Search Results

Search found 417 results on 17 pages for 'malicious'.

Page 7/17 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • Security Alert for CVE-2011-5035 Updated

    - by Eric P. Maurice
    Hi, this is Eric Maurice again.  Oracle has just updated the Security Alert for CVE-2011-5035 to announce the availability of additional fixes for products that were affected by this vulnerability through their use of the WebLogic Server and Oracle Container for J2EE components.  As explained in a previous blog entry, a number of programming language implementations and web servers were found vulnerable to hash table collision attacks.  This vulnerability is typically remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password.  If successfully exploited, malicious attackers can use this vulnerability to create denial of service conditions against the targeted system. A complete list of affected products and their versions, as well as instructions on how to obtain the fixes, are listed on the Security Alert Advisory.  Oracle highly recommends that customers apply these fixes as soon as possible.

    Read the article

  • Googlebot requesting invalid url

    - by Rob Walker
    I have a web app which emails me exceptions automatically. This morning there was an error relating to a url: /Catalog/LiveCatalog?id=ylwpfqzts id is invalid (should be a guid) and caused an error parsing. Everything was handled correctly, and an error page is returned. But what was odd is that the user-agent reported itself as Googlebot and the IP is registered to Google. The URL would never have been generated by my web app but doesn't look particularly malicious. Anyone ever seen anything like this?

    Read the article

  • My site disappeared from Google search, how long does it take to get back?

    - by Sweb Dizajn
    Due to damage by malicious code, Google wrote: Google Analytics web property: link has been removed from http://swebdizajn.com November 29, 2011 Your Webmaster Tools http://swebdizajn.com site is no longer linked to a Google Analytics web property. Possible reasons are: You are no longer the owner of the site in Google Analytics, and nobody else owns both the site and the property Another site owner removed the link. After that I restored to backup and then accepted the Google message to tell them that all is well. How long will I have to wait for my site to return to the position where I was?

    Read the article

  • Drive By Download Issue

    - by mprototype
    I'm getting a drive by download issue reported on www.cottonsandwichquiltshop.com/catalog/index.php?manufacturers_id=19&sort=2a&filterid=61 reported from safeweb.norton.com when I scan the root url. I have dug through the entire site architecture, and code base and removed a few files that were malicious, i upgraded the site's framework and fixed the security holes (mostly sql injection concerns)..... However this one threat still exists and I can't locate it for the life of me, or find any valid research or information on removing this type of threat at the server level, mostly just a bunch of anti-virus software wanting to sell you on their ability to manage it on the client end. PLEASE HELP Thanks.

    Read the article

  • JavaScript malware analysis

    - by begueradj
    I want to test websites for JavaScript malware presence . I plan to develop a Python program that sends the URL of a given website to a virtual machine where the dynamic execution of the eventual malicious JavaScript embedded in the website's page is monitored. My questions: Should my VM be Windows or Linux ? What if the malware damages my VM: is there a hint how to avoid that ? Or launch a new VM automatically instead ? If I use telnet client library to communicate with the VM: must I implement a server within the VM to deal with my queries or can I overcome this ? I am jut looing for hints, general ideas. Thank you for any help.

    Read the article

  • Microsft Targets Graymail and New Patch Tuesday

    The first critical bulletin will patch a vulnerability contained within Windows and Internet Explorer. Microsoft said that if the vulnerability was exploited, it would give hackers an avenue to spread malicious code on a remote basis. The bug affects the Windows XP, Windows Vista, and Windows 7 operating systems, plus Internet Explorer versions 6, 7, and 8. The Windows Server 2003 and 2008 platforms have been identified to be affected by the bug as well. The second critical bulletin addresses a .NET and Silverlight bug that makes remote code execution possible. With the vulnerability in pl...

    Read the article

  • Windows 7 Safety Tips

    The introduction of Microsoft's Windows 7 operating system meant many new features for its users in the way of both functionality and security. With Windows 8 on the horizon, Microsoft customers can expect even more improvements, including integrated security features to help provide a solid barrier against malware and other malicious creations that have made their way into the tech landscape. The Windows 8 release is still not here, however, so many running Windows 7 will have to wait for such enhancements. That is no excuse for security lapses though, as there are many steps you can take...

    Read the article

  • log in to web-app through less secure website [on hold]

    - by martijnve
    We are worried about the security of our website containing the login-button to our saas-application. Security measures put in place for our application won't do us much good if the website is hacked. The login button could be redirected to some malicious copy of our app. The product website is maintained by people outside the dev team. Those people are not too knowledgable concerning security. We (dev-team) could mantain the website ourselves but that would be a large burden on our small team. How is this usually handled?

    Read the article

  • Limit WebClient DownloadFile maximum file size

    - by Jack Juiceson
    Hi everyone, In my asp .net project, my main page receives URL as a parameter I need to download internally and then process it. I know that I can use WebClient's DownloadFile method however I want to avoid malicious user from giving a url to a huge file, which will unnecessary traffic from my server. In order to avoid this, I'm looking for a solution to set maximum file size that DownloadFile will download. Thank you in advance, Jack

    Read the article

  • firefox extension security issue

    - by rep_movsd
    I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

    Read the article

  • Is it possible for double-escaping to cause harm to the DB?

    - by waiwai933
    If I accidentally double escape a string, can the DB be harmed? For the purposes of this question, let's say I'm not using parametrized queries For example, let's say I get the following input: bob's bike And I escape that: bob\'s bike But my code is horrible, and escapes it again: bob\\\'s bike Now, if I insert that into a DB, the value in the DB will be bob\'s bike Which, while is not what I want, won't harm the DB. Is it possible for any input that's double escaped to do something malicious to the DB assuming that I take all other necessary security precautions?

    Read the article

  • Black hat knowledge for white hat programmers

    - by Dinah
    There's always skepticism from non-programmers when honest developers learn the techniques of black hat hackers. Obviously though, we need to learn many of their tricks so we can keep our own security up to par. To what extent do you think an honest programmer needs to know the methods of malicious programmers?

    Read the article

  • iframe/script attack to website

    - by Ram
    I faced a website attack problem that some malicious javascript code added to all pages in my webiste. Recently I faced another problem that my website is attacked with the following "iframe" tag. iframe src="http://shopmovielife.cn:8080/index.php" width=127 height=167 style="visibility: hidden" Even if I remove this tag, the index file of website is updated on daily basis. What would be the reason for this behaviour? Please give me a solution to solve this.

    Read the article

  • HTML or Alternate markup for wiki site?

    - by at
    In choosing an editor for my wiki-like site, I'm debating whether to allow HTML or a custom alternate markup (maybe like wikipedia/wikimedia's or BBCode). HTML benefits: Easy for users to deal with (copying and pasting, learning) Somewhat future proof Many more editing tools available, usually WYSIWYG too Alternate markup benefits: On the server side I don't have to worry about parsing malicious javascript or styles or HTML that I don't allow Can be easy to learn Can be easier to decipher if not HTML-savvy Am I missing something, what's the best solution?

    Read the article

  • Copy all current system data content in memory

    - by Tom Brito
    I'm studying security, and I would like to know: in Windows or Unix based OS environment, is there a way for a malicious program to copy all the content of the computer's memory? My worry is about a program that can get my decrypted data loaded in memory. And how to avoid it.

    Read the article

  • how to verify google openid response

    - by Broom
    I'm trying to add authorization throw google openid to my users. I'm receiving id (https://www.google.com/accounts/o8/id?id=AIt...Ew-Bo) but how can i check that it's legit. I mean user can create malicious request with email of another user, how can i check that returning email and claimed id is legit?

    Read the article

  • ColdFusion Security

    - by Andrew
    What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?

    Read the article

  • Invoke Blue Screen of Death using Managed Code

    - by Matthew Ruston
    Just curious here: is it possible to invoke a Windows Blue Screen of Death using .net managed code under Windows XP/Vista? And if it is possible, what could the example code be? Just for the record, this is not for any malicious purpose, I am just wondering what kind of code it would take to actually kill the operating system as specified.

    Read the article

  • GCC how to block system calls within a program?

    - by CMPITG
    Does anyone tell me how to block system calls within a program, please? I am building a system which takes a piece of C source code, compiles it with gcc and runs it. For security reasons, I need to prevent the compiled program from calling system calls. Is there any way to do it, from the source code level (e.g. stripping the header files of gcc, detecting malicious external calls, ...) to the executable level?

    Read the article

  • How do I protect my website from javascript injection attacks when using rich text editors?

    - by VJ
    Hi all I am using the markitup editor to get the value for one of my fields and storing it a sql server 2008 db. Now I guess the problem is people having script tags and javascript in the editor and injecting malicious scripts and I have my validate input turned false. So can anyone suggest me a way to write a custom validation method that maybe checks for script tags and removes them...or just guide me through the steps i need to do ?...also are there other things also that I should be worried about..?

    Read the article

  • Is this a legitimate implementation of a 'remember me' function for my web app?

    - by user246114
    Hi, I'm trying to add a "remember me" feature to my web app to let a user stay logged in between browser restarts. I think I got the bulk of it. I'm using google app engine for the backend which lets me use java servlets. Here is some pseudo-code to demo: public class MyServlet { public void handleRequest() { if (getThreadLocalRequest().getSession().getAttribute("user") != null) { // User already has session running for them. } else { // No session, but check if they chose 'remember me' during // their initial login, if so we can have them 'auto log in' // now. Cookie[] cookies = getThreadLocalRequest().getCookies(); if (cookies.find("rememberMePlz").exists()) { // The value of this cookie is the cookie id, which is a // unique string that is in no way based upon the user's // name/email/id, and is hard to randomly generate. String cookieid = cookies.find("rememberMePlz").value(); // Get the user object associated with this cookie id from // the data store, would probably be a two-step process like: // // select * from cookies where cookieid = 'cookieid'; // select * from users where userid = 'userid fetched from above select'; User user = DataStore.getUserByCookieId(cookieid); if (user != null) { // Start session for them. getThreadLocalRequest().getSession() .setAttribute("user", user); } else { // Either couldn't find a matching cookie with the // supplied id, or maybe we expired the cookie on // our side or blocked it. } } } } } // On first login, if user wanted us to remember them, we'd generate // an instance of this object for them in the data store. We send the // cookieid value down to the client and they persist it on their side // in the "rememberMePlz" cookie. public class CookieLong { private String mCookieId; private String mUserId; private long mExpirationDate; } Alright, this all makes sense. The only frightening thing is what happens if someone finds out the value of the cookie? A malicious individual could set that cookie in their browser and access my site, and essentially be logged in as the user associated with it! On the same note, I guess this is why the cookie ids must be difficult to randomly generate, because a malicious user doesn't have to steal someone's cookie - they could just randomly assign cookie values and start logging in as whichever user happens to be associated with that cookie, if any, right? Scary stuff, I feel like I should at least include the username in the client cookie such that when it presents itself to the server, I won't auto-login unless the username+cookieid match in the DataStore. Any comments would be great, I'm new to this and trying to figure out a best practice. I'm not writing a site which contains any sensitive personal information, but I'd like to minimize any potential for abuse all the same, Thanks

    Read the article

  • preg_replace on xss code

    - by proyb2
    Can this code help to sanitize malicious code in user submit form? function rex($string) { $patterns = array(); $patterns[0] = '/=/i'; $patterns[1] = '/javascript:/i'; $replacements = array(); $replacements[0] = ''; $replacements[1] = ''; return preg_replace($patterns, $replacements, $string); I have included htmlentities() to prevent XSS on client side, is all the code shown is safe enough to prevent attack?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >