Search Results

Search found 49 results on 2 pages for 'tampering'.

Page 1/2 | 1 2  | Next Page >

  • Situations that require protecting files against tampering when stored on a users computer

    - by Joel
    I'm making a 'Pokémon Storage System' with a Client/Server model and as part of that I was thinking of storing an inventory file on the users computer which I do not wish to be edited except by my program. An alternative to this would be to instead to store the inventory file on the server and control it's editing by sending commands to the server but I was wondering if there are any situations which require files to be stored on a users computer where editing would be undesirable and if so how do you protect the files? I was thinking AES with some sort of checksum?

    Read the article

  • Git, auto updating, security and tampering?

    - by acidzombie24
    I was thinking about hosting my private project on my server (i may use 'gitolite') and have a copy on my local machine as backup (git clone then automated git fetch every few minute). I want to know what happens if there is a bug gitolite or somewhere else on my server and the source code and git repository has been tampered with? Will my backup also be corrupted? will i easily be able to revert the source using the history?

    Read the article

  • Git, auto updating, security and tampering?

    - by acidzombie24
    I was thinking about hosting my private project on my server (i may use 'gitolite') and have a copy on my local machine as backup (git clone then automated git fetch every few minute). I want to know what happens if there is a bug gitolite or somewhere else on my server and the source code and git repository has been tampered with? Will my backup also be corrupted? will i easily be able to revert the source using the history?

    Read the article

  • OS X Application icons missing after filesystem tampering

    - by dylan
    A while back I installed some Google software, I forget what it was, but it was something that attached itself to Google Chrome and was un-uninstallable short of uninstalling all of Chrome. It was a total pain in the a$$. Anyways, I was trying to put up a fight before going nuclear and just wiping Chrome, and during that fight, something went wrong (i.e., I didn't know what I was doing). I remember messing around with the Applications folder somehow. I don't remember what exactly I did, but it perhaps involved some interchanging between the /Applications and /User/Username/Applications folders? Definitely some tampering in those areas, I'm sure at least about that. Anyways, I've since updated and restarted my computer. Now, while all my apps work fine, many of them have blank icons - not on the Dock, those icons are fine, but in Spotlight search results, etc. Currently, my /Applications folder contains only OS X-cooked-in applications. My ~/Applications folder contains cooked in apps AND post-OS/third-party apps. There hasn't been any functionality deficit so far, but I don't like working on a machine where something isn't how it should be. I know my information was vague, but does anyone know what went wrong / how to fix it? OS X Mavericks 10.9.3

    Read the article

  • dhcp3-server (dhcpd) is tampering with host NIC

    - by user61000
    Hi all, I have a debian box that is serving as a router (using iptables NAT). When first turned on, everything works fine for a few minutes. Then the dhcp server assigns an IP (other than 192.168.0.1) to its' host NIC, eth0. This is NOT what I want. I just want dhcp3-server to listen on eth0, not assign it an IP, and changes the kernel routing table. This of course ruins the NAT capablities of the box. How can I tell the dhcp3-server NOT to do this? Thanks Before dhcp3-server tampers with eth0, the IP is 192.168.0.1, and the routing table looks like this: ~# netstat -r Kernel IP routing table Destination Gateway Iface 192.168.0.0 * eth0 173.33.220.0 * eth1 default 173.33.220.1 eth1 After dhcp3-server tampers with eth0, the IP is 192.168.0.3, and the routing table looks like this: ~# netstat -r Kernel IP routing table Destination Gateway Iface 192.168.0.0 * eth0 173.33.220.0 * eth1 default 192.168.0.1 eth0 default 173.33.220.1 eth1 SETUP Outbound NIC is eth1 Internal NIC is eth0 /etc/network/interfaces ... iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 /etc/default/dhcp3-server INTERFACES="eth0"

    Read the article

  • Would SSL prevent replay tampering by the authenticated user

    - by Coder 42
    In the context of a game (HTML5/Flash/Silverlight) which sends data to an online service to record progress (e.g. player killed an orc), would communicating with the service over SSL implicitly prevent the player from recording and replaying the message? I know SSL includes a nonce, but does it remain constant for the duration of the connection or does it change after each request/response cycle?

    Read the article

  • How to detect hidden field tampering?

    - by Myron
    On a form of my web app, I've got a hidden field that I need to protect from tampering for security reasons. I'm trying to come up with a solution whereby I can detect if the value of the hidden field has been changed, and react appropriately (i.e. with a generic "Something went wrong, please try again" error message). The solution should be secure enough that brute force attacks are infeasible. I've got a basic solution that I think will work, but I'm not security expert and I may be totally missing something here. My idea is to render two hidden inputs: one named "important_value", containing the value I need to protect, and one named "important_value_hash" containing the SHA hash of the important value concatenated with a constant long random string (i.e. the same string will be used every time). When the form is submitted, the server will re-compute the SHA hash, and compare against the submitted value of important_value_hash. If they are not the same, the important_value has been tampered with. I could also concatenate additional values with the SHA's input string (maybe the user's IP address?), but I don't know if that really gains me anything. Will this be secure? Anyone have any insight into how it might be broken, and what could/should be done to improve it? Thanks!

    Read the article

  • Protecting an Application's Memory From Tampering

    - by Changeling
    We are adding AES 256 bit encryption to our server and client applications for encrypting the TCP/IP traffic containing sensitive information. We will be rotating the keys daily. Because of that, the keys will be stored in memory with the applications. Key distribution process: Each server and client will have a list of initial Key Encryption Key's (KEK) by day If the client has just started up or the server has just started up, the client will request the daily key from the server using the initial key. The server will respond with the daily key, encrypted with the initial key. The daily key is a randomly generated set of alphanumeric characters. We are using AES 256 bit encryption. All subsequent communications will be encrypted using that daily key. Nightly, the client will request the new daily key from the server using the current daily key as the current KEK. After the client gets the new key, the new daily key will replace the old daily key. Is it possible for another bad application to gain access to this memory illegally or is this protected in Windows? The key will not be written to a file, only stored in a variable in memory. If an application can access the memory illegally, how can you protect the memory from tampering? We are using C++ and XP (Vista/7 may be an option in the future so I don't know if that changes the answer).

    Read the article

  • detect pdf tampering

    - by sean717
    Hi, the web app I am currently working on generates a PDF file and sends to user who will use this PDF as a certificate. My question is, how to make sure that this PDF file is impossible to be tampered by the user? Thanks,

    Read the article

  • Testing ASP.NET security in Firefox

    - by blahblah
    I'm not sure whether this question belongs on StackOverflow or SuperUser, but here goes nothing... I'm trying to test out some basic security problems on my personal ASP.NET website to see exactly how the custom validators, etc. work when tampering with the data. I've been looking at the Firefox extension TamperData which seems to do the trick, but it doesn't feel very professional at all. The issues I'm having with TamperData is that the textbox for the POST data is way too small to hold the ASP.NET view-state, so I have to copy that data into Emacs and then back again to be productive at all. I also don't like that there doesn't seem to be an option to only tamper with data which is from/to localhost. Any ideas on better extensions for the task or better methods to test it?

    Read the article

  • insert null character using tamper data

    - by Jeremy Comulu
    Using the firefox extension tamper data (for modifing http requests that firefox makes) how do I insert a null character into a post field? I can enter normal characters, but binary characters in it are not urlencoded and are shown as is, so how do I enter the null character into a field? If you know of a firefox extension like tamper data that I can do this or a way to do this using tamper data please post.

    Read the article

  • How do I prevent tampering with AJAX process page? [closed]

    - by whamsicore
    I am using Ajax for processing with JQUERY. The Data_string is sent to my process.php page, where it is saved. Issue: right now anyone can directly type example.com/process.php to access my process page, or type example.com/process.php/var1=foo1&var2=foo2 to emulate a form submission. How do I prevent this from happening? Also, in the Ajax code I specified POST. What is the difference here between POST and GET?

    Read the article

  • What's the max Windows 7 access possible to restrict tampering with single service?

    - by Crawford Comeaux
    I'm developing an ADHD management system for myself. Without going into detail (and as silly as it may sound for a grown man to need something like this), I need to build a me-proof service to run on my Windows 7 Ultra laptop. I still need fairly complete access to the system, though. How can I set things up so that I'm unable to "easily" (ie. within 3-5 mins without rebooting) stop the service or prevent it from running?

    Read the article

  • In .NET, how do I prevent, or handle, tampering with form data of disabled fields before submission?

    - by David
    Hi, If a disabled drop-down list is dynamically rendered to the page, it is still possible to use Firebug, or another tool, to tamper with the submitted value, and to remove the "disabled" HTML attribute. This code: protected override void OnLoad(EventArgs e) { var ddlTest = new DropDownList() {ID="ddlTest", Enabled = false}; ddlTest.Items.AddRange(new [] { new ListItem("Please select", ""), new ListItem("test 1", "1"), new ListItem("test 2", "2") }); Controls.Add(ddlTest); } results in this HTML being rendered: <select disabled="disabled" id="Properties_ddlTest" name="Properties$ddlTest"> <option value="" selected="selected">Please select</option> <option value="1">test 1</option> <option value="2">test 2</option> </select> The problem occurs when I use Firebug to remove the "disabled" attribute, and to change the selected option. On submission of the form, and re-creation of the field, the newly generated control has the correct value by the end of OnLoad, but by OnPreRender, it has assumed the identity of the submitted control and has been given the submitted form value. .NET seems to have no way of detecting the fact that the field was originally created in a disabled state and that the submitted value was faked. This is understandable, as there could be legitimate, client-side functionality that would allow the disabled attribute to be removed. Is there some way, other than a brute force approach, of detecting that this field's value should not have been changed? I see the brute force approach as being something crap, like saving the correct value somewhere while still in OnLoad, and restoring the value in the OnPreRender. As some fields have dependencies on others, that would be unacceptable to me.

    Read the article

  • How do I prove to a client/advertiser that my site's analytics numbers are what I say they are?

    - by Bryson
    I have been asked to provide recommendations on "Verified Analytics" for the next iteration of my company's site. Verified to mean that when we sell ad space, it's based on a number of page-views, and the people who buy that space want a way to verify that the numbers we give them are the actual numbers we're delivering. I have turned to The Google and the only services I can find for this sort of thing revolve around Google Analytics and the sale of a domain name. I export my analytics numbers to a PDF, have Google email the PDF to my auctioneer, and they look for signs of tampering. If no signs of tampering are found they put a little "Verified" badge on the domain auction. (Here) Other than this, and something similar on another domain sales site, I haven't found anything like what I've been asked to find. Currently we are using Google Analytics, however I've been also asked to recommend a replacement for that based on the ability to be verified. I'd rather just stick with Google Analytics since we also use Google for advertising.

    Read the article

  • Stairway to SQL Server Security: Level 1, Overview of SQL Server Security

    The ubiquity of databases and the potentially valuable information stored in them makes them attractive targets for people who want to steal data or harm its owner by tampering with it. Making sure that your data is secure is a critical part of configuring SQL Server and developing applications that use it to store data. 12 must-have SQL Server toolsThe award-winning SQL Developer Bundle contains 12 tools for faster, simpler SQL Server development. Download a free trial.

    Read the article

  • What should I do about this user?

    - by Tim Brigham
    What should I do about this user? The user is: Downloading pornography Attempting unauthorized access Running hacking software Sending unsolicited email Installing software / tampering with the system etc This is intended as a generic answer for employee behavioral problems, a la Can you help me with my software licensing question? I could see where acceptable use issues are a touch out of scope for SF, however it is one of those things most sysadmins will run into. I don't want to keep rewriting similar answers.

    Read the article

  • How can I choose between Linux and Windows hosting?

    - by Mohamad
    I am a relative beginner when it comes to choosing web servers and hosting plans. I'm about to signup for a hosting plan with GoDaddy. My main requirement is ColdFusion and MySQL. The plans on offer include Linux and Windows based plans. Which one should I choose, and why? I don't have a lot of requirements other than what I mentioned above. I never used Linux before but I doubt I'll ever need to do anything beyond tampering with my account. What are the main advantages of one over the other?

    Read the article

  • How can I choose between Linux and Windows hosting? [closed]

    - by Mohamad
    Possible Duplicate: How to find web hosting that meets my requirements? I am a relative beginner when it comes to choosing web servers and hosting plans. I'm about to signup for a hosting plan with GoDaddy. My main requirement is ColdFusion and MySQL. The plans on offer include Linux and Windows based plans. Which one should I choose, and why? I don't have a lot of requirements other than what I mentioned above. I never used Linux before but I doubt I'll ever need to do anything beyond tampering with my account. What are the main advantages of one over the other?

    Read the article

  • My Computer in Ubuntu?

    - by Casey Hungler
    I was wondering if Ubuntu has an equivalent to the Windows feature "My Computer", which lists all available drives/storage devices. Typically, My Computer shows C:, which can be opened to view all of your directories and files. At this point, it is very similar to Ubuntu's Home Folder, but I am looking for something that allows me to view/select all available HDD's/Partitions. Here's my reason: I found a 6gb IDE HDD in my basement, and got an IDE cable for it. My desktop computer has a SATA drive in it, but has an IDE slot, so I wanted to plug it in and see what might be on it. The drive seems to be recognized in BIOS, but I can't find it in Ubuntu to view files, and Ubuntu is the only OS on that particular computer. If anyone has any ideas as to how to view the contents of that drive WITHOUT formatting it or tampering with the contents in any way, I would greatly appreciate your help. Thanks in advance!

    Read the article

  • Automated tests for Java Swing GUIs

    - by pauldoo
    What options are there for building automated tests for GUIs written in Java Swing? I'd like to test some GUIs which have been written using the NetBeans Swing GUI Builder, so something that works without requiring special tampering of the code under test would be ideal.

    Read the article

  • Convert Office Documents without Office

    - by Benny
    We are in need of converting all MS Office documents to PDF, TIF, or any similar image format with no loss in formatting (these are official documents that cannot have tampering). Is there any way to do this without installing Office on the machine that would do this? Ideally, this would go on a server and run multi-threaded without the overhead of Office Automation. Thanks in advance!

    Read the article

  • Secure Your Wireless Router: 8 Things You Can Do Right Now

    - by Chris Hoffman
    A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last. To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network. Disable Remote Access Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network. However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it. To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check. Update the Firmware Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models. Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed. Change Default Login Credentials Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings. To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router. Lock Down Wi-Fi Access If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous. To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase. Don’t use the weaker WEP encryption or set an obvious passphrase like “password”. Disable UPnP A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons. To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP. Log Out of the Router’s Web Interface When You’re Done Configuring It Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access. Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings. To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do. Change the Router’s Local IP Address If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail. This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it. Install Third-Party Firmwares If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares. Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions. Image Credit: Nuscreen on Flickr     

    Read the article

  • What can I do to prevent my user folder from being tampered with by malicious software?

    - by Tom Wijsman
    Let's assume some things: Back-ups do run every X minutes, yet the things I save should be permanent. There's a firewall and virus scanner in place, yet there happens to be a zero day attack on me. I am using Windows. (Although feel free to append Linux / OS X parts to your answer) Here is the problem Any software can change anything inside my user folder. Tampering with the files could cost me my life, whether it's accessing / modifying or wiping them. So, what I want to ask is: Is there a permission-based way to disallow programs from accessing my files in any way by default? Extending on the previous question, can I ensure certain programs can only access certain folders? Are there other less obtrusive ways than using Comodo? Or can I make Comodo less obtrusive? For example, the solution should be proof against (DO NOT RUN): del /F /S /Q %USERPROFILE%

    Read the article

1 2  | Next Page >