Oh the irony. In what is starting to read very much like the script to a Hollywood movie itself, the latest twist to the Sony Pictures hacking plot took an unexpected turn yesterday. It would appear that at one stage yesterday access to the web across pretty much all of North Korea went down, with access to key sites such as the state-run Korean Central News Agency (KCNA) and Rodong Sinmun newspaper were down for most of the day. Not that most North Koreans would have noticed, of course, seeing as they are denied access to the Internet anyway. The …

Member Avatar
+1 forum 0

According to research commissioned by security vendor [Bit9 + Carbon Black](https://www.bit9.com/solutions/carbon-black/), nearly half (49%) of the organisations questioned admitted they simply didn't know if their businesses had been compromised or not. This uncertainty regarding cyber-attack detection ability comes in stark contrast to the 32% who confirmed they had been attacked during the previous 12 months and the 64% expecting to be targeted in the next 12 months. Looking a little closer at the data, when it comes to who might be attacking them, hacktivists on 86% bizarrely came top of the list ahead of cyber-criminals with 77% and disgruntled employees …

Member Avatar
Member Avatar
+2 forum 29

Goodwill Industries International, a network of 165 community-based agencies in North America, has been breached. This follows a previous announcement of a potential attack back in July. After an extensive forensic investigation lasting a month, Goodwill has now [confirmed](http://www.goodwill.org/press-releases/goodwill-provides-update-on-data-security-issue/) that "a third-party vendor’s systems" were indeed "attacked by malware, enabling criminals to access some payment card data of a number of the vendor’s customers." According to the statement, about 10% of stores (or 20 Goodwill members if you prefer) using the same third-party vendor were involved; Goodwill insists that there is no evidence of malware on internal systems. The breach …

Member Avatar
Member Avatar
+3 forum 5

Yesterday, Tor [issued a security advisory](https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack) which revealed that a group of relays had been discovered on July 4th which looked like they "were trying to deanonymize users." The advisory states that the attack "involved modifying Tor protocol headers to do traffic confirmation attacks" with the relays having joined the network at the start of the year. This means they were potentially deanonymizing users between January 30th and July 4th when they were finally removed. A Tor spokesperson says that they know the attack "looked for users who fetched hidden service descriptors, but the attackers likely were not able to …

Member Avatar
Member Avatar
+2 forum 2

this is the worst website i have ever found, i have been watching it for hours. http://map.ipviking.com/ its supposedly a real time cyber attack map and its mesmerizing.

Member Avatar
Member Avatar
+0 forum 2

Not exactly the most surprising news ever, that Anonymous is [planning an all out DDoS war on World Cup corporate sponsors](http://www.independent.co.uk/news/world/americas/world-cup-2014-hacktivist-group-anonymous-plan-cyberattack-on-world-cup-sponsors-9467786.html) during the football tournament. Personally, I wish them luck. Cannot stand football, in fact hate it with a passion and the world cup period is a nightmare every four years with no escape wherever you go and whatever you do. Media coverage is ridiculous in the UK, anyone would think that football is some kind of religion. I also have no love for the large corporates which sponsor such events, being an anarchist at heart. Your mileage may well …

Member Avatar
Member Avatar
+0 forum 1

The Distributed Denial of Service (DDoS) attack is becoming the crowbar of the online criminal. In the past we have got rather used to DDoS attacks being one of the favoured approaches of hacktivists, with perhaps the Low Orbit Ion Cannon (LOIC) and later the High Orbit Ion Cannon (HOIC) as used by Anonymous to take down sites being the best known examples. However, recent evidence suggests that taking down a site is increasingly no longer the be all and end all of a DDoS attack, instead it's just a means to a much more profitable end. A couple of …

Member Avatar
Member Avatar
+1 forum 3

what could be the best way to disable symlink attack 1: i use**disable_functions= symlink,ln** at php.ini 2: at .htaccess i disable it as follow with minus sign(-) Options -FollowSymLinks Options -SymLinksIfOwnerMatch is my workings okay. or they are other work round thank you

Member Avatar
Member Avatar
+0 forum 1

Small groups of what are best described as cyber-mercenaries, willing and able to perform surgically precise hit and run hacking operations, are offering their services for hire out of China, Japan and South Korea. That's the conclusion of security researchers at [Kaspersky Lab](http://www.kaspersky.co.uk/) who have been following the progress of a newly discovered espionage campaign, known as Icefog and targeting the supply chain in South Korea and Japan which feeds companies in the West. Icefog is an APT, or Advanced Persistent Threat, and in the words of the Kaspersky Lab [report](http://www.securelist.com/en/blog/208214064/The_Icefog_APT_A_Tale_of_Cloak_and_Three_Daggers) a "small yet energetic" one. Although it appears to …

Member Avatar
Member Avatar
+1 forum 1

How can I prevent a XSS attack but allow user to post iframe and img? My page is php based but I allow users to submit text and have allowed only iframes and imgs with strip_tag How do I prevent a user from launching an xss attack?

Member Avatar
Member Avatar
+0 forum 4

Dana Tamir, Enterprise Security Director for [Trusteer](http://www.trusteer.com/) has recently uncovered a variation of the TorRAT banking data malware which has been actively configured to target Twitter users. The attack works by "injecting Javascript code into the victim’s Twitter account page" Tamir says, adding that the malware "collects the user’s authentication token, which enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim". These tweets are used, of course, to spread the malware within the social networking circle by leveraging the trust that is implicit in such networks. Twitter users, generally …

Member Avatar
Member Avatar
+2 forum 2

when i was saving my word document, it sudenly changed to some languge i cannot understand i guess it is chinese language. I suspect it could be virus attack. please help on how to recover my document back to english.

Member Avatar
Member Avatar
+0 forum 4

New research shows that hackers are becoming increasingly lazy in their search for online exploits, with 98% of Remote File Inclusion and 88% of SQL injection attacks now being fully automated. It comes as no surprise whatsoever to DaniWeb administrators and moderators that your average cybercriminal is looking for the easiest way to earn a dishonest buck. After all, we have recently completely re-coded the DaniWeb forum from the ground up partly in order to deal with the increasing number of spambot attacks that were being launched against us across much of last year. Spammers have long since used software …

Member Avatar
Member Avatar
+1 forum 1

An ongoing attack aimed at users of the Apple Mac platform is being reported by security researchers. [AlienVault,](http://www.alienvault.com) which has discovered these weaponised attacks in the wild, warns that regular Mac users without IT security software installed could be at risk of infection and hijacking. ![alien](/attachments/small/0/alien.jpg "align-right") The researchers suspect that the attack stems from the same anti-Tibetan, pro-Chinese, hacking group that has been [responsible for attacks](http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/) targeting Tibetan activist organisations in recent weeks. According to the lead researcher who made the discovery, Jaime Blasco, the group is "delivering two different Mac trojans" including a new and improved one called …

Member Avatar
Member Avatar
+1 forum 1

I'm trying to find a solution to protect all the software developed in the company I work in. Till now we've been working with hardlocks, but we are trying to cut on expences and wanting to develop our own software protection system. I know that there some free tools, like for instance activelock, but we aren't interested in using third party tools either, since these tools are frequently open to attacks and we might have migration problems in the future. I've been googling and I can't find any good techniques for developing this type of solution. We've seen some ideas …

Member Avatar
Member Avatar
+0 forum 1

Samsung has fixed the Unstructured Supplementary Service Data (USSD) exploit that could remotely wipe data from a Galaxy S III smartphone, but that doesn't mean the USSD threat is over: far from it in fact. According to some security researchers, 400 million Android device users are at risk from having their hardware bricked. It's not just owners of the Samsung Galaxy S III that are vulnerable to this particular attack, or indeed just Samsung handsets at all as first thought. As is often the case, the discovery of a vulnerability leads to several new ways to exploit it and that's …

Member Avatar
Member Avatar
+0 forum 1

Here is capital letter style caesar crypted message. We can simply try all possible shifts for first few words (ignoring punctuations, which is left as is). If both first words succeed we assume we cracked it. You could also use Vigenère encryption, but keeping non-letters is less simple, our Vigenère drops all non-letters (including numbers). You need some english word dictionary saved as dict.txt in same directory as you save this code.

Member Avatar
Member Avatar
+1 forum 1

[ATTACH=RIGHT]21767[/ATTACH]An unnamed Asian company operating within what has been described as a 'high risk e-commerce industry' has been targeted by a botnet which launched a DDoS attack of unprecedented magnitude. According to Distributed Denial of Service mitigation experts Prolexic, which claims to have successfully combated the attack, the volume of this particular attack was nothing short of extraordinary. How so? Well, consider that most high-end border routers employed by your average ISP are capable of forwarding around 70,000 packets per second typically. Now consider that the volume of this DDoS attack using TCP SYN Floods and ICMP Floods reached 25 …

Member Avatar
Member Avatar
+0 forum 4

i'm doing a rpg for fun but this one function is giving me problems. it compiles without problems, but when i test it, the hp stats done change. this is the code for the function. [CODE=c]void attack(dragon *d1, dragon *d2) { if(d1->getdef() < d2->getatk()) { d1->changehp(- ( d2->getatk() - d1->getdef() ) ); }else if(d2->getdef() < d1->getatk()) { d2->changehp(- (d1->getatk() - d2->getdef() ) ); } if(d1->gethp() == 0) d1->setout(true); /* set to unconscious */ }[/code] and this is the code for the dragon class [code=c]class dragon { private: string name; int atk, def, acc; int type, lvl, hp, hpmax, exp, expmax; …

Member Avatar
Member Avatar
+0 forum 15

Chip and PIN credit card attack leaves banks on shaky ground according to one analyst, although oddly enough the banks appear to disagree. Researchers at the University of Cambridge Computer Laboratory have revealed how the Chip and PIN credit card security system is flawed and left vulnerable to fraud. Steven Murdoch, Saar Drimer, Ross Anderson and Mike Bond, the researchers in question, have apparently tested the 'wedge' attack scenario against cards issued by most of the mainstream banks in the UK and found them all to be equally vulnerable. Of course, this is not the first time that cards have …

Member Avatar
Member Avatar
+0 forum 3

Wow. That's quite a statistic, but there it is in front of me jumping off the pages of the latest [URL="http://bit.ly/b2rUFg"]global State of Enterprise Security study[/URL] from Symantec. The two lines shining so brightly and grabbing my attention read "75 percent of organizations experienced cyber attacks in the past 12 months" and "these attacks cost enterprise businesses an average of $2 million per year". I'll say it again, wow! Maybe that is not so surprising when you consider that the report states that every enterprise, yes 100 percent, experienced cyber losses in 2009. The top three losses being intellectual property …

Member Avatar
+0 forum 0

Google has signalled, in the strongest possible manner, that it will be pulling out of China unless something is done to address censorship of searches. It has also accused China of launching a "highly sophisticated and targeted attack" on the Google corporate infrastructure, along with another twenty large companies from a range of business sectors in the US. Such attacks are nothing new, just last year the Pentagon was allegedly subject to a [URL="http://www.daniweb.com/blogs/entry4266.html"]successful hacking attack[/URL] with details of the F35 Lightning II, also known as the Joint Strike Fighter and the most expensive jet fighter ever, the target. However, …

Member Avatar
Member Avatar
+2 forum 2

According to the latest McAfee Labs [URL="http://www.mcafee.com/us/local_content/reports/7315rpt_threat_1009.pdf"]Third Quarter Threats Report 2009[/URL] instances of Distributed Denial of Service attacks are growing in popularity. In the last quarter the McAfee Labs observed many new attacks demanding ransom money including those aimed at sports betting companies which were taken out of action during key sporting events to cause losses in the millions. Such attacks have not only been used to make money, but also silence political opinion. But perhaps the growth of DDoS as a service, whereby cybercriminals offer botnets capable of launching such attacks to the highest bidder is the biggest worry. …

Member Avatar
+0 forum 0

According to the fourth [URL="http://www.arbornetworks.com/report"]Worldwide Infrastructure Security Report[/URL] from Arbor Networks, published today, malicious attacks on networks are continuing to rise at an alarming rate. While that is no great surprise, the fact that during 2008 Distributed Denial of Service attacks have peaked at 40 Gbps most certainly is. Arbor's fourth annual Worldwide Infrastructure Security Report includes responses from nearly 70 IP network operators in North America, South America, Europe and Asia. It has revealed that during the last couple of years the largest sustained DDoS attacks were 24 Gbps and 17 Gbps, and according to Arbor Networks this represents …

Member Avatar
+0 forum 0

According to the Pakistan Telecommunications Authority (PTA) while the blocking of the YouTube website over the weekend in Pakistan was intended the worldwide outage that saw the popular video streaming service become unavailable to huge swathes of the planet was accidental. Anyway, PTA spokesman Khurram Mehran assures us it is all OK now because it has "issued instructions to all internet service providers that YouTube should be unblocked as the specific content has been removed by the website." The specific content referred to being cartoons of the Prophet Mohammed which Pakistani authorities have described as being highly profane and sacrilegious. …

Member Avatar
+0 forum 0

The End.