1,390 Topics
 | |
 | At least 55,000 Twitter accounts would appear to have been compromised in a breach perpetrated by members of the Anonymous hacking collective. Details of the accounts, including usernames and passwords, appeared across a total of no less than five pages at Pastebin yesterday.  However, appearances can often be … |
| | I've looked everywhere and haven't found a clear step by step tutorial on how to secure sessions/cookies. Here are snippets of my code, i'd like to know how i can improve on session security to prevent fixation/hijacking and cookie safety. This is snippets of code for the user login system. …  |
 | Hi, all, This may not be the correct place to ask this question, but I can't find another forum that seems to match my question. We have a web site which stores : user's name (which is not validated in any way, so we have lots of Donald Ducks and … |
| | A password is defined as being a "secret word or string of characters" that is used to authenticate identity and enable access to a resource. The emphasise being on the word secret, although 'unique' is equally important when it comes to password security. Which is why the list of the … |
| | For security reasons, several articles recommend "do not cache pages". So I usually put the following at the beginning of my web pages header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); That works very … |
| | Hi all, I have the following code to process through my requests, then use in a database. FIRST of all, I was wondering if i have it in the right order, and SECOND, if there are any other steps i could do to secure up my application. have a look, …  |
| | A cyber weapon grade piece of malware, some twenty times the size of Stuxnet, has apparently been fired at a number of countries in the Middle East. This highly complex piece of code which takes screenshots of any open 'programs of interest' such as email or IM, records audio and … |
| | Hi, I'm a developer by trade but I've done some networking in the past (mostly buying and creating machine specifications but also a bit of firewall management and AD policies,) In a previous company I was even Manager of the Systems department (Developers and IT guys) Anyway I've recently joined … |
| | I am creating a website although during a trial run with a couple of friends they uncovered a bit of a major issue.... the ability to spam. I have added a hidden box e.t.c. to attempt to prevent bots from spamming but my friends where able to post twenty messages … |
| | The Serious Organised Crime Agency (SOCA) website remains offline after being hit by a Distributed Denial of Service (DDoS) attack for the second time in the space of a year. Last June it was the hacktivist group LulzSec which claimed responsibility; this time nobody has yet come forward to admit … |
| | The Flashback Trojan has infected at least 600,000 Apple computers running Mac OS X according to the Russian AV company [Dr Web](http://www.drweb.com/?lng=en) which researched the spread of the malware which was originally discovered at the end of last year and for which Apple issued a security patch just this week. …  |
| | If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an … |
| | Hi, a question about stand-alone Java applications that do not have a background DB. In our Uni class we were asked to build a very small application using JOptionPane methods such as "showInputDialog". The application asks for users name and birthdate and at the end displays a summary of these …  |
| | Hi there, I have recently been looking into encryption, for MySQL and php, to figure out someway to encrypt the information in the database, or more to the point before it goes in, or decrypted when it comes out. What I'd like to happen is for the info submitted from … |
| | The Apple iWork office productivity suite for the Mac has been around for ages, and was recently joined by an iOS version. iWork documents have, up until now, been seen as being pretty safe courtesy of the particular implementation of the 128-bit AES encryption Apple used to secure them. I … |
| | Security researchers are warning that some 30,000 WordPress websites, 85% of them based in the US, have been compromised by a mass-injection hijack attack which sees visitors to any of more than 200,000 individual pages redirected to a Trojan infected rogue AV scam. [ATTACH=RIGHT]24076[/ATTACH]The senior security researcher with Websense Labs, … |
| | Hey everyone, Our team at Dell SMB has recently put together a [Slideshare](http://goo.gl/oJtjH) of our most popular white papers. I hope this is helpful to the Daniweb community! Thanks, Mourin |
| | Probably the most common Olympic Games 2012 scam is that of unofficial ticket sales. No great surprise there, but the fact that Google appears to be in on the act might come as a shock to many. So what, exactly, is going on? [ATTACH=RIGHT]23779[/ATTACH]A little known law in the UK …  |
| | The Iranian Cyber Army may be the latest elite military hacking squad to hit the headlines, but Iran has a long way to go if it's to catch up with China in terms of international data disruption. According to one newly published report into the threat from Chinese state-sponsored espionage … |
| | I think my site has been hacked! I found these lines of code on all my php files and I didn't put them there. Problem is I don't know enough php to understand what this batch of code does. Could anyone please help? How bad is it? Here's the code: …  |
| | How can I get SSL working in Tomcat 6.x under Linux?, ive read the documentation here: [url]http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html[/url] but im not sure how to do it with a certificate I will make myself (its a dev box) |
| | Following the arrest of 25 suspected members of the Anonymous hacking collective in Europe and South America, the INTERPOL website went offline. Coincidence? I don't think so. After all, Anonymous has already proven it isn't scared, or indeed incapable. of taking down law enforcement sites. Earlier in the month it … |
| | i was a diploma in networking, and has be in the final year and need to do some network security project.. can someone give me an idea what things should i do for my project.. because i think i just want to do something that been related with router.. i …  |
| | I want to manually test my sites to check if they are secure against SQL injections. Whats a good way to attempt it. How do I get started? thank you |
| | hi there can anyone tell me if its possible with php to use certificate to autenticate to a web application admin area instead of using common username and password? and is there a vps web server that can encrypt the whole drive and database of my application, for it may … |
| | The Ainslot.L Trojan appears to be much the same as any other at first glance; logging user activity and sending Gmail and Facebook passwords to the bad guys, downloading further malware, taking over your computer and the main payload of being a Banking Trojan stealing account login data. But Ainslot.L … |
| | I want to build a network protocol analyzer, but I really don't know where to start. Obviously, I don't want the code in hand, I can think it up myself -- but the problem is a little more specific - where do I look at to get the IPs passing … |
| | Hello, I'm developing an e-commerce site in a LAMP environment. Is it advisable to separate data on to different servers (i.e. to have one server as the web server and another server to house transaction and other customer data)? In other words, from a security perspective is there any reason … |
| | If you use, or operate, a password-free wireless network then legal action being taken in the US by the adult movie industry might just be about to rain on your parade warns one European IT threat mitigation expert. [ATTACH=RIGHT]23826[/ATTACH]The lawsuit was filed by Liberty Media Holdings, a producer of adult … |
| | Hi all, I want to integrate SSL on my localhost, so that I can tjeck/use it while developing. Is it allready in my version of php and apache, and only need to be activated? It didnt show up as a heading when i tjecked the phpinfo(); Do I need to … |
The End.