Search Results

Search found 3370 results on 135 pages for 'attack vector'.

Page 95/135 | < Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >

• How can I make a career in Formal Methods programming in USA?

  - by A5al Andy

  I've found that my (USA) professors recoil with a near-disgust when I ask them about how to pursue a career in Formal Methods programming. They say, "Oh, that stuff! That stuff is anal. You don't need that European POS to get a job." I'm sure I'll get a job without it, but Formal Methods interests me so much that I bet I'd like to make a career of it. I'd like to learn about Formal Methods at an American University and then work in that field here. I've found that even professors at more important universities than mine don't seem to welcome Formal Methods. Almost all FM research project webpages are semi-abandoned and moldering. Europe is where the action seems to be for this. Can anyone suggest a plan of attack, and along the way explain the antipathy to Formal Methods in the US? I'm a sophomore at a public university in the South.

  Read the article

• iPhone Dev: Animating PNG Sequences

  - by Franky

  What is the best or recommended technique for animating PNG Sequences. Heres what I've learned: Do it Manually Using MutableArrays containing Strings, you can animate a UIImageView with a timer which increments an index number UIImage - animation methods This works, the only problem is to find if an image has completed its animation, you have to check the isAnimating BOOL, and to do that you need a timer. What is the best and recommended? Looking to do Oldschool game sprite animations, ie: Idle Animation Attack Animation Walk Animation ect... Let me know if any one has something. @lessfame

  Read the article

• What's my best bet for replacing plain text links with anchor tags in a string? .NET

  - by Craig Bovis

  What is my best option for converting plain text links within a string into anchor tags? Say for example I have "I went and searched on http://www.google.com/ today". I would want to change that to "I went and searched on http://www.google.com/ today". The method will need to be safe from any kind of XSS attack also since the strings are user generated. They will be safe before parsing so I just need to make sure that no vulnerabilities are introduced through parsing the URLs.

  Read the article

• Authenticating a Server with Digital Signatures

  - by TomS

  I understand how Non-repudiation and Integrity are achieved with Digital Signatures, but it's the Authentication that I don't grasp yet. I'm developing a Client-Server application in C#, that should be capable of Authentication with Digital Certificates and Digital Signatures. I know how to check the validity and integrity of a Signature (with SignedCms.CheckSignature()), but how does this authenticates any of the parts involved? For example: The client asks the Server for a Digital Signature, The client receives the signature and validates it, If the validation succeeds, continue. The client could be a victim of a man-in-the middle attack and receive a valid signature in step 2. The validation would succeed, but the client wouldn't be talking to the right server. What am I missing?

  Read the article

• Releasing an app - Developed on one account, releasing/approving on another

  - by stumac85

  Hi there, We have developed an application for a company who want to release it under their own account. It has been developed on our account and has had provisioning profiles attached to it from our own account. What is the best way to do this? Do I have to send them the xCode project and talk them through how to attack a provisioning profile to the project? Or can I just get their login details and create a provisioning profile from the Mac in the office and do it for them? Or is there a "transfer to different account" option? Many thanks!

  Read the article

• What's the best way to detect web applications attacks ?

  - by paulgreg

  What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ? I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try well-known bad or malformed URLs. Is there others (and betters) ways to analyze and detect that kind of attack tentative ? Note : I'm speaking about URL based attacks, not attacks on server's component (like database or TCP/IP).

  Read the article

• How to add monsters to a Pokemon game?

  - by Michael J. Hardy

  My friends and I are starting a game like Pokemon and we wanted to know how will we add monsters to the game? We're using VisualBasic because my friend's brother said it would be easier. So far we can put pictures of the monsters on the screen and you can click to attack and stuff. Right now when we want to add a monster we have to make a new window. This will take us a long time to make all the windows for each type of monster. Is there a tool or something to make this go faster? How do game companies do this?

  Read the article

• safely encode and pass a string from a html link to PHP program

  - by bert

  What series of steps would be reqired to safely encode and pass a string from a html href using javascript to construct the link to a php program. in javascript set up URL // encodes a URI component. path = "mypgm.php?from=" + encodeURIComponent(myvar) ; in php: // get passed variables $myvar = isset($_GET['myvar']) ? ($_GET['myvar']) : ''; // decode - (make the string readable) $myvar = (rawurldecode($myvar)); // converts characters to HTML entities (reduce risk of attack) $myvar = htmlentities($myvar); // maybe custom sanitize program as well? // see [http://stackoverflow.com/questions/2668854/php-sanitizing-strings-to-make-them-url-and-filename-safe][1] $myvar = sanitize($myvar);

  Read the article

• GLSL compiler messages from different vendors [on hold]

  - by revers

  I'm writing a GLSL shader editor and I want to parse GLSL compiler messages to make hyperlinks to invalid lines in a shader code. I know that these messages are vendor specific but currently I have access only to AMD's video cards. I want to handle at least NVidia's and Intel's hardware, apart from AMD's. If you have video card from different vendor than AMD, could you please give me the output of following C++ program: #include <GL/glew.h> #include <GL/freeglut.h> #include <iostream> using namespace std; #define STRINGIFY(X) #X static const char* fs = STRINGIFY( out vec4 out_Color; mat4 m; void main() { vec3 v3 = vec3(1.0); vec2 v2 = v3; out_Color = vec4(5.0 * v2.x, 1.0); vec3 k = 3.0; float = 5; } ); static const char* vs = STRINGIFY( in vec3 in_Position; void main() { vec3 v(5); gl_Position = vec4(in_Position, 1.0); } ); void printShaderInfoLog(GLint shader) { int infoLogLen = 0; int charsWritten = 0; GLchar *infoLog; glGetShaderiv(shader, GL_INFO_LOG_LENGTH, &infoLogLen); if (infoLogLen > 0) { infoLog = new GLchar[infoLogLen]; glGetShaderInfoLog(shader, infoLogLen, &charsWritten, infoLog); cout << "Log:\n" << infoLog << endl; delete [] infoLog; } } void printProgramInfoLog(GLint program) { int infoLogLen = 0; int charsWritten = 0; GLchar *infoLog; glGetProgramiv(program, GL_INFO_LOG_LENGTH, &infoLogLen); if (infoLogLen > 0) { infoLog = new GLchar[infoLogLen]; glGetProgramInfoLog(program, infoLogLen, &charsWritten, infoLog); cout << "Program log:\n" << infoLog << endl; delete [] infoLog; } } void initShaders() { GLuint v = glCreateShader(GL_VERTEX_SHADER); GLuint f = glCreateShader(GL_FRAGMENT_SHADER); GLint vlen = strlen(vs); GLint flen = strlen(fs); glShaderSource(v, 1, &vs, &vlen); glShaderSource(f, 1, &fs, &flen); GLint compiled; glCompileShader(v); bool succ = true; glGetShaderiv(v, GL_COMPILE_STATUS, &compiled); if (!compiled) { cout << "Vertex shader not compiled." << endl; succ = false; } printShaderInfoLog(v); glCompileShader(f); glGetShaderiv(f, GL_COMPILE_STATUS, &compiled); if (!compiled) { cout << "Fragment shader not compiled." << endl; succ = false; } printShaderInfoLog(f); GLuint p = glCreateProgram(); glAttachShader(p, v); glAttachShader(p, f); glLinkProgram(p); glUseProgram(p); printProgramInfoLog(p); if (!succ) { exit(-1); } delete [] vs; delete [] fs; } int main(int argc, char* argv[]) { glutInit(&argc, argv); glutInitDisplayMode(GLUT_DOUBLE | GLUT_RGBA); glutInitWindowSize(600, 600); glutCreateWindow("Triangle Test"); glewInit(); GLenum err = glewInit(); if (GLEW_OK != err) { cout << "glewInit failed, aborting." << endl; exit(1); } cout << "Using GLEW " << glewGetString(GLEW_VERSION) << endl; const GLubyte* renderer = glGetString(GL_RENDERER); const GLubyte* vendor = glGetString(GL_VENDOR); const GLubyte* version = glGetString(GL_VERSION); const GLubyte* glslVersion = glGetString(GL_SHADING_LANGUAGE_VERSION); GLint major, minor; glGetIntegerv(GL_MAJOR_VERSION, &major); glGetIntegerv(GL_MINOR_VERSION, &minor); cout << "GL Vendor : " << vendor << endl; cout << "GL Renderer : " << renderer << endl; cout << "GL Version : " << version << endl; cout << "GL Version : " << major << "." << minor << endl; cout << "GLSL Version : " << glslVersion << endl; initShaders(); return 0; } On my video card it gives: Status: Using GLEW 1.7.0 GL Vendor : ATI Technologies Inc. GL Renderer : ATI Radeon HD 4250 GL Version : 3.3.11631 Compatibility Profile Context GL Version : 3.3 GLSL Version : 3.30 Vertex shader not compiled. Log: Vertex shader failed to compile with the following errors: ERROR: 0:1: error(#132) Syntax error: '5' parse error ERROR: error(#273) 1 compilation errors. No code generated Fragment shader not compiled. Log: Fragment shader failed to compile with the following errors: WARNING: 0:1: warning(#402) Implicit truncation of vector from size 3 to size 2. ERROR: 0:1: error(#174) Not enough data provided for construction constructor WARNING: 0:1: warning(#402) Implicit truncation of vector from size 1 to size 3. ERROR: 0:1: error(#132) Syntax error: '=' parse error ERROR: error(#273) 2 compilation errors. No code generated Program log: Vertex and Fragment shader(s) were not successfully compiled before glLinkProgram() was called. Link failed. Or if you like, you could give me other compiler messages than proposed by me. To summarize, the question is: What are GLSL compiler messages formats (INFOs, WARNINGs, ERRORs) for different vendors? Please give me examples or pattern explanation. EDIT: Ok, it seems that this question is too broad, then shortly: How does NVidia's and Intel's GLSL compilers present ERROR and WARNING messages? AMD/ATI uses patterns like this: ERROR: <position>:<line_number>: <message> WARNING: <position>:<line_number>: <message> (examples are above).

  Read the article

• Detect aborted connection during ASIO request

  - by Tim Sylvester

  Is there an established way to determine whether the other end of a TCP connection is closed in the asio framework without sending any data? Using Boost.asio for a server process, if the client times out or otherwise disconnects before the server has responded to a request, the server doesn't find this out until it has finished the request and generated a response to send, when the send immediately generates a connection-aborted error. For some long-running requests, this can lead to clients canceling and retrying over and over, piling up many instances of the same request running in parallel, making them take even longer and "snowballing" into an avalanche that makes the server unusable. Essentially hitting F5 over and over is a denial-of-service attack. Unfortunately I can't start sending a response until the request is complete, so "streaming" the result out is not an option, I need to be able to check at key points during the request processing and stop that processing if the client has given up.

  Read the article

• Can EC2 instances be set up to come from different IP ranges?

  - by Joshua Frank

  I need to run a web crawler and I want to do it from EC2 because I want the HTTP requests to come from different IP ranges so I don't get blocked. So I thought distributing this on EC2 instances might help, but I can't find any information about what the outbound IP range will be. I don't want to go to the trouble of figuring out the extra complexity of EC2 and distributed data, only to find that all the instances use the same address block and I get blocked by the server anyway. NOTE: This isn't for a DoS attack or anything. I'm trying to harvest data for a legitimate business purpose, I'm respecting robots.txt, and I'm only making one request per second, but the host is still shutting me down. Edit: Commenter Paul Dixon suggests that the act of blocking even my modest crawl indicates that the host doesn't want me to crawl them and therefore that I shouldn't do it (even assuming I can work around the blocking). Do people agree with this?

  Read the article

• Historical security flaws of popular PHP CMS's?

  - by VirtuosiMedia

  I'm creating a PHP CMS, one that I hope will be used by the public. Security is a major concern and I'd like to learn from some of the popular PHP CMS's like Wordpress, Joomla, Drupal, etc. What are some security flaws or vulnerabilities that they have they had in the past that I can avoid in my application and what strategies can I use to avoid them? What are other issues that I need to be concerned with that they perhaps didn't face as a vulnerability because they handled it correctly from the start? What additional security features or measures would you include? Please be as specific as possible. I'm generally aware of most of the usual attack vectors, but I want to make sure that all the bases are covered, so don't be afraid to mention the obvious as well. Assume PHP 5.2+.

  Read the article

• How should I protect against hard link attacks?

  - by Thomas

  I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

  Read the article

• Why does IE prompt a security warning when viewing an XML file?

  - by Tav

  Opening an XML file in Internet explorer gives a security warning. IE has a nice collapsible tree view for viewing XML, but it's disabled by default and you get this scary error message about a potential security hole. http://www.leonmeijer.nl/archive/2008/04/27/106.aspx But why? How can simply viewing an XML file (not running any embedded macros in it or anything) possibly be a security hole? Sure, I get that running XSLT could potentially do some bad stuff, but we're not talking about executing anything. We're talking about viewing. Why can't IE simply display the XML file as text (plus with the collapsible tree viewer)? So why did they label this as a security hole? Can someone describe how simply viewing an XML document could be used as an attack document?

  Read the article

• Disabling javascript in specific block/div (containing suspect HTML) ?

  - by T4NK3R

  Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

  Read the article

• CRSF token and Session replication with Tomcat and Apache

  - by technocool

  I have an J2EE compliant web application. I use a session based token to append a secondary id to all incoming link generated by my application. To prevent my application against CSRF attack, I validate the secondary id before I allow the user session to work off the subsequent page. Recently, while working with session replication mechanism implementation, I observed that on session failover, the generated secodary id is lost and the user get re directed to the login page/default page. Any suggestions on how I can ensure that the my generated secondary token id is not lost from the replicated session?

  Read the article

• Sending mass email using PHP

  - by Alan

  I am currently writing a music blog. The administrator posts a new article every 2-3 days. Once the administrator posts an article, a mass email will be sent to around 5000 subscribers immediately. What is the best way to implement the mass mail feature? Does the following function work? function massmail() { $content = '...'; foreach ($recipients as $r) { $_content = $content . '<img src="http://xxx/trackOpenRate.php?id='.$r.'">'; mail($r, 'subject', $_content); } } Another question: If all 5000 subscribers are using Yahoo Mail, will Yahoo treat it as a DDOS attack and block the IP address of my SMTP server?

  Read the article

• Ideas for building vulnerabilities into your site?

  - by Jaco Pretorius

  I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks. The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc. Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge. This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC because it allows me to work with the 'raw' HTML. Any ideas on the different vulnerabilities I can use?

  Read the article

• Secure database connection. DAL .net architecture best practice

  - by Andrew Florko

  We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

  Read the article

• Why does MySQL autoincrement increase on failed inserts?

  - by Sorcy

  A co-worker just made me aware of a very strange MySQL behavior. Assuming you have a table with an auto_increment field and another field that is set to unique (e.g. a username-field). When trying to insert a row with a username thats already in the table the insert fails, as expected. Yet the auto_increment value is increased as can be seen when you insert a valid new entry after several failed attempts. For example, when our last entry looks like this... ID: 10 Username: myname ...and we try five new entries with the same username value on our next insert we will have created a new row like so: ID: 16 Username: mynewname While this is not a big problem in itself it seems like a very silly attack vector to kill a table by flooding it with failed insert requests, as the MySQL Reference Manual states: "The behavior of the auto-increment mechanism is not defined if [...] the value becomes bigger than the maximum integer that can be stored in the specified integer type." Is this expected behavior?

  Read the article

• Is it a bad idea to have a login dialog inside an iframe?

  - by AyKarsi

  We're creating a website where we will be giving out code snippets to our users which they can place on their own websites. These snippets contain a link a javascript include. When clicking the link, an iframe containing the login dialog to our site opens. The user then authenticates inside the iframe, does his work and when he leaves the iframe his session is closed. We've got it working allready and it's very slick. Our main concern though is phishing. The user has absolutely now way of veryifying where the login page is really coming from. On the other hand, phising attacks are also succesfull even if the user can see the fake-url in the address bar. Would you enter your (OpenId) credentials in an iframe? Does anyone know a pattern with which we could minimise the chances of a phishing attack?

  Read the article

• help in security assignment

  - by scatman

  i have to write a program that sniffs network packets (part1-the simple part). and i have to update the program (part2) so that it will be able to terminate connections. the specific requirements are: construct raw packets by specifying data link layer and network layer information including appropriate source and destination MAC and IP addresses. These packets are intended to terminate the connection. To do so, you should used SOCK_RAW as the socket type to be able to set the header information by yourself. can anybody give me some ideas on the second part? should i hijack the session,apply a dos attack on one of the users?? all i need is some tips of how to terminate the connection. i am using c programming language. and this is a course assignment for the security course.

  Read the article

• The implicit function __strcpy_chk() call

  - by Summer_More_More_Tea

  Hi everyone: I'm now performing a stack buffer overflow attack test on my own PC( Ubuntu 9.10, gcc-4.4.1 ) based on the article http://www.tenouk.com/Bufferoverflowc/Bufferoverflow4.html. Yet I haven't achieved the goal. Each time a segfault is thrown accompanied with some error informaiton. I compile the source code, and wanna get further information using objdump. Function __strcpy_chk is invoked in the assembly code dumped out, and it's said that "The __strcpy_chk() function is not in the source standard; it is only in the binary standard." Does this the mechanism a compiler employed to protect runtime stack? To finish my test, how can I bypass the protection? Regards.

  Read the article

• How do you encrypt data between client and server running in Flash and Java?

  - by ArmlessJohn

  We have a multiclient system where the client is written in Flash and the server is written in Java. Currently, communication is done in Flash by usage of flash.net.Socket and the protocol is written in JSON. The server uses a custom port to receive connections and then proceed to talk with each client. As expected, data is sent and received on both fronts as raw bytes, which are then decoded as needed. We would like to encrypt the communication between clients and server. I have some basic understanding about public/private key encryption, but I do not know what is the best way to exchange keys or what libraries are available (on both languages) to do this. What would be the best strategy to attack this problem and where should I start looking for libraries/methods to implement this encryption?

  Read the article

• "Zoom" text to be as big as possible within constraints/box

  - by stolsvik

  First problem: You have 400 pixels width to go on, and need to fit some text within that constraint as large as possible (thus, the text shall use that amount of space). Throw in a new constraint: If the text is just "A", then it shall not zoom this above 100 pixels (or some specific font size). Then, a final situation: Linebreaks. Fit some text in the largest possible way within e.g. 400 x 150 pixels. An obvious way is to simply start with point 1, and then increase until you can't fit it anymore. This would work for all three problems, but would be very crude. The fitting of a single line within bounds could be done by writing it with some fixed point size, check the resulting pixel bounds of the text, and then simply scale it with a transform (the text scales properly too then, check out TransformUI). Any ideas of other ways to attack this would be greatly appreciated!

  Read the article

< Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >