether, for instance, they are allowed to print documents or use USB devices or other removable media.  Centrally set policies can also control not only whether they can download to removable devices, but also whether they can upload information (see StuxNet for why that is important...)In fact, by using Sun Ray Client desktop hardware, which does not contain any disk drives, or removable media drives, even theft of the desktop device itself would not make you vulnerable to data loss, unlike a laptop that can be stolen with hundreds of gigabytes of information on its disk drive.  And for extreme security situations, Sun Ray Clients even come standard with the ability to use fibre optic ethernet networking to each client to prevent the possibility of unauthorized monitoring of network traffic.But even without Sun Ray Client hardware, users can leverage Oracle's Secure Global Desktop software or the Oracle Virtual Desktop Client to securely access server-resident applications, desktop sessions, or full desktop virtual machines without persisting any application data on the desktop or laptop being used to access the information.  And, again, even in this context, the Oracle products allow you to control what gets uploaded, downloaded, or printed for example.Another benefit of Oracle's Desktop Virtualization and access products is the ability to rapidly and easily shut off user access centrally through administrative polices if, for example, an employee changes roles or leaves the company and should no longer have access to the information.Oracle's Desktop Virtualization suite of products can help reduce operating expense and increase user productivity, and those are good reasons alone to consider their use.  But the dynamics of today's world dictate that security is one of the top reasons for implementing a virtual desktop architecture in enterprises.For more information on these products, view the webpages on www.oracle.com and the Oracle Technology Network website.

    Read the article

  • The Beginner’s Guide To Tabbed Browsing

    - by Chris Hoffman
    Tabs allow you to open multiple web pages in a single browser window without cluttering your desktop. Mastering tabbed browsing can speed up your browsing experience and make multiple web pages easier to manage. Tabbed browsing was once the domain of geeks using alternative browsers, but every popular browser now supports tabbed browsing – even mobile browsers on smartphones and tablets. This article is intended for beginners. If you know someone that doesn’t fully understand tabbed browsing and how awesome it is, feel free to send it to them! How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

  • How to ‘Bounce’ Drops of Water on Top of a Pool of Water Indefinitely [Physics Video]

    - by Asian Angel
    Normally drops of water are automatically ‘absorbed’ into a larger pool of water when contact is made, but there is one way to stop those water drops from coalescing with the rest: vibration. This awesome video shows the process in action as drops of water remain on top of the pool of water and even form groups of drops! Drops on Drops on Drops Article [Physics Buzz Blog] Drops on Drops on Drops Video [YouTube] [via Neatorama] How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

  • What Is the Purpose of the “Do Not Cover This Hole” Hole on Hard Drives?

    - by Jason Fitzpatrick
    From tiny laptop hard drives to beefier desktop models, traditional disk-based hard drives have a very bold warning on them: DO NOT COVER THIS HOLE. What exactly is the hole and what terrible fate would befall you if you covered it? Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-drive grouping of Q&A web sites. How Hackers Can Disguise Malicious Programs With Fake File Extensions Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >