background preloader

Security

Facebook Twitter

NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet. In early December 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be.

NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet

That week, he came across a server inside New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the brilliant Chudnovsky brothers, David and Gregory. The server appeared to be an internet-connected backup drive. Code.tutsplus. 9 Tips for Writing Secure Applications in ASP.NET - User Experience Guidance - Infragistics.com Blog. Security is one of the most important aspects of any application – and when we talk about security, particularly in ASP.NET applications, it is not limited to development.

9 Tips for Writing Secure Applications in ASP.NET - User Experience Guidance - Infragistics.com Blog

A secure app involves multiple layers of security in the configuration, framework, web server, database server, and more. In this post, we’ll take a look at the top nine tips for writing secure applications in ASP.NET. 1- Cross Site Scripting (XSS): This vulnerability allows an attacker to inject some malicious code while entering data. It could be JavaScript code, VB script, or any other script code. By default, ASP.NET MVC validates the inputs and throws a server error in case of script. Leaked NSA Malware Threatens Windows Users Around the World. The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows.

Leaked NSA Malware Threatens Windows Users Around the World

The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users. The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share. via Matthew Hickey. Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras. Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications.

Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras

AES Encryption Flaw Exposes ASP.NET Sites. News UPDATED: Security Hack Exposes Forms Authentication in ASP.NET For more on this story, please see: Microsoft To Release Out-of-Band Patch for ASP.NET Security Flaw Two security researchers, Thai Duong and Juliano Rizzo, have discovered a bug in the default encryption mechanism used to protect the cookies normally used to implement Forms Authentication in ASP.NET.

AES Encryption Flaw Exposes ASP.NET Sites

Using their tool (the Padding Oracle Exploit Tool or POET), they can repeatedly modify an ASP.NET Forms Authentication cookie (normally encrypted using AES) and, by examining the errors returned, determine the Machine Key used to encrypt the cookie. The process is claimed to be 100 percent reliable and takes between 30 and 50 minutes for any site. Once the Machine Key is determined, attackers can create bogus forms authentication cookies.

Hacking

SSL. Coding.vision. C# How to Scan a Process' Memory ( January 26th, 2014 | Apex | Security ) Intro This article is about how to get the memory dump of a process, by checking almost all memory addresses that can store data.

coding.vision

Since C# is quite a high level programming language, I think this is the only method available to do this. And since someone asked how to search a ... C# Create Secure Desktop (Anti-Keylogger) ( November 2nd, 2013 | Apex | Security ) QuickHash.com: MD5, CRC32, SHA1, SHA256, Hash Online, Online Hash Generator, Hash Calculator.

Cryptology. BUG With FormsAuthentication - ASP.NET Security. Hernan de Lahitte's blog - Forms authentication and role-based security (II) In this second part about Forms authentication and role based security I will show you how you can overcome the “limitations” (more than 50 roles per user) showed on my first post about this topic.

Hernan de Lahitte's blog - Forms authentication and role-based security (II)

The strategy presented on that first post was related to the roles state persistence inside the FormsAuthentication cookie. If you don’t want to save the roles info inside a cookie because you might have users with cookies disabled usage or perhaps some of your users have a huge amount of roles or whatever reason you may have, you may store this info on the server side using for example the System.Web.Caching.Cache object. This cache has an excellent performance and scalability management and is thread safe as well. Mobile Ad Networks as DDoS Vectors: A Case Study. CloudFlare servers are constantly being targeted by DDoS'es.

Mobile Ad Networks as DDoS Vectors: A Case Study

We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets. Recently an unusual flood caught our attention. Microsoft Security Intelligence Report (SIR) How to crack Windows Passwords. LM and NTLM basics The LM hash is the old style hash used in Microsoft OS before NT 3.1.

How to crack Windows Passwords

Then, NTLM was introduced and supports password length greater than 14.