Server under DDOS attack - How to find out IPs?
- by Webnet
My server is under DDOS attacks and I want to block the IP that is doing it, what logs should I be looking for to determine the attacker's IP?
Search Results
Search found 544 results on 22 pages for 'attacks'.
Page 9/22 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16 | Next Page >
-
-
Limiting database security
- by Torbal
A number of texts signify that the most important aspects offered by a DBMS are availability, integrity and secrecy. As part of a homework assignment I have been tasked with mentioning attacks which would affect each aspect. This is what I have come up with - are they any good? Availability - DDOS attack Integrity Secrecy - SQL Injection attack Integrity - Use of trojans to gain access to objects with higher security rolesRead the article
-
smtp(s) proxy to monitor outgoing spam
- by Zulakis
I am looking for a smtp proxy to install on our gateway which should monitor outgoing smtp traffic to identify the source of recently occuring spam attacks from our network. It would be enough if this could log all outgoing mails, no actual filtering must be done as I'm going to do this manually. Also, is it possible to monitor smtps ports 465 and 587 or is it necessary to completely block these ports to stop spam?Read the article
-
The Top Ten Security Top Ten Lists
- by Troy Kitch
As a marketer, we're always putting together the top 3, or 5 best, or an assortment of top ten lists. So instead of going that route, I've put together my top ten security top ten lists. These are not only for security practitioners, but also for the average Joe/Jane; because who isn't concerned about security these days? Now, there might not be ten for each one of these lists, but the title works best that way. Starting with my number ten (in no particular order): 10. Top 10 Most Influential Security-Related Movies Amrit Williams pulls together a great collection of security-related movies. He asks for comments on which one made you want to get into the business. I would have to say that my most influential movie(s), that made me want to get into the business of "stopping the bad guys" would have to be the James Bond series. I grew up on James Bond movies: thwarting the bad guy and saving the world. I recall being both ecstatic and worried when Silicon Valley-themed "A View to A Kill" hit theaters: "An investigation of a horse-racing scam leads 007 to a mad industrialist who plans to create a worldwide microchip monopoly by destroying California's Silicon Valley." Yikes! 9. Top Ten Security Careers From movies that got you into the career, here’s a top 10 list of security-related careers. It starts with number then, Information Security Analyst and ends with number one, Malware Analyst. They point out the significant growth in security careers and indicate that "according to the Bureau of Labor Statistics, the field is expected to experience growth rates of 22% between 2010-2020. If you are interested in getting into the field, Oracle has many great opportunities all around the world. 8. Top 125 Network Security Tools A bit outside of the range of 10, the top 125 Network Security Tools is an important list because it includes a prioritized list of key security tools practitioners are using in the hacking community, regardless of whether they are vendor supplied or open source. The exhaustive list provides ratings, reviews, searching, and sorting. 7. Top 10 Security Practices I have to give a shout out to my alma mater, Cal Poly, SLO: Go Mustangs! They have compiled their list of top 10 practices for students and faculty to follow. Educational institutions are a common target of web based attacks and miscellaneous errors according to the 2014 Verizon Data Breach Investigations Report. 6. (ISC)2 Top 10 Safe and Secure Online Tips for Parents This list is arguably the most important list on my list. The tips were "gathered from (ISC)2 member volunteers who participate in the organization’s Safe and Secure Online program, a worldwide initiative that brings top cyber security experts into schools to teach children ages 11-14 how to protect themselves in a cyber-connected world…If you are a parent, educator or organization that would like the Safe and Secure Online presentation delivered at your local school, or would like more information about the program, please visit here.” 5. Top Ten Data Breaches of the Past 12 Months This type of list is always changing, so it's nice to have a current one here from Techrader.com. They've compiled and commented on the top breaches. It is likely that most readers here were effected in some way or another. 4. Top Ten Security Comic Books Although mostly physical security controls, I threw this one in for fun. My vote for #1 (not on the list) would be Professor X. The guy can breach confidentiality, integrity, and availability just by messing with your thoughts. 3. The IOUG Data Security Survey's Top 10+ Threats to Organizations The Independent Oracle Users Group annual survey on enterprise data security, Leaders Vs. Laggards, highlights what Oracle Database users deem as the top 12 threats to their organization. You can find a nice graph on page 9; Figure 7: Greatest Threats to Data Security. 2. The Ten Most Common Database Security Vulnerabilities Though I don't necessarily agree with all of the vulnerabilities in this order...I like a list that focuses on where two-thirds of your sensitive and regulated data resides (Source: IDC). 1. OWASP Top Ten Project The Online Web Application Security Project puts together their annual list of the 10 most critical web application security risks that organizations should be including in their overall security, business risk and compliance plans. In particular, SQL injection risks continues to rear its ugly head each year. Oracle Audit Vault and Database Firewall can help prevent SQL injection attacks and monitor database and system activity as a detective security control. Did I miss any?Read the article
-
Polymorphism and passing
- by Tucker Morgan
Ok i am going to try and state my question as clearly as possible, but if you have trouble understanding it please just ask for clarification, i really want to figure out how to do this. I am writing a text based RPG, and i have three class that inherit from a super class, they all have special attacks that they can preform, at the same time i have a class that holds the function which handles battles in my game. Now how do i get the unique special abilities functions for whatever role the player chooses into the battle function. Also i am using the vector.push_back method to handle how my sub classes are referenced Please help me your my only hopeRead the article
-
Can I use a genetic algorithm for balancing character builds?
- by Renan Malke Stigliani
I'm starting to build a online PVP (duel like, one-on-one) game, where there is leveling, skill points, special attacks and all the common stuff. Since I have never done anything like this, I'm still thinking about the math behind the levels/skills/specials balance. So I thought a good way of testing the best builds/combos, would be to implement a Genetic Algorithm. It'd be like this: Generate a big group of random characters Make them fight, level them up accordingly to their victories(more XP)/losses(less XP) Mate the winners, crossing their builds, to try and make even better characters Add some more random chars, emulating new players Repeat the process for some time, or util I find some chars who can beat everyone's butt I could then play with the math and try to find better balances to make sure that the top x% of chars would be a mix of various build types. So, is it a good idea, or is there some other, easier method to do the balancing?Read the article
-
Announcing Oracle Audit Vault and Database Firewall
- by Troy Kitch
Today, Oracle announced the new Oracle Audit Vault and Database Firewall product, which unifies database activity monitoring and audit data analysis in one solution. This new product expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Here are some of the key features of Oracle Audit Vault and Database Firewall: Single Administrator Console Default Reports Out-of-the-Box Compliance Reporting Report with Data from Multiple Source Types Audit Stored Procedure Calls - Not Visible on the Network Extensive Audit Details Blocking SQL Injection Attacks Powerful Alerting Filter Conditions To learn more about the new features in Oracle Audit Vault and Database Firewall, watch the on-demand webcast.Read the article
-
genetic algorithm for leveling/build test
- by Renan Malke Stigliani
I'm starting o build a online PVP (duel like, one-to-one) game, where there is leveling, skill points, special attacks and all the common stuff. Since I never did anything like that, I'm still thinking about the maths behind the level/skill/special balances. So I thought good way of testing the best/combo builds would implement a Genetic Algorith. It'd be like that: Generate a big portion of random characters Make them fight, level them up accordingly to the victories(more XP)/losses(less XP) Mate the winners, crossing their builds, to try to make even best characters Add some more random chars, emulating new players Repeat the process for some time, or util find some chars who can beat everyone butts So I could play with the math and try to find the balance where the top x% chars would be a mix of various build types. So, is it a good idea, or there are some other easier method to do the balance? PS: I like this also, because it sounds funnyRead the article
-
Is this how dynamic language copes with dynamic requirement?
- by Amumu
The question is in the title. I want to have my thinking verified by experienced people. You can add more or disregard my opinion, but give me a reason. Here is an example requirement: Suppose you are required to implement a fighting game. Initially, the game only includes fighters, who can attack each other. Each fighter can punch, kick or block incoming attacks. Fighters can have various fighting styles: Karate, Judo, Kung Fu... That's it for the simple universe of the game. In an OO like Java, it can be implemented similar to this way: abstract class Fighter { int hp, attack; void punch(Fighter otherFighter); void kick(Fighter otherFighter); void block(Figther otherFighter); }; class KarateFighter extends Fighter { //...implementation...}; class JudoFighter extends Fighter { //...implementation... }; class KungFuFighter extends Fighter { //...implementation ... }; This is fine if the game stays like this forever. But, somehow the game designers decide to change the theme of the game: instead of a simple fighting game, the game evolves to become a RPG, in which characters can not only fight but perform other activities, i.e. the character can be a priest, an accountant, a scientist etc... At this point, to make it more generic, we have to change the structure of our original design: Fighter is not used to refer to a person anymore; it refers to a profession. The specialized classes of Fighter (KaraterFighter, JudoFighter, KungFuFighter) . Now we have to create a generic class named Person. However, to adapt this change, I have to change the method signatures of the original operations: class Person { int hp, attack; List<Profession> skillSet; }; abstract class Profession {}; class Fighter extends Profession { void punch(Person otherFighter); void kick(Person otherFighter); void block(Person otherFighter); }; class KarateFighter extends Fighter { //...implementation...}; class JudoFighter extends Fighter { //...implementation... }; class KungFuFighter extends Fighter { //...implementation ... }; class Accountant extends Profession { void calculateTax(Person p) { //...implementation...}; void calculateTax(Company c) { //...implementation...}; }; //... more professions... Here are the problems: To adapt to the method changes, I have to fix the places where the changed methods are called (refactoring). Every time a new requirement is introduced, the current structural design has to be broken to adapt the changes. This leads to the first problem. Rigid structure makes it hard for code reuse. A function can only accept the predefined types, but it cannot accept future unknown types. A written function is bound to its current universe and has no way to accommodate to the new types, without modifications or rewrite from scratch. I see Java has a lot of deprecated methods. OO is an extreme case because it has inheritance to add up the complexity, but in general for statically typed language, types are very strict. In contrast, a dynamic language can handle the above case as follow: ;;fighter1 punch fighter2 (defun perform-punch (fighter1 fighter2) ...implementation... ) ;;fighter1 kick fighter2 (defun perform-kick (fighter1 fighter2) ...implementation... ) ;;fighter1 blocks attacks from fighter2 (defun perform-block (fighter1 fighter2) ...implementation... ) fighter1 and fighter2 can be anything as long as it has the required data for calculation; or methods (duck typing). You don't have to change from the type Fighter to Person. In the case of Lisp, because Lisp only has a single data structure: list, it's even easier to adapt to changes. However, other dynamic languages can have similar behaviors as well. I work primarily with static languages (mainly C and Java, but working with Java was a long time ago). I started learning Lisp and some other dynamic languages this year. I can see how it helps improving my productivity.Read the article
-
Antivirus Poses as Windows Security Alert, March Patch
The campaign's attacks are said to begin when a Web user attempts to visit a WordPress blogger's site. Instead of seeing the intended website, the user is redirected to a site hosting the rogue antivirus. The blogger will see that user's traffic, however, even though they never get to see any actual content. The site performs a phony scan on the user's computer and displays what appear to be existing Trojans found on the computer. In an attempt to look authentic, the rogue antivirus software carries the appearance of a typical Windows Explorer window and also employs a Windows Security Ale...Read the article
-
Oracle Keeps Growing Partner Certifications with Addition of McAfee
- by Ted Davis
Viruses stink. Whether it’s the common cold virus, Goatpox virus – yes it exists -- or a computer virus, you name it, viruses stink. When it comes to our computer server infrastructure we all want to make sure our servers are secure from any malware out there. Additionally, installation of anti-virus software is a requirement by many governments and for many enterprises both large and small. Because of the growth of Oracle Linux in their customer base, McAfee recently certified their “McAfee VirusScan Enterprise for Linux” on Oracle Linux. It delivers always-on, real-time anti-virus protection for Linux environments. Its unique, Linux-based on-access scanner constantly monitors the system for potential attacks. While there have been few viruses found on Linux, you can now feel secure running Oracle Linux in your infrastructure with McAfee on top. We are happy to introduce McAfee into the Oracle Linux family of certified applications.Read the article
-
Can Separation of Duties Deter Cybercrime? YES!
- by roxana.bradescu
According to the CERT 2010 CyberSecurity Watch Survey: The public may not be aware of the number of incidents because almost three-quarters (72%), on average, of the insider incidents are handled internally without legal action or the involvement of law enforcement. However, cybercrimes committed by insiders are often more costly and damaging than attacks from outside. When asked what security policies and procedures supported or played a role in the deterrence of a potential cybercriminal, 36% said technically-enforced segregation of duties. In fact, many data protection regulations call for separation of duties and enforcement of least privilege. Oracle Database Security solutions can help you meet these requirements and prevent insider threats by preventing privileged IT staff from accessing the data they are charged with managing, ensuring developers and testers don't have access to production data, making sure that all database activity is monitored and audited to prevent abuse, and more. All without changes to your existing applications or costly infrastructure investments. To learn more, watch our Oracle Database Management Separation of Duties for Security and Regulatory Compliance webcast.Read the article
-
How to implement a safe password history
- by Lorenzo
Passwords shouldn't be stored in plain text for obvious security reasons: you have to store hashes, and you should also generate the hash carefully to avoid rainbow table attacks. However, usually you have the requirement to store the last n passwords and to enforce minimal complexity and minimal change between the different passwords (to prevent the user from using a sequence like Password_1, Password_2, ..., Password_n). This would be trivial with plain text passwords, but how can you do that by storing only hashes? In other words: how it is possible to implement a safe password history mechanism?Read the article
-
List of eCommerce sites that use end-to-end SSL?
- by Jon Schneider
My development team is considering implementing an eCommerce site using end-to-end SSL -- that is, every page on the site is accessed via an https:// URL -- rather than the more traditional "mixed mode" where most pages are accessed via http:// and only "secure" pages such as login and credit card entry are redirected to https://. Pros of doing such a "pure SSL" approach include avoidance of some session-hijacking attacks such as Firesheep; cons include performance considerations. My question is: Is anyone aware of a list of eCommerce websites (especially USA-based sites), or even specific websites, that use this end-to-end SSL approach? I'm especially interested in "regular" eCommerce sites rather than banks or other "financial" sites.Read the article
-
WebCenter Sites 11gR1 Bundled Patch 1 is now available
- by R.Hunter
There is a new patch available for WebCenter Sites - 11gR1 Bundled Patch 1. The download links can be obtained from the WebCenter Sites Download page. Some of the highlights of WebCenter Sites 11gR1 Bundled Patch 1 are listed below: - UI Customization support - A new developer’s guide is available for use in customizing the Contributor UI. Customizable UI components include the Dashboard, search views, tools bars, menus, and asset-forms. In addition, global or site specific configuration properties can be specified for controlling what is displayed in the UI. - Localization support – The contributor UI is localized for the following languages: French, German, Italian, Spanish, Brazilian Portuguese, Japanese, Korean, Simplified &Traditional Chinese - Developer tools (CSDT) now supports connection to a remote Sites server- Security updates including a request authentication filter to prevent CSRF attacks, REST API updates, and more.- Session replication support in the management user interfaces- Bug fixes Please refer to the release notes and documentation for more information.Read the article
-
Drawing an animation over an already drawn screen
- by Chandan Pednekar
I am working on a XNA WP7 card game whose basic prototype is complete. In game screen, 6 cards are displayed at a time (3 for each of the two players say 1,2 and 3). If player A attacks one of player B's card then I want to show an animation over player B's card i.e the victim card(say a claw scratch for e.g.) My question is how do I approach with the animation system so that I can draw an animation over a card upon certain events e.g. dead, fire, claw attack etc. I have an attack function which detects which type of card is attacking which type of card. Depending on the type of attacker card I want to display the animation on the victim card. Can I call animation classes function for different animations in the attack function itself without actually having to call separate draw and update functions. If so, how? Also how do I play sound at the same time when the animation is going on?Read the article
-
New qeep app for Java ME feature phones: meet qeepy people
- by hinkmond
Is it "qeepy" if you meet people by using your cell phone instead of, you know, talking to them? Nah. Not if it's a Java ME cell phone! See: Use Qeep to Meet Peeps Here's a quote: Qeep is a free app, and compatible with over 1,000 Java-enabled feature phones... ... Qeep is one of the world's largest mobile gaming and social discovery platforms. Members of the mobile community can play live multiplayer games; blog photos; send sound attacks, text messages and virtual gifts; and meet new friends worldwide. So, go on. Go, use Qeep on your Java ME feature phone to play multiplayer games, blog photos, and meet new friends worldwide. No one will think that you're weird... Not much, at least. HinkmondRead the article
-
Oracle felvásárlás: Secerno, heterogén adatbázis tuzfal
- by Fekete Zoltán
A következo cég az Oracle felvásárlások sorozatában a Secerno, a heterogén vállalati adatbázis tuzfalak gyártója, ez a következo eleme az Oracle biztonsági megoldásoknak. "Oracle Buys Secerno, Adds Heterogeneous Database Firewall to Oracle's Industry-leading Database Security Solutions" - Oracle Secerno lap - Sajtóhír a Secerno felvásárlás bejelentésérol angol nyelven "As a provider of database firewall solutions that help customers safeguard their enterprise databases, Secerno is a natural addition to Oracle's industry-leading database security solutions," said Steve Hurn, CEO Secerno. "Secerno has been providing enterprises and their IT Security departments strong assurance that their databases are protected from attacks and breaches. We are excited to bring Secerno's domain expertise to Oracle, and ensure continuity and success for our current customers, partners and prospects."Read the article
-
How should I handle "real time" events in an online strategy game?
- by Hojat Taheri
Some online strategy games have real time events. For example when you send troops to attack somewhere, the attack happens at the right time in the future. Checking the database again and again to get the list of attacks happening each second would cause heavy load. Is there any technique to achieve this goal? Another example: You want to attack a village 3 hours away, you send troops and the attack occurs 3 hours later. Should there be an script to check the database at each second to run the query at the specified time?Read the article
-
System that splits passwords across two servers
- by Burning the Codeigniter
I stumbled upon this news article on BBC, RSA splits passwords in two to foil hackers' attacks tl;dr - a (randomized) password is split in half and is stored across two separate servers, to foil hackers that gained access to either server upon a security breach. Now the main question is, how would this kind of system would be made... codespeaking, for PHP which I commonly develop on my web applications, the database password is normally stored in a configuration file, i.e. config.php with the username and password, in that case it is understandable that the passwords can be stolen if the security was compromised. However when splitting and sending the other half to the other server, how would this go on when making a communication to the other server (keeping in mind with PHP) since the other server password would be stored in a configuration file, wouldn't it? In terms of security is to keep the other server password away from the main one, just exactly how would the main server communicate, without exposing any other password, apart from the first server. This certainly makes me think...Read the article
-
Is this safe? <a href=http://javascript:...>
- by KajMagnus
I wonder if href and src attributes on <a> and <img> tags are always safe w.r.t. XSS attacks, if they start with http:// or https://. For example, is it possible to append javascript: ... to the href and src attribute in some manner, to execute code? Disregarding whether or not the destination page is e.g. a pishing site, or the <img src=...> triggers a terribly troublesome HTTP GET request. Background: I'm processing text with markdown, and then I sanitize the resulting HTML (using Google Caja's JsHtmlSanitizer). Some sample code in Google Caja assumes all hrefs and srcs that start with http:// or https:// are safe -- I wonder if it's safe to use that sample code. Kind regards, Kaj-MagnusRead the article
-
Security Alert for CVE-2011-5035 Updated
- by Eric P. Maurice
Hi, this is Eric Maurice again. Oracle has just updated the Security Alert for CVE-2011-5035 to announce the availability of additional fixes for products that were affected by this vulnerability through their use of the WebLogic Server and Oracle Container for J2EE components. As explained in a previous blog entry, a number of programming language implementations and web servers were found vulnerable to hash table collision attacks. This vulnerability is typically remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, malicious attackers can use this vulnerability to create denial of service conditions against the targeted system. A complete list of affected products and their versions, as well as instructions on how to obtain the fixes, are listed on the Security Alert Advisory. Oracle highly recommends that customers apply these fixes as soon as possible.Read the article
-
Why is better to use external JavaScript or libraries ; and is it prefered to use jquery meaning more security?
- by shareef
I read this article Unobtrusive JavaScript with jQuery and I noticed these points in the slide page 11 some companies strip JavaScript at the firewall some run the NoScript Firefox extension to protect themselves from common XSS and CSRF attacks many mobile devices ignore JavaScript entirely screen readers do execute JavaScript but accessibility issues mean you may not want them to I did not understand the fourth point. What does it mean? I need your comment and responses on these points. Is not using JavaScript and switching to libraries like jQuery worth it? UPDATE 1 : whats the meaning of Unobtrusive JavaScript with jQuery ? and yes it does not say we should use libraries but we should have them on external files for that reason i asked my question.Read the article
-
Significant number of non-HTTP requests hitting my site
- by Mark Westling
I'm seeing a significant number of non-HTTP requests hitting a site I just launched. They show up in the server (nginx) logs as non-ASCII and get rejected (correctly) with a 400 status. Here are some lines from the log: 95.132.198.189 - - [09/Jan/2011:13:53:30 -0500] "œ$A\x10õœ²É9J" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:57:42 -0500] "#§i²¸oYi Ṅ\x13VJ—x·—œ\x04N \x1DÔvbÛè½\x10§¬\x1E0œ_^¼+\x09ÜÅ\x08DÌÃiJeT€¿æ]œr\x1EëîyIÐ/ßýúê5Ǹ" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:58:33 -0500] "¯Ú%ø=Œ›D@\x12¼\x1C†ÄÀe\x015mˆàd˜Û%pÛÿ" 400 173 "-" "-" What should I make of this? Is this some sort of scripted attack? Or could these be correct requests that have somehow been garbled? They're not affecting the performance of the site and I'm not seeing any other signs of attacks (e.g., no strange POSTs) so at this point I'm more curious than afraid.Read the article
-
HTG Explains: How Hackers Take Over Web Sites with SQL Injection / DDoS
- by Jason Faulkner
Even if you’ve only loosely followed the events of the hacker groups Anonymous and LulzSec, you’ve probably heard about web sites and services being hacked, like the infamous Sony hacks. Have you ever wondered how they do it? There are a number of tools and techniques that these groups use, and while we’re not trying to give you a manual to do this yourself, it’s useful to understand what’s going on. Two of the attacks you consistently hear about them using are “(Distributed) Denial of Service” (DDoS) and “SQL Injections” (SQLI). Here’s how they work. Image by xkcd HTG Explains: How Hackers Take Over Web Sites with SQL Injection / DDoS Use Your Android Phone to Comparison Shop: 4 Scanner Apps Reviewed How to Run Android Apps on Your Desktop the Easy WayRead the article
