Search Results

Search found 707 results on 29 pages for 'ethical hacking'.

Page 9/29 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Testing for security vulnerabilities on web applications

    - by Moak
    A lot of companies use CMS software that updates on the regular, often they are security fixes, implying that the previous version have security vulnerabilities. But most clients never upgrade this, or even the CMS has been modified so that an update would break the site. Are there sites that document these exploits, and instruct how to test for them? Or does this information not even get published? (in order not to have people try to exploit them) Also is there a generic php/js based check list to prevent hack attempts? I know about SQL injections and XSS, but I'm sure that there are more threats out there. Peace

    Read the article

  • Got Hacked. Want to understand how.

    - by gaoshan88
    Someone has, for the second time, appended a chunk of javascript to a site I help run. This javascript hijacks Google adsense, inserting their own account number, and sticking ads all over. The code is always appended, always in one specific directory (one used by a third party ad program), affects a number of files in a number of directories inside this one ad dir (20 or so) and is inserted at roughly the same overnight time. The adsense account belongs to a Chinese website (located in a town not an hour from where I will be in China next month. Maybe I should go bust heads... kidding, sort of), btw. So, how could they append text to these files? Is it related to the permissions set on the files (ranging from 755 to 644)? To the webserver user (it's on MediaTemple so it should be secure, yes?)? I mean, if you have a file that has permissions set to 777 I still can't just add code to it at will... how might they be doing this?

    Read the article

  • How to hack your own website

    - by Saif Bechan
    I am in late testing phase of my web application. The application will be tested at a larger scale now. During this time I want to try and hack my own system and application with some tools, scripts, etc. Mostly some code I can try and execute in the browser. I have backups for the whole system so even down to the kernel can be hacked. My system is nginx,apache,php,mysql on Linux CentOS.

    Read the article

  • How to prevent arbitrary code execution vulnerability in our programs?

    - by Calmarius
    You always read in changelogs when your system or browser or any program updates that they fixed a bug that made possible that an attacker can execute any code in your computer with a forged website, or attacking your computer with carefully forged packets, etc... Because you read it so often that means any program can have similar vulnerabilites... What causes this? how to design our programs to prevent similar issues?

    Read the article

  • PHP - What to store in a session?

    - by eWolf
    I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session. But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead of just the user id in the session. Why? The content of a session cannot be obtained by a client - or can it?

    Read the article

  • Inter process communication C# <--> C++ for game debugging engine.

    - by Andy
    I am working on a debugger project for a game's scripting engine. I'm hoping to write the debugger's GUI in C#. The actual debugging engine, however, is embedded in the game itself and is written in a mixture of C, C++, and assembly patches. What's the best way to handle communication between the debugger GUI and the debugging engine? The two will be running in separate processes. Thanks! Andy

    Read the article

  • Cookiless Session Is it a security risk?

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniff the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user?

    Read the article

  • How do I react when somebody tries to guess admin directiories on my website?

    - by Konstantin
    Hello! I've been getting these messages in apache error.log for quite a while: [client 217.197.152.228] File does not exist: /var/www/phpmyadmin [client 217.197.152.228] File does not exist: /var/www/pma [client 217.197.152.228] File does not exist: /var/www/admin [client 217.197.152.228] File does not exist: /var/www/dbadmin [client 217.197.152.228] File does not exist: /var/www/myadmin [client 217.197.152.228] File does not exist: /var/www/PHPMYADMIN [client 217.197.152.228] File does not exist: /var/www/phpMyAdmin And many more different addresses. Looks like somebody is trying to guess where my admin applications are located. What should I fear in this situation, and what a knowledge of my admin addresses can give to attacker, if everything is password protected?

    Read the article

  • Detecting suspicious behaviour in a web application - what to look for?

    - by Sosh
    I would like to ask the proactive (or paranoid;) among us: What are you looking for, and how? I'm thinking mainly about things that can be watched for programaticaly, rather than manually inspecting logs. For example: - Manual/automated hack attempts - Data skimming - Bot registrations (that have evaded captcha etc.) - Other unwanted behaviour Just wondering what most people would consider practical and effective..

    Read the article

  • How do game trainers change an address in memory that's dynamic?

    - by GameTrainersWTF
    Lets assume I am a game and I have a global int* that contains my health. A game trainer's job is to modify this value to whatever in order to achieve god mode. I've looked up tutorials on game trainers to understand how they work, and the general idea is to use a memory scanner to try and find the address of a certain value. Then modify this address by injecting a dll or whatever. But I made a simple program with a global int* and its address changes every time I run the app, so I don't get how game trainers can hard code these addresses? Or is my example wrong? What am I missing?

    Read the article

  • How do game trainers change a address in memory thats dynamic?

    - by GameTrainersWTF
    Lets assume i am a game and i have a global int* that contains my health. A game trainers job is to modify this value to whatever in order to achieve god mode. I've looked up tutorials on game trainers to understand how they work, and the general idea is to use a memory scanner to try and find the address of a certain value. Then modify this address by injecting a dll or whatever. But i made a simple program with a global int* and its address changes every time i run the app, so i don't get how game trainers can hard code these addresses? Or is my example wrong? What am i missing?

    Read the article

  • Cookiless Session Is it a security

    - by Costa
    Hi http://msdn.microsoft.com/en-us/library/aa479314.aspx You have a user who successfully log in from a machine in Cybercafe, Hacker H able to sniffer the network and get the sessionID of the user, Can H use the sessionId and act as the user from another machine? Can H enter http://folder/(session id)/CreditCardInformation.aspx to know the credit card number of the user. Thanks

    Read the article

  • Using directory traversal attack to execute commands

    - by gAMBOOKa
    Is there a way to execute commands using directory traversal attacks? For instance, I access a server's etc/passwd file like this http://server.com/..%01/..%01/..%01//etc/passwd Is there a way to run a command instead? Like... http://server.com/..%01/..%01/..%01//ls ..... and get an output? EDIT: To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system

    Read the article

  • How to make an unit test always pass?

    - by brain_damage
    Let's assume someone has to write a solution to a problem and I have to test his solution with some tests. Is it possible (maybe with reflections or something) his program to pass all my tests, but to have nothing in common with the real solution to the problem?

    Read the article

  • Is anyone teaching the application of ethics to programming?

    - by blueberryfields
    Ethical questions come up more and more in the news, and can be core to a software developers' life. On several occasions this year I was asked for advice that amounts to answering ethical questions, in a computer programming context, and I was surprised to see how much fretting and trouble questions which I consider trivial can lead to. Are there any courses or programs specializing in teaching what is expected of an ethical programmer? Has anyone put together a formal curriculum anywhere?

    Read the article

  • How can I protect my save data from casual hacking?

    - by Danran
    What options are there for saving game data in a secure manner? I'm interested in solutions specifically tailored for C++. I'm looking for something that is fast and easy to use. I'm only concerned about storing simple information such as Which levels are and are not unlocked The user's score for each level I'm curious again to know what's out there to use, any good libraries to use that give me nice, secure game data files that the average player can't mess with. I just found this here which looks very nice, but it would be great to get some opinions on potential other libraries/options out there.

    Read the article

  • Where can I learn various hacking techniques on the web?

    - by Carson Myers
    I would like to try my hand at hacking -- that is, exploiting various website vulnerabilities. Not for any illegal purpose mind you, but so I can have a better understanding and appreciation of these exploits while writing my own web software. I seem to recall that there was a community that hosted a bunch of demo websites, and you had to find and exploit certain vulnerabilities with each one. I can't remember what it is called but this is the sort of thing I am looking for -- I have read a tonne of little XSS and CSRF examples but have yet to find a real-life hands-on example of one. Does anyone know of such a place, where I can be given an example page and look for security holes? I would really rather not try this with actual websites, I don't want to break any laws.

    Read the article

  • is it legal/ethical to use source code provided in academic papers, or talks given at trade events l

    - by lucid
    so, is it legal to use source code from papers and such: like this paper on perlin noise: [url]http://mrl.nyu.edu/~perlin/paper445.pdf[/url] links to this source code: [url]http://mrl.nyu.edu/~perlin/noise/[/url] and stam's famous talk on fluid dynamics, includes source code throughout, annotated with instructions like "add these macros to the beginning of your code" [url]http://www.dgp.toronto.edu/people/stam/reality/Research/pdf/GDC03.pdf[/url] I'm just not sure if it's legal to copy and paste this to use in your own commercial code. if I were to make my own implementation, it would end up being close to identical, since I'd probably use the source code as a reference. I know very little about copyright law, including how it applies in these situations, and I can never find usage and licensing terms for these. Nor did googling any terms I could think of provide me the specific answer I need. does anyone know for sure what the rules/laws are here, or where I can find the answer?

    Read the article

  • Is it ethical to let users see the request headers from visitors to a url shortening service?

    - by soniiic
    I'm currently in the progress of making a url shortening service that will let the creator see the http request headers that the browser has made when visitors visit the url. The visitors won't be made aware that they are being tracked, but obviously nothing is personally identifiable. Is there anything I should be made aware of ethically or legally that makes this a bad idea?

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >