Search Results

Search found 3370 results on 135 pages for 'attack vector'.

Page 84/135 | < Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91 | Next Page >

lots of dns requests from China, should I worry?

- by nn4l

I have turned on dns query logs, and when running "tail -f /var/log/syslog" I see that I get hundreds of identical requests from a single ip address: Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#10856: query: mydomain.de IN ANY + Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#44334: query: mydomain.de IN ANY + Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#15268: query: mydomain.de IN ANY + Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#59597: query: mydomain.de IN ANY + The frequency is about 5 - 10 requests per second, going on for about a minute. After that the same effect repeats from a different IP address. I have now logged about 10000 requests from about 25 ip addresses within just a couple of hours, all of them come from China according to "whois [ipaddr]". What is going on here? Is my name server under attack? Can I do something about this?

Read the article
What exactly can shaders be used for?

- by Bane

I'm not really a 3D person, and I've only used shaders a little in some Three.js examples, and so far I've got an impression that they are only being used for the graphical part of the equation. Although, the (quite cryptic) Wikipedia article and some other sources lead me to believe that they can be used for more than just graphical effects, ie, to program the GPU (Wikipedia). So, the GPU is still a processor, right? With a larger and a different instruction set for easier and faster vector manipulation, but still a processor. Can I use shaders to make regular programs (provided I've got access to the video memory, which is probable)? Edit: regular programs == "Applications", ie create windows/console programs, or at least have some way of drawing things on the screen, maybe even taking user input.

Read the article
The Oracle Platform

- by Naresh Persaud

Today’s enterprises typically create identity management infrastructures using ad-hoc, multiple point solutions. Relying on point solutions introduces complexity and high cost of ownership leading many organizations to rethink this approach. In a recent worldwide study of 160 companies conducted by Aberdeen Research, there was a discernible shift in this trend as businesses are now looking to move away from the point solution approach from multiple vendors and adopt an integrated platform approach. By deploying a comprehensive identity and access management strategy using a single platform, companies are saving as much as 48% in IT costs, while reducing audit deficiencies by nearly 35%. According to Aberdeen's research, choosing an integrated suite or “platform” of solutions for Identity Management from a single vendor can have many advantages over choosing “point solutions” from multiple vendors. The Oracle Identity Management Platform is uniquely designed to offer several compelling benefits to our customers. Shared Services: Instead of separate solutions for - Administration, Authentication, Authorization, Audit and so on– Oracle Identity Management offers a set of share services that allows these services to be consumed by each component in the stack and by developers of new applications Actionable Intelligence: The most compelling benefit of the Oracle platform is ” Actionable intelligence” which means if there is a compliance violation, the same platform can fix it. And If a user is logging in from an un-trusted device or we detect an attack and act proactively on that information. Suite Interoperability: With the oracle platform the components all connect and integrated with each other. So if an organization purchase the platform for provisioning and wants to manage access, then the same platform can offer access management which leads to cost savings. Extensible and Configurable: With point solutions – you typically get limited ability to extend the tool to address custom requirements. But with the Oracle platform all of the components have a common way to extend the UI and behavior Find out more about the Oracle Platform approach in this presentation. Platform approach-series-the oracleplatform-final View more PowerPoint from OracleIDM

Read the article
Fake links cause crawl error in Google Webmaster Tools

- by Itai

Google reported Crawl Errors last week on my largest site though Webmaster Tools. Here is the message: Google detected a significant increase in the number of URLs that return a 404 (Page Not Found) error. Investigating these errors and fixing them where appropriate ensures that Google can successfully crawl your site's pages. The Crawl Errors list is now full of hundreds of fake links like these causing 16,519 errors so far: Note that my site does not even have a search.html and is not related to any of the terms shown in the above image. Inspecting sources for one of those links, I can see this is not simply an isolated source but a concerted effort: Each of the links has a few to a dozen sources all from different, seemingly unrelated sites. It is completely baffling as to why would someone to spending effort doing this. What are they hoping to achieve? Is this an attack? Most importantly: Does this have a negative effect on my side? Could it negatively impact my ranking? If so, what to do about it? The few linking pages I looked at are full of thousands of links to tons of sites and have no contact information and do not seem like the kind of people who would simply stop if asked nicely! According to Google Webmaster Tools, these errors have appeared in a span of 11 days. No crawl errors were being reported previously.

Read the article
PDF Encrypted, Hidden Watermark

- by Dave Jarvis

Background Using LaTeX to write a book. When a user purchases the book, the PDF will be generated automatically. Problem The PDF should have a watermark that includes the person's name and contact information. Question What software meets the following criteria: Applies encrypted, undetectable watermarks to a PDF Open Source Platform independent (Linux, Windows) Fast (marks a 200 page PDF in under 1 second) Batch processing (exclusively command-line driven) Collusion-attack resistant Non-fragile (e.g., PDF - EPS - PDF still contains the watermark) Well documented (shows example usages) Ideas & Resources Some thoughts and findings: Natural language processing (NLP) watermarks. Apply steganography on a randomly selected image. http://openstego.sourceforge.net/cmdline.html The problem with NLP is that grammatical errors can be introduced. The problem with steganography is that the images are sourced from an image cache, and so recreating that cache with watermarked images will impart a delay when generating the PDF (I could just delete one image from the cache, but that's not an elegant solution). Thank you!

Read the article
Why are 3D game scenarios so big? and.. are them shareable? [closed]

- by Néstor Sánchez A.

First, I apologize if this is not the forum for these type of questions. I was wondering... 1- Why 3D games (such as GTA IV) uses so much gigabytes of space? And my half-answar was... because of their huge 3D scenarios. But wait! are not these scenarios made with vector graphics and textures? then.. why are so big??? 2- If they are so big... would really these companies make a whole new scenario for every new game they develop? that would be very inefficient. Doesn't exist "shareable" scenarios that can be used in different games and expanded to no rebuild a whole one (like "New York" or "Liberty City")???. I mean.. the scenarios is almost the same in terms of vertices, just with improved textures.

Read the article
SFML: Monster following player on a straight line

- by user3504658

I've searched for this and found a few topics , usually they used a function normalize and using simple vector subtracting which is ok , but how should I do it in sfml ? Instead of using: Movement = p.position() - m.position(); p is the player and m is the monster I used something like this to move on a straight line: sf::Vector2f Tail(0,0); if((mPlayer.getPosition().y - mMonster.GetInstance().getPosition().y) >= (mPlayer.getPosition().x - mMonster.GetInstance().getPosition().x)){ //sf::Vector2f Tail(0,0); Tail.x = mPlayer.getPosition().x - mMonster.GetInstance().getPosition().x; } else if((mPlayer.getPosition().y - mMonster.GetInstance().getPosition().y) <= (mPlayer.getPosition().x - mMonster.GetInstance().getPosition().x)){ //sf::Vector2f Tail(0,0); Tail.y = mPlayer.getPosition().y - mMonster.GetInstance().getPosition().y; } if(!MonsterCollosion()) mMonster.Move(Tail * (TimePerFrame.asSeconds() * 1/2 ) ); It works ok if the the height = the width for the game window, although I think it's not the best looking game when it comes to a moving monster, since it starts fast and then it gets slower so what do you guys advise me to do ?

Read the article
The Bing Sting - an alternative opinion

- by Charles Young

I know I'm a bit of an MS fanboy at times, but please, am I missing something here? Microsoft, with permission of users, exploits clickstream data gathered by observing user behaviour. One use for this data is to improve Bing queries. Google equips twenty of its engineers with laptops and installs the widgets required to provide Microsoft with clickstream data. It then gets their engineers to repeatedly (I assume) type in 'synthetic' queries which bring back 'doctored' hits. It asks its engineers to then click these results (think about this!). So, the behaviour of the engineers is observed and the resulting clickstream data goes off to Microsoft. It is processed and 'improves' Bing results accordingly. What exactly did Microsoft do wrong here? Google's so-called 'Bing sting' is clearly a very effective attack from a propaganda perspective, but is poor practice from a company that claims to do no evil. Generating and sending clickstream data deliberately so that you can then subsequently claim that your competitor 'copied' that data from you is neither fair nor reasonable, and suggests to me a degree of desperation in the face of real competition. Monopolies are undesirable, whether they are Microsoft monopolies or Google monopolies. Personally, I'm glad Microsoft has technology in place to observe user behaviour (with permission, of course) and improve their search results using such data. I can only assume Google doesn't implement similar capabilities. Sounds to me as if, at least in this respect, Microsoft may offer the better technology.

Read the article
The Most Important Person Is the One that Keeps Your PC Running [Comic]

- by The Geek

Fixing people’s computers usually makes them appreciate you more, though this might be a little too far. Latest Features How-To Geek ETC How To Create Your Own Custom ASCII Art from Any Image How To Process Camera Raw Without Paying for Adobe Photoshop How Do You Block Annoying Text Message (SMS) Spam? How to Use and Master the Notoriously Difficult Pen Tool in Photoshop HTG Explains: What Are the Differences Between All Those Audio Formats? How To Use Layer Masks and Vector Masks to Remove Complex Backgrounds in Photoshop Bring Summer Back to Your Desktop with the LandscapeTheme for Chrome and Iron The Prospector – Home Dash Extension Creates a Whole New Browsing Experience in Firefox KinEmote Links Kinect to Windows Why Nobody Reads Web Site Privacy Policies [Infographic] Asian Temple in the Snow Wallpaper 10 Weird Gaming Records from the Guinness Book

Read the article
Clean MVC design when there is viewer latency

- by Tony Suffolk 66

It isn't clear if this question has already been answered, so apologies in advance if this is a duplicate : I am implementing a game and trying to design around a clean MVC pattern - so my Control plane will implement the rules of the game (but not how the game is displayed), and the View plane implements how the game is displayed, and user iteraction - i.e. what game items or controls the user has activated. The challenge that I have is this : In my game the Control Plane can move game items more or less instaneously (The decision about what item to place where - and some of the initial consequences of that placement are reasonably trivial to calculate), but I want to design the Control Plane so that the View plane can display these movements either instaneously or using movement animations. The other complication is that player interaction must be locked out while those game items are moving (similar to chess - you can't attack an opposing piece as it moves past one of your pieces) So do I : Implement all the logic in the Control Plane asynchronously - and separate the descision making from the actions - so the Control plane decides piece 'A' needs to move to a given place - tells the view plane, and but does not implement the move in data until the view plane informs the control plane that the move/animation is complete. A lot of interlock points between the two layers. Implement all the control plane logic in one place - decisions and movement (keeping track of what moved where), and pass all the movements in one go to the View plane to do with what it will. Control Plane is almost fire and forget here. A hybrid of 1 & 2 - The control plane implements all the moves in a temporary data store - but maintains a second store which reflects what is actually visible to the viewer, based on calls and feedback from the View plane. All 3 are relatively easy to implement (target language is python), but having never done a clean MVC pattern with view latency before - I am not sure which design is best

Read the article
bind: blackhole for invalid recursive queries?

- by Udo G

I have a name server that's publicly accessible since it is the authoritative name server for a couple of domains. Currently the server is flooded with faked type ANY requests for isc.org, ripe.net and similar (that's a known distributed DoS attack). The server runs BIND and has allow-recursion set to my LAN so that these requests are rejected. In such cases the server responds just with authority and additional sections referring the root servers. Can I configure BIND so that it completely ignores these requests, without sending a response at all?

Read the article
How can I get a virus by just visiting a website?

- by Janet Jacobs

It is common knowledge that you can get a virus just by visiting a website. But how is this possible? Do these viruses attack Windows, Mac and Linux users, or are Mac/Linux users immune? I understand that I obviously can get a virus by downloading and executing a .exe in Windows but how can I get a virus just by accessing a website? Are the viruses programmed in JavaScript? (It would make sense since it is a programming language that runs locally.) If so, what JavaScript functions are the ones commonly used?

Read the article
Concerns about a Dedicated (Windows Server 2008) + DDoS

- by TheKillerDev

I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

Read the article
How do I make a Windows virtual machine replicate to another datacenter/cloud?

- by zippy

We have a Windows 2008 VM running IIS and SQL Server Express (it's an all-in-one web application). We need to have another copy at our secondary datacenter site. What is the best way to do this? It doesn't have to be running all the time but it has to have almost the latest copy of the current VM. I took a look at VMWare Fault Tolerance and after the heart attack at the price I starting looking for another solution. If need be I wouldn't mind copying it over to a cloud VM provider, if I can find one that lets me copy my own VMs up and start them up without any conversion process.

Read the article
Does Firefox Phishing Protection / Safebrowsing have any privacy implications?

- by Nowo

The current google results are outdated. What is the current status? I was on www.mozilla.org/en-US/legal/privacy/firefox.html and saw "Protection Against Suspected Forgery and Attack Sites Features". Can you translate please more to human speak? First they download a list and compare local... Ok... Here it gets messy "If there is a match, Firefox will check with its third party provider to ensure that the website is still on the blacklist. The information sent between Firefox and its third party provider(s) are hashed URLs. In fact, multiple hashed URLs are sent with the real hash so that the third party provider(s) will not know what site you are visiting." - If that hash were send to mozilla, they would knew which site were accessed? "In order to safeguard your privacy, Firefox will not transmit the complete URL of web pages that you visit to anyone other than Mozilla and its service providers." - In other words, Mozilla and its service providers get all complete URLs (of sites, which were in blacklist)? "While it is possible that a third party service provider may determine the actual URL from the hashed URL sent, Mozilla’s policy is to require [...]" - Privacy is depends on policy rather than technology?

Read the article
Multiplayer online game engine/pipeline

- by Slav

I am implementing online multiplayer game where client must be written in AS3 (Flash) to embed game into browser and server in C++ (abstract part of which is already written and used with other games). Networking models may differ from each other, but currently I'm looking toward game's logic run on both client and server parts but they're written on different languages while it's not the main problem. My previous game (pretty big one - was implemented with efforts of ~5 programmers in 1.5 years) was mainly "written" within electronic tables as structured objects with implemented inheritance: was written standalone tool which generated AS3 and C++ (languages of platforms to which the game was published) using specified electronic tables file (.xls or .ods). That file contained ~50 tables with ~50 rows and ~50 columns each and was mainly written by game designers which do not know any programming languages. But that game was single-player. Having declared problem with my currently implementing MMO, I'm looking toward some vast pipeline, where will be resolved such problems like: game objects descriptions (which starships exist within game, how much HP they have, how fast move, what damage deal...) actions descriptions (what players or NPCs can do: attack each other, collect resources, build structures, move, teleport, cast spells) - actions are transmitted through server between clients influences (what happens when specified action applied on specified object, e.i "Ship A attacked Ship B: field "HP" of Ship B reduced by amount of field "damage" of Ship A" Influences can be much more difficult, yes, e.i. "damage is twice it's size when Ship has =5 allies around him in a 200 units range during night" and so on. If to be able to write such logic within some "design document" it will be easily possible to: let designers to do their job without programmer's intervention or any bug-prone programming validate described logic transfer (transform, convert) to any programming language where it will be executed Did somebody worked on something like that? Is there some tools/engines/pipelines which concernes with it? How to handle all of this problems simultaneously in a best way or do I properly imagine my tasks and problems to myself?

Read the article
How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?

- by Andy

I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them. I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU Regards --Edit-- With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve

Read the article
What would be the best way to correlate logs and events on several hosts?

- by user220746

I'm trying to build a log correlation system on multiple hosts. SEC seems interesting but I don't know if it will cover my needs. How could I correlate system events, logs, network events, etc. on multiple hosts at the same time, in real time? Examples: If 5 failed logins happened on host A the last minute and if firewall B has denied lots of access on differents ports on A, then we assume there is a potential attack in progress on A. If the Apache service on host A didn't receive any request for the last N minutes and Apache service on host B did, then the load balancing could be faulty.

Read the article
What are some good courses to take my programming to the next level?

- by absentx

I am in search of either some in person, or online training that could take my coding to the next level. I am looking to attack two specific areas: Javascript: While I have been getting by with javascript for three or four years, I still feel like it takes a back seat to my other programming. I use Jquery a lot but would prefer to be proficient in pure JS also. PHP: I feel pretty proficient at PHP but I know there is only room to improve. Here I am interested in something that can teach me the more advanced aspects of the language, improve my code writing and perhaps cover object oriented php in depth also. I have looked into Netcom's training courses before but I can't tell if there advanced webmaster professional would be a good fit or not. Seems kind of like a force fed course but I am interested in it because I am looking for something in the one to two week range that is targeted at what I am looking for. I have zero experience with any type of online courses in terms of programming. It appears lots are available, but I am not sure on the quality.

Read the article
DDoS attacks to PBX

- by user316687

I'm wondering if DDOS attacks to PBX or telecommunications systems is possibe real. According to this links: http://threatpost.com/en_us/blogs/firm-sees-more-ddos-attacks-aimed-telecom-systems-073112 http://news.softpedia.com/news/DDOS-Attacks-Against-Telecom-Systems-Cost-as-Little-as-20-16-Per-Day-284875.shtml it is possible. There are DDOs attacks to web servers, which mostly give them so much concurrent loads or connections that service get unavailable. Many government or non-profit organizations that suffered this kind of attacks, eventually could choose to shutdown their web server and that's it, waiting for these attacks to end. For a DDOs attacks to PBX, I imagine that it would result in telephones getting busy or ringing all the time unstoppably. This kind of attack could really damage any kind organization. Is it possible to do that or are we just in the beginnings?

Read the article
Security and encryption with OpenVPN

- by Chris Tenet

The UK government is trying to implement man-in-the-middle attack systems in order to capture header data in all packets. They are also equipping the "black boxes" they will use with technology to see encrypted data (see the Communications Data Bill). I use a VPN to increase my privacy. It uses OpenVPN, which in turn uses the OpenSSL libraries for encrypting data. Will the government be able to see all the data going through the VPN connection? Note: the VPN server is located in Sweden, if that makes a difference.

Read the article
Misbehaving Network Printers - options?

- by Dan Kelly

We are having some issue with printers on our network. We have 3 floors, 2 printers per floor (A3 & A4) all connected to the same Print Server. The issue is that the same printer may not behave the same on two different, seemingly identical desktops. The commonest place this is seen on our bulk print script in AutoCAD - occasionally drawings may print Landscape on Portrait paper, despite drawings always being Landscape... Does any one have any suggestions on what we can check / try? The current line of attack is to setup a new Print Server, with the HP universal print driver rather than the device specific drivers, and replace printers using exactly the same method on all desktops. Sound good?

Read the article
What is a dotted pair's analogy in other Lisp implementations?

- by octopusgrabbus

What is Scheme's dotted pair construct analogous to in other Lisp implementations? I can make a vector or list quite easily, and understand those in Clojure, even though the syntax is a little different, like Clojure's vectors use square brackets []. However, seeing a dotted pair for the first time threw me. It almost looks like it is an implementation of of map. I'm not looking for a discussion, but more for use or the dotted pair equivalent in other Lisp dialects, like Clojure, or even Python. Thanks.

Read the article
Cannot Boot, How to recover

- by Kendor

Am running 11.10 64-bit with Gnome-shell. Something happened late Friday whereby my machine never gets to the login screen. I do get to an Ubuntu splash logo, after that I get a text screen that it hangs on. The screen is referring to issues with mounting various network resources, including VMWare and also some references to my NAS that are in fstab. If I hit "esc" I can get to the GRUB menu and into recovery console. If I try to do a file system check, I run into a similar error screen that I see when trying to boot normally. A possible clue here is that during my last good session I made some mods to the /etc/hosts file to reference another system which I'm connecting to with Synergy. I don't believe I have hardware issues as I'm able to boot properly with a Live USB and connect to my network/Internet. A few more tidbits. I have regular Dejadups backups on my NAS. I have a good Clonezilla whole drive image which is 4-6 weeks old.. My home is encrypted. I thought I'd try blowing away my hosts file via live USB, but when I mounted the hard drive everything was read-only and I couldn't figure out how to replace it. P.S. I logged in via CLI and modded the host file to remove the entry I'd made, to no avail. System continue to gets stuck on the following: CIFS VFS: default security mechanism requested. The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel version 3.1s Would love some sober advice on how to attack this.

Read the article
Blocking apache access via user agent string

- by Tchalvak

I've got a scripter who is using a proxy to attack a website I'm serving. I've noticed that they tend to access the site via software with a certain common user agent string (i.e. http://www.itsecteam.com/en/projects/project1_page2.htm "Havij advanced sql injection software" with a user_agent string of Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij). I'm aware that any cracking software worth it's salt will probably be able to modify it's user agent string, but I'm fine with the scripter having to deal with that feature at some point. So, is there any software out there for automatically blocking access & permanently blacklisting by matching user agent strings?

Read the article

< Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91 | Next Page >