[cybersecurity] Forum Topics

A 22 year old vulnerability, yes you read that right, has been discovered which some security experts suggest could be bigger than Heartbleed. The bug, reported as '[CVE-2014-6271:remote code execution through bash](http://seclists.org/oss-sec/2014/q3/649)' relates to how environment variables are processed: with trailing code in function definitions being executed independently of the …

Although based in New York, DaniWeb is very much a global community. I'm from England, for example, and our moderator Diafol (who will be well known to anyone who has ever browsed the [PHP forum]( https://www.daniweb.com/web-development/php/17)) is a Welshman through and through. I mention this as last week I went …

while mining medical data set privacy is a major concern.i want to mine medical data and preserve privacy.so i need to mine medical data and group them according to diseases so that it can be used for research and publishing without revealing patients information .i planned to use lkc privacy …

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the [URL="http://www.daniweb.com/news/story252590.html"]hack attack on Google[/URL] and many others that has received such publicity this week. According to [URL="http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/"]McAfee[/URL] it has identified an Internet Explorer vulnerability as being one of the …

So, Microsoft and iSIGHT uncovered another 0-day vulnerability; this time impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. iSIGHT [has detailed](http://www.isightpartners.com/2014/10/cve-2014-4114/) in the wild exploits of the vulnerability, and points the finger of suspicion at state-sponsored Russian interests. The Dallas-based cybersecurity outfit explained that the …

A Drupal security advisory, [SA-CORE-2014-005](https://www.drupal.org/SA-CORE-2014-005), rather embarrassingly states that: > Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. …

At the start of the year, [DaniWeb reported](https://www.daniweb.com/internet-marketing/social-media-and-communities/news/470719/snapchat-plays-blame-game-after-hack) how Snapchat, the self-destruct photo messaging service, had been hacked and information regarding 4.5 million users had been stolen. Fast forward to now, and Snapchat is again in the mire: nude images have started to appear on 4chan which have been stolen …

File I/O With C++ Fstream **Intro** File handling is as simple as writing in a book, much easier to modify and find. It's so simple people get confused with it :-). Welcome to the world of file handling. We will use the c++ fstream classes to do our file handling. …

I have a few good old computer which runs on Window XP without any problem so far. But what happen come next year when Microsoft put Window XP to rest forever. No security updates, no hardware drivers update, no third party software updates etc.. Dump the old computer and buy …

Microsoft will stop releasing security updates, hotfixes and other updates for Windows XP SP2 on July 13th 2010. No biggie, you might think, after all Windows XP SP3 was released way back in April 2008 and since then we've had both Vista (perhaps best forgotten) and the much more palatable …

More often than not I'll be writing about the security problems facing Windows XP users, such as when I recently reported how a large number of enterprises are still running XP SP2 machines which will shortly [URL="http://www.daniweb.com/news/story287954.html"]stop being supported by Microsoft[/URL] in terms of security updates, hotfixes and the like. …

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has [warned](https://www.htbridge.com/blog/plugins_and_extensions_the_achilles_heel_of_popular_cmss.html) that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the …

One of the biggest security stories so far this year is that of the high school that remotely triggered webcams in laptops given to students -- which the school said it only did to help track stolen laptops, and which some students and families said was a violation of their …

The Internet of Things (IoT) is something of a buzz-phrase right now, and locking down the IoT is certainly something that vendors across both security and hardware industries are talking up. The problem with the publicity surrounding stories of 'things' that have been hacked is that, well, they never really …

There's a truism that I like to share with as many people as possible: if you don't want other people to see something, then don't post it online. It is, you might think, a pretty simple concept to grasp. After all, you wouldn't stroll into a bar with a megaphone …

Reports started circulating yesterday that Gmail had been hacked, with some 5 million logins at risk. This follows the publication, on Tuesday, of a plain text list of Gmail usernames and passwords on a Russian Bitcoin forum. Within 24 hours the 'hack hysteria' had taken hold and people were being …

Some interesting [research](http://www.proofpoint.com/threatinsight/posts/phishing-in-europe.php) from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter. It's not, as …

Goodwill Industries International, a network of 165 community-based agencies in North America, has been breached. This follows a previous announcement of a potential attack back in July. After an extensive forensic investigation lasting a month, Goodwill has now [confirmed](http://www.goodwill.org/press-releases/goodwill-provides-update-on-data-security-issue/) that "a third-party vendor’s systems" were indeed "attacked by malware, enabling …

So, a bunch of US financial institutes have been hacked. Nothing new there, if we are being brutally honest. The newsworthyness in this particular case comes courtesy of one of those organisations apparently being none other than JP Morgan Chase. USA Today reported yesterday that a federal law enforcement official …

Hi everybody! I´ve used jdk to generate my certificate with the following command: keytool -genkey -keyalg RSA -alias certificatekey -keystore keystore.jks -storepass password -validity 360 -keysize 2048 Everything works fine when I want to digitally sign an e-mail using: import javax.mail.* and import javax.mail.internet.* # and MimeMessage and Multipart. #. …

Hi everybody! I´ve used jdk to generate my certificate with the following command: > keytool -genkey -keyalg RSA -alias certificatekey -keystore keystore.jks -storepass password -validity 360 -keysize 2048 Everything works fine when I want to digitally sign an e-mail using: # import javax.mail.* # and # import javax.mail.internet.* # and …

Every week, Stephen Coty [writes about](https://www.alertlogic.com/resources/blog/) interesting exploits that have caught his attention as chief security evangelist at Alert Logic. This last week (in a currently password protected posting) [he mused about](https://www.alertlogic.com/blog/exploit-monday-a-few-interesting-ones-to-be-aware-of-7/) a 'JournalCtl and Syslog Terminal Escape Injection' zero day which could be of interest to the Linux gurus …

A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email …

I'm just a regular computer users and often use my computer office for personal purposes such as checking my funds in online bank. I want to know how to if my computer is being tapped or not.

SuperValu has confirmed that is has, indeed, suffered a data breach. The supermarket company [stated](http://www.supervalu.com/security.html) that what it calls a "criminal intrusion into the portion of its computer network that processes payment card transactions for some of its retail food stores, including some of its associated stand-alone liquor stores" may …

Hardly a week goes by without yet another press release hitting the desk of your technology journalist, or research flag being raised amongst the IT Security profession, that claims Android is insecure. What Android actually is, just like Windows on the desktop in fact, is a big and attractive target; …

An interesting [post](http://googleonlinesecurity.blogspot.in/2014/08/https-as-ranking-signal_6.html) appeared yesterday in the official Google Online Security and Webmaster Central blogs which confirms that in an effort to "make the Internet safer" it has been testing a system which looks at "whether sites use secure, encrypted connections as a signal in our search ranking algorithms." This …

As a platform, Android is naturally very attractive to the criminal fraternity in terms of potential profitability. After all, it has the market share and that nearly always means it has large numbers of users for whom the word security may as well be written in the Cyrillic alphabet. My …

Yesterday, Tor [issued a security advisory](https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack) which revealed that a group of relays had been discovered on July 4th which looked like they "were trying to deanonymize users." The advisory states that the attack "involved modifying Tor protocol headers to do traffic confirmation attacks" with the relays having joined the …