1,400 Topics
 | |
| | I'm very much interested to develop Network IDS for my final year project , but I'm beginner to this Network security domain.Need some suggestion and some resources to develop this project.please help me . |
 | According to Dell SecureWorks Counter Threat Unit (CTU) security researcher [Keith Jarvis](http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/), the CryptoLocker ransomware that has been written about so much of late has infected as many as 250,000 computers during the first 100 days of distribution (staring on the 5th of September, 2013). What's more, Jarvis estimates, based … |
| | US retail giant Target [has confirmed](http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores) that hackers gained access to payment card data that could mean 40 million credit and debit card accounts are at risk. An official statement says that the retailer is "aware of unauthorized access to payment card data that may have impacted certain guests making …  |
| | A [Channel 4 News investigation](http://www.channel4.com/news/phone-mobile-data-24-hours-apps-security-secret) in the UK has revealed that in a 24 hour period just one smartphone made 350,000 requests to 315 different servers and made 30,000 requests to 76 servers when otherwise sitting totally idle for 45 minutes. Oh, and then there was the location data being … |
 | Just curious about your thoughts on this subject. **Example:** www.site.com/?id=1 or www.site.com/?id=8adyfa8df614812yasdf (which is also "1", but encrypted) What would you recommend? What do you use? Anyone with pros and/or cons on if you should encrypt your URL data? **My thoughts:** Pros (to encrypting URL data): - Makes it harder …  |
| | According to a [report](http://www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf) from researchers at US security outfit FireEye, a number of computers belonging to diplomats attending the G20 summit in Russia three months ago, including at least five European foreign ministries, were successfully targeted by Chinese hackers. FireEye researchers had monitored a server, one of 23, used … |
| | If my iPhone 5s fingerprint data is walled off from the rest of A7 chip and the rest of iOS 7 in a 'Secure Enclave' and is never accessed by iOS or other apps, as Apple claims, then how come it all vanished when my iPhone crashed and I had …  |
| | Black Friday has historically been a very American phenomenon, marking the start of the seasonal Xmas shopping rush and happening the Friday after Thanksgiving. In the past it has led to scenes of semi-rioting and chaos in some stores as the Walmartarati fight over bargain electrical goods. The UK got … |
| | According to [BitcoinWatch](http://bitcoinwatch.com/) the current market capitalization of the virtual currency stands at an incredible $10.4 billion. A single Bitcoin is now worth more than $800. In the ongoing aftermath of [the Silk Road takedown](http://www.daniweb.com/hardware-and-software/networking/news/466982/silk-road-2-goes-live-did-the-fbi-arrest-the-wrong-dread-pirate-roberts) many people wrongly assume Bitcoin is some kind of criminal currency, used to trade in … |
| | Discount coupons are OK, but consumers consider drive-by location marketing an invasion of privacy. That's the warning message that research across four countries (US, UK, Mexico and India) by ISACA would appear to be flagging loud and clear to retailers wanting to maximise the marketing potential of customers with smartphones. … |
| | Tumblr, the hugely popular blogging service which was bought by Yahoo! last month, has advised mobile users to change their passwords, and change them immediately. In a posting to the Tumblr staff blog, a spokesperson states "We have just released a very important security update for our iPhone and iPad …  |
| | I'm writing a script to automatically up load a file from Server A to FTP server B. I'm getting stuck at the connecting part. I can connect with a python script using regular FTP, and have done so, but when trying to implement a SSL connection, I keep getting a … |
| | Aggressive adware, of the kind that creates shortcuts on your screen or changes your search engine configuration, has arrived on Android devices and then some. According to security vendor Bitdefender, as much as 90% of free Android apps contain adware with up to 75% coming with the 'aggressive' variety.  | Hi Dw I'm working with permissions in my program I want it to protect the chosen file by permissions and now what I want is how can I make these permissions unchanged by a user? Or if not possible because I don't want even the administrator to change these permission … |
| | What is the best way to implement the forgot password functionality ? |
| | The popular [MacRumors Forums](http://www.macrumors.com/) site has confirmed that it was successfully hacked on Monday this week. The vBulletin powered forums fell victim to what it describes as a similar breach that hit the Ubuntu forums earlier in the year. "Our case is quite similar" says MacRumors founder Arnold Kim who … |
| | In my [DaniWeb report](http://www.daniweb.com/hardware-and-software/tablets-and-mobile-devices/news/462936/apple-iphone-5s-the-worlds-first-64-bit-smartphone) on the launch of the new iPhone 5s from Apple, I stated that you could "forget the fingerprint scanner built into the new circular home button" but I knew all along that was never going to be the case. In context, I was focusing upon what … |
 | How to break security when you implement encapulation in java programing?  |
| | Apple has, of late at least, oft been accused of following rather than leading when it comes to smartphone innovation. Perhaps the launch of the iPhone 5s with the somewhat controversial fingerprint scanner has changed that, just a little bit. HTC, the powerhouse in the Android smartphone hardware market, has … |
| | Hi Everyone, I'm not sure if I may be in the wrong venue to post as this would have to do with PHP, CURL and SSL, so I've decided to place the question here. Please feel free to let me know if the question should be dropped in some other …  |
| | According to the network security team at Oxford University Computing Services ([OxCERT](http://blogs.oucs.ox.ac.uk/oxcert/)) with the title of 'Google Blocks' the world famous seat of learning has decided to put a block, albeit a temporary one, on the use of Google Docs. Robin Stevens from the network security team at Oxford says …  |
| | Did the FBI get the wrong man, or at least the wrong Dread Pirate Roberts (DPR), when it shut down the Silk Road darknet marketplace? Claims are being made that this is precisely what happened, and that Ross Ulbricht who was arrested took over as acting DPR from the real … |
| | Last week, the NoSQL database host MongoHQ suffered a breach which exposed customer files, email addresses and password data to the attackers. The ripples from that breach are still being felt, as users of the Sunrise calendar app on the iPhone found out this morning. Luckily that password data was …  |
| | We're looking into the Enterprise Library, to see if the security part will fit our needs. We want to use application roles/rights, so we probably need to write our own security provider. What I'm looking for are decent resources on this specific topic. I've found several books already on the … |
 | Hi guys, Am working on a mini project and my question to you is: What would be your top 5 to 10 important tips for security while working with PHP? Thanks for any help recieved!!  |
| | I am working towards the goal of a social site, however, being a beginner, I have many questions I need to answer before getting anywhere! One of these is in regards to embedable scripts/ web apps/ widgets. I would like to allow the users of the site to upload web … |
| | In the newly published Imperva 'Hacker Intelligence Initiative Report' the in-the-wild modification and exploitation of PHP SuperGlobal variables has been investigated. This particular external variable modification weakness has been described as being where a PHP application does "not properly protect against the modification of variables from external sources, such as …  |
 | Hello everyone I am facing a problem that I have never encountered before and googling around just isn't helping. I was assigned to migrate a pmWiki server to a new MediaWiki server which was supposed to run as a virtual machine on a Red Hat Cluster Suite. My coworker and … |
| | what could be the best way to disable symlink attack 1: i use**disable_functions= symlink,ln** at php.ini 2: at .htaccess i disable it as follow with minus sign(-) Options -FollowSymLinks Options -SymLinksIfOwnerMatch is my workings okay. or they are other work round thank you  |
| | Exploit-based attacks are on the up (1), the majority of IT security professionals aren't sure if they can detect attackers attempting to breach the network (2), and 65% of companies let the tech support department give security training to staff. I would suggest, in order to make some sense of …  |
| | Gartner defines the '[Nexus of Forces](http://www.gartner.com/it-glossary/nexus-of-forces)' as being "the convergence and mutual reinforcement of social, mobility, cloud and information patterns that drive new business scenarios". The global IT analyst outfit has also just released details of research which suggests that the perceived level of maturity when it comes to the … |
| | Your web browser provides a window onto the Internet, but unless you are timely in updating the client you use then, say researchers with security vendor Kaspersky Lab,that window may be cracked and allow a draft of insecurity to blow through into your network, your computer and your data.  |
| | Hi I was taught not to use global variables and one of my friend is using global variable for database handle for his website... could you please explain if there is an issue if he uses global variable for database handle? he is using it to access database from anywhere …  |
| | While the News International [phone hacking scandal](http://www.guardian.co.uk/media/phone-hacking) that saw the demise of the News of the World newspaper cannot have escaped your attention in the US or UK, news from India concerning the latest 'tumble and clone' developments could leave the mobile phone calls of more than just celebrities at …  |
| | Small groups of what are best described as cyber-mercenaries, willing and able to perform surgically precise hit and run hacking operations, are offering their services for hire out of China, Japan and South Korea. That's the conclusion of security researchers at [Kaspersky Lab](http://www.kaspersky.co.uk/) who have been following the progress of …  |
| | When participants of a recent study were asked to share sensitive information on two different online surveys -- one designed to look unprofessional and the other backed by a major university -- the participants were more likely to share private information on the unprofessional-looking site.[ATTACH]16892[/ATTACH]Researchers from Carnegie Mellon released yesterday …  |
| | How can I prevent a XSS attack but allow user to post iframe and img? My page is php based but I allow users to submit text and have allowed only iframes and imgs with strip_tag How do I prevent a user from launching an xss attack? |
| | A Freedom of Information request from staff at the UK offices of the Huffington Post has revealed, according to a BBC report on the story, that more than 300,000 attempts were made to access pornographic websites from the Houses of Parliament during the last 12 months. Of course, just looking … |
| | UK home shopping pioneers Lakeland have sent an email to all customers past and present to warn them that the retailers website has been hacked. What Managing Director Sam Rayner calls a "sophisticated and sustained attack" took place late on Friday 19th July. Measures were taken at the time to … |
 | Hello there, My query is like- I have one pdf and xls file as link. When any employee try to click on that link, then it should ask me for credentials as name(pmp) and password(123) if these two things matches, thwn only it should allow you to view/download taht xls/pdf. … |
| | Users of online banking services are at risk from a new 'in the wild' Trojan, Hesperbot, which has been discovered by the ESET malware research lab. Researchers have found that infections of users in Turkey are currently most rife, with users in the Czech Republic, Portugal, Thailand and the United …  |
 | Anyone familiar with kind of error? I'm so lost. Please help.  |
| | Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by … |
| | According to the fourth annual [Web Application Attack Report](http://www.imperva.com/download.asp?id=419) from Imperva retailers suffer from twice as many SQL injection attacks when compared to other industry sectors. What's more, the United States remains the number one source of all web attacks. Other key findings of the report include the startling revelation … |
| | Java vulnerabilities have hardly been out of the news during the last year. Here at DaniWeb we've covered a number of the stories as they surfaced: [Java in the cross-hairs: the security debate rolls on](http://www.daniweb.com/software-development/java/news/445532/java-in-the-cross-hairs-the-security-debate-rolls-on), [Is Java 7 still insecure? Oracle Patch doesn't fix underlying vulnerability](http://www.daniweb.com/software-development/java/threads/432479/is-java-7-still-insecure-oracle-patch-doesnt-fix-underlying-vulnerability), [Update my insecure Java … |
| | Hi, I am working on a testing tool and the testing tool asks the user to insert the user certificate in cert format like test.cert format and sends an encrypted attached file to my email id. Once I have received the file I want to download that file and decrypt …  |
 | Im having problems with Tomcat on a red hat virtual box. Tomcat is installed and it talks to java. it work localhost to localhost but when I try to open port 8080 from outsite localhost it wont work. Any ideas why? Im new to Tomcat and JSP |
| | FireEye Labs has released a set of tools with the sole purpose of helping organisations detect and examine infections by the Poison Ivy RAT. Cleverly called Calamine, this collection of free tools promises to give security professionals the opportunity to identify the indicators of a Poison Ivy attack including the … |
| | Research published today by data governance software developer Varonis reveals that, when it comes to the virtualized environment, security awareness appears to be something of a black hole. The [study](http://eu.vocuspr.com/Publish/517692/vcsPRAsset_517692_109957_85137914-8b53-4005-b292-0c87aa89763a_0.png) found that data security in these virtualized environments can all too often be totally neglected, and some 48% of IT … |
| | Security researchers at ESET [have revealed](http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) that a prolonged and highly targeted data stealing attack aimed at Pakistan, using fake PDF documents, appears to have originated in India. Using a code signing certificate (issued to what looks like a legitimate company 'Technical and Commercial Consulting Pvt. Ltd') to sign malicious …  |
The End.