Attacking synchronized clock protocol (Kerberos)
If we assume that an attacker is able to control the clock of Alice, Bob, and the KDC (key distribution center) how could the attacker attack the Kerberos protocol? ...
hacking
password sent via post secure?
Possible Duplicate: How secure is a HTTP POST? Suppose I have a login page in php where a user is required to enter his name and password. form method is post in this case. Now someone(my friend) told me that the information(username and password) that is entered and sent to the server can be hacked just by fetching the heade...
Hacking and different environments
For a long time, I've wanted to become a security expert. In fact, I've always wanted to know everything there is to know about computers in general. So I did some reading on viruses and the different type of environments you can get. What I found is that viruses affect Windows computers more than UNIX due to less people using UNIX for w...
Security, Hacking, Cryptography Reading?
I'm very interested in learning about cryptography, steganography, and similar practices. What books, resources, would you guys recommend in this area? ...
Override "private" function in Javascript
I am monkey-patching some of the jQuery's Draggable code* The goal is to avoid modifying the original source files and patch dynamically one of the internal functions. The function _generatePosition is declared like this: (function($) { $.widget("ui.draggable", $.ui.mouse, { ... _generatePosition: function(event) ...
Replacing face time video calls iOS4 - iPhone
I would like to change what the camera 'captures' to something else during a video call. Lets say I have an image that I want to be seen on the other side instead of the video sent from the camera. I want to 'hack' the camera on the iPhone - get control on the data being sent. Is this feasible? ...
host .net 3.5 webservice on dynamic ips / domains
hey guys i have written a small webservice which allows users of a company (lets call it xyz) to login to xyz's website remotely via my iphone app (without ever going on xyz's official website to login) after logging these users programatically to xyz's website, i can allow my users to do many authenticated tasks xyz offers since xyz d...
How can I send a datagram with an Ethernet trailer?
How can I send a datagram with an Ethernet trailer? If I use SocketType.Raw, I'll have to send the whole IP header and I have no idea how to do that. Here's a picture that will explain this better: As you can see, there's no data. The "00 00 00 00 ..." is the trailer. Thanks. EDIT: I removed the language requirement, added a WireS...
What's less safe?
SQLDatabase or Source code from ASP.NET applications? ...
Browser history via JS or CSS
For many years now, it has been known that a website can use CSS/JS to determine websites that have been visited by a user, e.g. http://news.softpedia.com/news/Mozilla-to-Fix-8-Year-Old-Browser-History-Leak-Issue-139015.shtml http://yro.slashdot.org/story/09/07/02/1317205/Your-Browser-History-Is-Showing There are sites that will use th...
PHP eval(gzinflate(base64_decode(..))) hack - how to prevent it from occurring again?
We recently had a website hacked, where some PHP code was injected into the index.php file that looked something like: eval (gzinflate(base64_decode('s127ezsS/...bA236UA1'))); The code was causing another php file (cnfg.php) to be included, which was causing some pharmaceutical-related spam to be displayed (but only visible to googleb...
Can I trick access to private C++ class member variables?
Possible Duplicate: Accessing private members Is it possible to access private members of a class? Is there a good (yes I know this is ugly) way to hack to the private data members of a class? One brute force approach is to copy the header file and in my copy change private to public. But would there be a better way, say doi...
Possible site hacking problem.
My site is opening by entering URL but not opening from Google results. Has the site been hacked? Or any fault from Google ...
How secure are CDNs for delivering jQuery?
We build sites that have a public (non-secured) area and secured (delivered over HTTPS) area and we use jQuery library. Recently I suggested we use Google CDN for jQuery delivery. Some of my colleagues expressed concerns in regards to security aspect of this way of delivering JavaScript libraries. For example, they mention the scenario ...
How do I prevent people from hacking my applet?
Manipulating an applet is as easy as entering javascript:document.getElementsByTagName("applet")[0].publicMethod(); into the address bar. How can I protect my applet from such manipulation? ...
How do i automate the process of filling up forms through software?
Hello, How do i automate the process of filling up form? How do i parse each field and fill it with junk data? I want to test my website. I actually want to hack this link :- http://www.placement.vnsguit.org/placementIt.aspx If any software is available that i can immitate while programming then it will be very helful. Thanks in adva...
Format hard drive with javascript
A while ago a colleague of mine said something astonishing to me: he said that one can format a hard drive using javascript! I just replied 'no, this is impossible'. He seemed to be very confident however, although he also mentioned that this is possible for windows only... Since then I can't give up thinking on it, but I haven't found a...
I've found my software as cracked download on Internet, what to do?
So, after 6 months of hard work finally released my application. Today I found the first web site where people download it cracked, and I was wondering if any of you fellow programmers know how to react to such stuff? Is there anything the software author can do to get the cracked version offline, or I'm just boned and shouldn't create...
Why do salts make dictionary attacks 'impossible'?
Possible Duplicate: Need some help understanding password salt Update: Please note I am not asking what a salt is, what a rainbow table is, what a dictionary attack is, or what the purpose of a salt is. I am querying: If you know the users salt and hash, isn't it quite easy to calculate their password? I understand the proces...
Cracking a secure key
Another simple question from silly old me. We keep hearing big numbers being thrown around, for example the key: 234234-234WEF-ER334AS-3535FWF Would take 20 billion gabizillion years for anyone to crack. Could someone explain how you even know when you have cracked it? If you have permutated a trillion combinations how do you know...