Search Results

Search found 271 results on 11 pages for 'exploit'.

Page 7/11 | < Previous Page | 3 4 5 6 7 8 9 10 11 | Next Page >

book about psychology of decision and psychology of human

- by boos

I'm a unix developer and i want to make career in project/people management as first step. I think sometimes is better to have good communication skill and in general more human skill to make career more fast. Almost in Italy, a lot of people made career development more fast for his human skill and not for his technical skill. Anyone have read some book about psychology to better manage how people and personality work and to exploit decision making situation in the right way? I have found some interesting book about people personality and psychology of decision, but i am in doubt about the usefulness about reading such book. anyone have some experience in this path ? Anyone have found useful to read similar book about how people work, to manage career development in a more fast way and handle people and decision in a more useful way? i have already read peopleware. The table of content of one of this book have: 1 - Judicment and decision 2 - Euristics and sistematics error 3 - Estimating probability and frequency prediction 4 - Risk and decision 5 - rappresentation and decision 6 - Memory, attention and decision. Etc. what do you think about ?

Read the article
Issue 15: Introducing David Callaghan

- by rituchhibber

DAVID'S VIEW INTRODUCING DAVID CALLAGHAN David Callaghan Senior Vice President, Oracle EMEA Alliances and Channels David Callaghan is the Senior Vice President, Alliances & Channels, for Oracle EMEA. He is responsible for all elements of the Oracle Partner Network across the region and leads Oracle as it continues to deliver customer success through the alignment of Oracle's applications and hardware engineered to work together. As I reflect on our last quarter, I thank all our partners for your continued commitment and expertise in embracing the unique opportunity we have before us. The ability to engage with hardware, applications and technology is a real differentiator. We have been able to engage with deep specialization in individual products for some time, which has brought tremendous benefits. But now we can strengthen this further with the broad stack specialization that Oracle on Oracle brings. Now is the time to make that count. While customers are finishing spending this year's budget and planning their spend for the next calendar year, it is now that we need to build the quality opportunities and pipeline for the rest of the year. We have OpenWorld just around the corner with its compelling new product announcements and environment to engage customers at all levels. Make sure you use this event, and every opportunity it brings. In the next quarter you can expect to see targeted 'value creation' campaigns driven by Oracle, and I encourage you to exploit these where they will have greatest impact. My team will be engaging closely with their Oracle sales colleagues to help them leverage the tremendous value you bring, and to develop their ability to work effectively and independently with you, our partners. My team and I are all relentlessly committed to achieving partner, and customer, satisfaction to demonstrate the value of the Passion for Partnering that we all share. With best regards David Back to the welcome page

Read the article
Phishing attack stuck with jsp loginAction.do page?

- by user970533

I'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy, but trust me, it's has been me more then 2 weeks and I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged, when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using the tamper data add-on on Firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - it's quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always points to the .do script instead of mine. Is there some kind of redirection in Tomcat? I like to know. I'm unable to exploit this attack vector? I need the community's help.

Read the article
What are the advantages of Maven when it comes to single man, educational projects

- by Leron

I've spend a few hours playing around with Maven + reading some stuff on the apache official site and also a few random googled articles. By this I mean that I really tried to find the answers myself - both by reading and by doing things on my own. Also maybe worth to mention that I installed the m2e plugin so most of the time I've tried things out from Eclipse and not using the command line too much. However aside from the generated project that for example prevent me from using the default package I didn't see that much of a difference with the standard way I've created my projects before try Maven. In fact I've almost decided to skip Maven for now and move on to the other technology I wanted to learn more in-depth - Hibernate, but when I start with opening the official page the first thing I've read was the recommendation to use Hibernate with Maven. That get me confused and made me taking a step back and trying once more to find what I'm obviously missing right now. As it's said in the maven.apache.. site, the true strength of Maven is shown when you work on large projects with other people, but I lack the option to see how Maven is really used in this scenario, still i think that there are maybe advantages even when it comes to working with small projects alone, but I really have difficulties to point them out. So what do you think are the advantages of Maven when it's used for small projects writing from a single person. What are the things that I should be aware of and try to exploit (I mean features offered by Maven) that can come in handy in this situations?

Read the article
Tessellating to a curve?

- by Avi

I'm creating a game engine, and I'm trying to define a 3D model format I want to use. I haven't come across a format that quite does what I want. My game engine assumes a shader model 5+ environment. By the time I'm finished with it, that won't be a very unreasonable requirement. Because it assumes such a modern environment, I'm going to try and exploit tessellation. The most popular way, it seems, to procedurally increase geometry through tessellation is to tessellate to a height map. This works for a lot of things, but has limitations in that height maps still use up VRAM and also only have finite scalability. So I want to be able to use curves to define what a mesh should tessellate to. The thing is, I have no idea what definition of curves I should use, how I should store it, and how I should tessellate to it. Do I use NURBS curves? Bezier? Hermite? And once I figure that out, is there an algorithm to determine how the tessellation shader should produce and move vertices to match the curve as closely as possible? Is the infinite scalability and lower memory usage when compared to height maps worth the added computational complexity? I'm sorry I'm kind if ignorant as to these matters. I just don't know where to start.

Read the article
Security Alert For CVE-2010-4476 Released

- by eric.maurice

Hello, this is Eric Maurice again. Oracle just released a Security Alert with a fix for the vulnerability CVE-2010-4476, which affects Oracle Java SE and Oracle Java For Business. This vulnerability is present in Java running on servers as well as standalone Java desktop applications. Its successful exploitation by a malicious attacker can result in a complete denial of service for the affected servers. While only recently publicly disclosed, a number of Internet sites have since then reproduced details about this vulnerability, including exploit codes, which may result in allowing a malicious attacker to create a denial of service condition against the targeted system. Oracle therefore strongly recommends that affected organizations apply this fix as soon as possible. Please note that a fix for this vulnerability will also be included in the upcoming Java Critical Patch Update (Java SE and Java for Business Critical Patch Update - February 2011), which will be released on February 15th 2011. Note that the impact of this vulnerability on desktops is minimal: the affected applications or applets running in Internet browsers for example, might stop responding and may need to be restarted; however the desktop itself will not be compromised (i.e. no compromise at the desktop OS level). Oracle therefore recommends that consumers use the Java auto-update mechanism to get this fix. This will prompt them to install the latest version of the Java Runtime Environment 6 update 24 or higher (JRE), which includes the fix for this vulnerability. JRE 6 update 24 will also be distributed with the Java SE and Java for Business Critical Patch Update - February 2011. For More Information: The Critical Patch Updates and Security Alerts page is located at http://www.oracle.com/technetwork/topics/security/alerts-086861.html The Advisory for Security Alert CVE-2010-4476 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html More information on Oracle Software Security Assurance is located at http://www.oracle.com/us/support/assurance/index.html Consumers can go to http://www.java.com/en/download/installed.jsp to ensure that they have the latest version of Java running on their desktops. More information on Java Update is available at http://www.java.com/en/download/help/java_update.xml

Read the article
Performance of concurrent software on multicore processors

- by Giorgio

Recently I have often read that, since the trend is to build processors with multiple cores, it will be increasingly important to have programming languages that support concurrent programming in order to better exploit the parallelism offered by these processors. In this respect, certain programming paradigms or models are considered well-suited for writing robust concurrent software: Functional programming languages, e.g. Haskell, Scala, etc. The actor model: Erlang, but also available for Scala / Java (Akka), C++ (Theron, Casablanca, ...), and other programming languages. My questions: What is the state of the art regarding the development of concurrent applications (e.g. using multi-threading) using the above languages / models? Is this area still being explored or are there well-established practices already? Will it be more complex to program applications with a higher level of concurrency, or is it just a matter of learning new paradigms and practices? How does the performance of highly concurrent software compare to the performance of more traditional software when executed on multiple core processors? For example, has anyone implemented a desktop application using C++ / Theron, or Java / Akka? Was there a boost in performance on a multiple core processor due to higher parallelism?

Read the article
Any ideas about how to make Programming Techniques Class more interesting.

- by Eedoh

Hello. I already found similar question here on SO, but almost all the answers were more philosophical, then practical. I'd like You to share some of Your PRACTICAL ideas about how to make my course more interesting. It doesn't matter how much effort it takes from me. I even thought about trying to motivate them to pick some topic in the beginning of the course and to work on it as some kind of real, small, startup project that they could maybe financially exploit once it's finished. But I'm afraid that most of them will not get the project to the end, and that it could be boring to them working on one thing all year long. Also I thought about involving them in Torcs, but I'm afraid most of them wouldn't be up to the task. Btw, Torcs is Car Racing Simulation, but there's an API for developers so they can develop their own AI for the driver, and then race their cars against the other programmer's AI's. I'm not asking here for problem examples, as I asked a separate question about that. I need ideas about making my lectures more interesting and fun.

Read the article
FREE goodies if you are a UK based software house already live on the Windows Azure Platform

- by Eric Nelson

In the UK we have seen some fantastic take up around the Windows Azure Platform and we have lined up some great stuff in 2011 to help companies fully exploit the Cloud – but we need you to tell us what you are up to! Once you tell us about your plans around Windows Azure, you will get access to FREE benefits including email based developer support and free monthly allowance of Windows Azure, SQL Azure and AppFabric from Jan 2011 – and more! (This offer is referred to as Cloud Essentials and is explained here) And… we will be able to plan the right amount of activity to continue to help early adopters through 2011. Step 1: Sign up your company to Microsoft Platform Ready (you will need a windows live id to do this) Step 2: Add your applications For each application, state your intention around Windows Azure (and SQL etc if you so wish) Step 3: Verify your application works on the Windows Azure Platform Step 4 (Optional): Test your application works on the Windows Azure Platform Download the FREE test tool. Test your application with it and upload the successful results. Step 5: Revisit the MPR site in early January to get details of Cloud Essentials and other benefits P.S. You might want some background on the “fantastic take up” bit: We helped over 3000 UK companies deploy test applications during the beta phase of Windows Azure We directly trained over 1000 UK developers during 2010 We already have over 100 UK applications profiled on the Microsoft Platform Ready site And in a recent survey of UK ISVs you all look pretty excited around Cloud – 42% already offer their solution on the Cloud or plan to.

Read the article
Website Design; SEO Dilemma

- by lemonpole

Okay so I designed a website for a restaurant and the design is aimed mostly to entice the viewer by using images of the restaurant's platters and foods. Not to say that text is totally non-existent but the design makes it hard to have enough keywords. Most keywords are found in the ALT attribute of image tags and a couple of headers. The reason as to why I am in this dilemma? I'm still new to web development and at the time I made the design, I didn't really know much about SEO. So I come here in search of help because I have an idea... Would it be good practice to have hidden SPAN blocks that would help me fill with keywords? For example a hidden SPAN would have text in bold to help with SEO. Of course, I will play it safe and not exploit this technique if it works. I have searched that this may be considered spamming by search engines and some companies are taking measures to prevent this. Thanks in advance!

Read the article
Quadcopters Play Catch [Video]

- by Jason Fitzpatrick

Working like a group of hive-minded bees, these quadcopters come off as almost playful with their ball throwing antics. Courtesy of the folks at the Swiss Federal Institute of Technology in Zurich’s Institute for Dynamic Systems and Control, we’re treated to a video of three quadcopters playing catch in the research facility’s Flying Machine Area. They explain the processes demonstrated in the video: This video shows three quadrocopters cooperatively tossing and catching a ball with the aid of an elastic net. To toss the ball, the quadrocopters accelerate rapidly outward to stretch the net tight between them and launch the ball up. Notice in the video that the quadrocopters are then pulled forcefully inward by the tension in the elastic net, and must rapidly stabilize in order to avoid a collision. Once recovered, the quadrotors cooperatively position the net below the ball in order to catch it. Because they are coupled to each other by the net, the quadrocopters experience complex forces that push the vehicles to the limits of their dynamic capabilities. To exploit the full potential of the vehicles under these circumstances requires several novel algorithms, including: HTG Explains: How Antivirus Software Works HTG Explains: Why Deleted Files Can Be Recovered and How You Can Prevent It HTG Explains: What Are the Sys Rq, Scroll Lock, and Pause/Break Keys on My Keyboard?

Read the article
What to do if you find a vulnerability in a competitor's site?

- by user17610

While working on a project for my company, I needed to build functionality that allows users to import/export data to/from our competitor's site. While doing this, I discovered a very serious security exploit that could, in short, perform any script on the competitor's website. My natural feeling is to report the issue to them in the spirit of good-will. Exploiting the issue to gain advantage crossed my mind, but I don't want to go down that path. So my question is, would you report a serious vulnerability to your direct competition, in order to help them? Or would you keep your mouth shut? Is there a better way of going about this, perhaps to gain at least some advantage from the fact that I'm helping them by reporting the issue? Update (Clarification): Thanks for all your feedback so far, I appreciate it. Would your answers change if I were to add that the competition in question is a behemoth in the market (hundreds of employees in several continents), and my company only started a few weeks ago (three employees)? It goes without saying, they most definitely will not remember us, and if anything, only realize that their site needs work (which is why we entered this market in the first place). I confess this is one of those moral vs. business toss-ups, but I appreciate all the advice.

Read the article
what to learn & practice to be a programmer (not for Job) [closed]

- by Hanan N.

I want to be able to write programs (tools) for my own needs, and I want to tell the computer what to do, not to be strict to what other's told it to do. I have a good knowledge of Linux & Windows, I am also have a bit of Python in my head, but I think that I need some guidance on what languages or practices to invest my time into in order to be able to tell the computer what to do. I know there is a lot of posts similar to what I am asking here, but there is a big difference and so I have opened this thread. My goal isn't to work at a company, so I don't need to learn how to work as a team, I don't need to learn as much how to maintain my code nor how to write it nice for others to understand (I know it is important but not for me). I don't want to learn it as a profession, but as a serious hobby (you can call it hacking as long as you know what cracking means), my end goal is to be able to understand other's people code, and to write my own code with a lot of deep knowledge of the ins and outs of the computer system in order to gain from it as much as I can. So in essence my questions are: How can I understand, in depth, computers, in order to exploit them as much as I can? What should I learn? Are there any books that I should read? Is it possible to do this, or do I have to learn every aspect of programming?

Read the article
Phishing attack stuck with jsp loginAction.do page? [closed]

- by user970533

I 'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy but trust me its has been me more then 2 weeks I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using tamper data add on on firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - its quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always point to the .do script instead of mine. Is there some kind of redirection in tomcat configuration. I like to know. I'm unable to exploit this attack vector? I need the community help

Read the article
Desktop Application Development with Javascript, Python / Ruby

- by Chris

Hello, Besides using Appcelerator's Titanium Desktop, are there other approaches to integrating Javascript and Ruby/Python into cross-platform desktop applications? Just trying to get a sense of the landscape here. From searching the web, it seems Titanium may be leading the charge in terms of this type of integration. I wasn't able to find references that suggest you can do something similar in Adobe AIR. I am interested in building desktop applications that exploit Protovis and possibly other Javascript interactive vis packages for the UI. At the end of the day, I can go the web app route if need be, but being able to develop desktop apps is helpful. Would appreciate your perspective on this... Chris

Read the article
Security flaw in this code approach

- by Alec Smart

Hello, Am wondering if there would be any security flaw in this approach. I am writing a piece of code which allows users to upload files and another set to download those files. These files can be anything. User uploads the file (any file including .php files), it is renamed to an md5 hash (extension removed) and stored on server. A corresponding mySQL entry is made. The user trying to download the file, uses say download.php to download the file where the md5 file is sent (with the original name). Is there someway in which anyone can exploit the above scenario?

Read the article
Why can't we have a single programming Language ? [closed]

- by Kiran

I am no expert in Programming Languages. But whenever I change the project, I am faced with Herculean challenge of learning the new programming language which takes weeks to master if not months.. With the previous experience of programming in different languages, I believe it takes few months of continuous programming to understand the amazing features the prog.language has to offer and to exploit. It makes me wonder, why cannot we have a single programming language which boasts all the amazing features from the existing programming language and make it mandatory for all the programmers to learn it.

Read the article
Current state of client-side XSLT

- by Casey

Last I heard, Blizzard was one of the few companies to put client-side XSLT into practice (2008). Is this still the case in 2011, or are more people now exploring this technique in production? It seems that modern browsers (IE9, FF4, Chrome) and client processing power are primed to exploit this standard for tangible savings in server CPU power and bandwidth on large scale properties. Am I missing something? The negative aspects I'm aware of include * additional rendering time * additional assets required on uncached page load * additional layer of complexity * noticably less developer experience than server-side template techniques The benefits I perceive include * distributed template composition (offloaded on the client) * caching of common template fragments offloaded on the client * logical separation of document structure and data * well-documented web standard supported by all modern browsers Finally, although I know it's impossible to predict the future, I am curious to know opinions on whether or not client-side XSLT's day will come. With interest in HTML5 driving users to upgrade their browsers and developers to explore new techniques, I would say yes. How about you? Thanks in advance, Casey

Read the article
extracting secrets from an embedded chip

- by Will

I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out - all access to this flash is policed by program code. All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-on-a-chip. How might an attacker recover the secrets in that Flash? I understand they can fuzz for vulnerabilities in the app code and exploit it, that there could be some indistinct general side channel attack or something. But how would an attacker really go about trying to recover those keys? Are there viable approaches for a determined attacker to somehow shave-down the chip or some kind of microscope attack?

Read the article
Does using web services to expose a .NET DAL add security?

- by Jonno

Currently my employer deploys a web application over 3 servers. DB - No public route Web Service DAL - No public route Web Server - Public route The reason for this is the theory that if the web server is compromised, they don't arrive at the DB directly, but instead arrive at the DAL box. To my mind, as the DAL box and Web Sever box - both run windows/IIS - if the public box has been compromised, the same exploit would likely work on the DAL box - therefore I do not see this as a real security benefit. I would like to propose we remove the middle machine and allow the web server to connect directly to the database. Is this middle box really a benefit?

Read the article
phonegap crossplatform redirection to local file

- by Marco Gagliardi

Hi I'm developing a phonegap + JQueryMobile app, which should be correctly executed on Android, iOs and WindowsPhone as well. I need to exploit an external service wich requires one callback url to redirect the app to in case of success, and one in case of error (pretty common situation. In my case both will be local files, say www/success.html and www/error.html). Of course I could write different paths for each device (e.g. file:///android_asset/www/success.html on Android), but i'm wondering if the framework provide a more simple elegant solution. So the questions is, how can i get a unique absolute URL wich allows me to perform a cross-platform HTTP redirection from a remote web page to a local file within a phonegap application? Thanks

Read the article
Thread Local Memory for Scratch Memory.

- by Hassan Syed

I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ?

Read the article
Testing for security vulnerabilities on web applications

- by Moak

A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an update would break the site. Are there sites that document these exploits, and instruct how to test for them? Or does this information not even get published? (in order not to have people try to exploit them) Also is there a generic php/js based check list to prevent hack attempts? I know about SQL injections and XSS, but I'm sure that there are more threats out there. Peace

Read the article
Can pydoc/help hide the documentation for inherited class methods and attributes?

- by EOL

When declaring a class that inherits from a specific class: class C(dict): added_attribute = 0 the documentation for C lists all the methods of dict (either through help(C) or pydoc). Is there a way to hide the inherited methods from the automatically generated documentation (the documentation string can refer to the base class, for non-overwritten methods)? This would be useful: pydoc lists the functions defined in a module after its classes. Thus, when the classes have a very long documentation, a lot of less than useful information is printed before the new functions provided by the module are presented, which makes the documentation harder to exploit (you have to skip all the documentation for the inherited methods until you reach something specific to the module being documented).

Read the article
Powershell equivilent of python's if __name__ == '__main__':

- by Mark Mascolino

I am really fond of python's capability to do things like this: if __name__ == '__main__': #setup testing code here #or setup a call a function with parameters and human format the output #etc... This is nice because I can treat a Python script file as something that can be called from the command line but it remains available for me to import its functions and classes into a separate python script file easily without triggering the default "run from the command line behavior". Does Powershell have a similar facility that I could exploit? And if it doesn't how should I be organizing my library of function files so that i can easily execute some of them while I am developing them?

Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 | Next Page >