Let's assume someone has to write a solution to a problem and I have to test his solution with some tests. Is it possible (maybe with reflections or something) his program to pass all my tests, but to have nothing in common with the real solution to the problem? ...
I'm interested in hacking one of those digital picture frames (like you see for sale at Walmart) so it fetches and displays an image off the web every 5 minutes or so. (I'm going to have it load a current image.) Any ideas on how to get started? ...
I am looking for something that takes an IIS/ASP.NET website that uses forms authentication and repeatedly tries to log in, either with all possible passwords or with passwords from a dictionary. I can probably write something up, but I wondered if there was anything publicly available that would be better implemented. ...
My iPhone 3G is already slow and starting to be unusable. Pretty soon I am going to upgrade my main phone. However, it is such a shame to put it in my gadget drawer to collect dust. Do you have any interesting ideas of what to do with this old device? ...
I validated my client's website to xHTML Strict 1.0/CSS 2.1 standards last week. Today when I re-checked, I had a validation error caused by a weird and previous unknown script. I found this in the index.php file of my ExpressionEngine CMS. Is this a hacking attempt as I suspected? I couldn't help but notice the Russian domain encoded in...
The script is in PHP and as DB I use MySQL. Here is the script itself. $unsafe_variable = $_GET["user-input"]; $sql=sprintf("INSERT INTO table (column) VALUES('%s')",$unsafe_variable); mysql_query($sql); Some people say that if user assigns ;DROP TABLE blah; string to the variable $unsafe_variable it deletes the table. But I tried th...
Although it is not good practice, I am looking for a CSS hack to target Palm webOS. The problem is that Safari 3+ is awesome, and I can do some things like gradient background animations on text, but only in Safari. Right now I use @media screen and (-webkit-min-device-pixel-ratio:0) {} and it works like a charm, no Opera, Firefox, or ...
Possible Duplicates: What security issues should I look out for in PHP What should a developer know before building a public web site? The project i was working on is nearly complete and near launching ,But i want to make sure it is hack-proof as mine friend/partner thinks we have some enemies those can hire smart hackers t...
I read a programming puzzle at CMU from the book Expert C programming: deep C secrets By Peter Van der Linden. The puzzle stated to code a program to read a file of numbers and print the average. The program must run as fast as possible and the program had to be written in PASCAL or C. It seems a programmer had created a program that a...
I have few projects ideas that involve plugging a computer or an arduino to my landline phone (or just before it). For example, I would like to grab the caller ID sent when someone calls, do a lookup on the web or in an address book, and display the associated name on a LED screen. The problem is that I can't find any resources on the p...
I use Graphviz (mainly dot and fdp) to automatically generate some diagrams that I need. For these diagrams I need some special arrow heads that are not a part of the standard collection of arrows: A small black triangle inside a large white triangle, and the same with the black triangle pointing downwards. What is the best way to add s...
Using a simple tool like FireBug, anyone can change javascript parameters on the client side. If anyone take time and study your application for a while, they can learn how to change JS parameters resulting in hacking your site. For example, a simple user can delete entities which they see but are not allowed to change. I know a good de...
I'm not that hip on the L33t language beyond what I've read on Wikipedia. I do need to add a dictionary check to our password-strength-validation tool, and since leet-speak only adds trivial overhead to the password cracking process, I'd like to de-leet-ify the input before checking it against the dictionary. Edit - To clarify the r...
So everyone says that sessions have security risks, I want to know what kind of risks are these? What can hackers do with sessions? This is not about knowing how to avoid attacks, I want to know how hackers are doing it, and what are they doing. I talk about PHP SESSIONS. ...
Hey All, I'm using Slackware 12.2 on an x86 machine. I'm trying to debug/figure out things by dumping specific parts of memory. Unfortunately my knowledge on the Linux kernel is quite limited to what I need for programming/pentesting. So here's my question: Is there a way to access any point in memory? I tried doing this with a char p...
Windows hooks allows you to poke inside other processes and sometimes alter their behaviors. Is there such thing for Mac OS X? Thanks! ...
someone trying to access pages like //mysqladmin//scripts/setup.php Is it some hack attempt or .. ? If yes then how i can block its ip from accessing mine website ? Via htaccess or something else ? ...
I'll explain: Let's say I'm interested in replacing the rand() function used by a certain application. So I attach gdb to this process and make it load my custom shared library (which has a customized rand() function): call (int) dlopen("path_to_library/asdf.so") This would place the customized rand() function inside the process' m...
Is there a tool for reading Mac OS X binaries that would print information about relocation tables and symbol offsets similar to this readelf output? readelf -r app Relocation section '.rel.dyn' at offset 0x5ec contains 2 entries: Offset Info Type Sym.Value Sym. Name 08049d58 00001706 R_386_GLOB_DAT 00000000 _...
We're working on developing user widgets that our members can embed on their websites and blogs. To reduce the load on our servers we'd like to be able to compile the necessary data file for each user ahead of time and store it on our Amazon S3 account. While that sounds simple enough, I'm hoping there might be a way for S3 to automatic...