Home » Information Security » Page 2
This question already has an answer here:
Is my bank storing my password in plain text?
5 answers
We have a website which
stores hashed passwords in the database. During logins we hash the
password entered by user and compare two hashes. This is quite
standard so far. Our client which is in finance domain now wants us to
Today like many other times in the past, signed for a new service and
got a common error message: Your user name or password is invalidThis
time I am wondering how useful it is to notify "invalid password OR
user" versus a less common but more useful two message schema with the
real problem: "unknown user", "invalid password"My thought was that a
system that does not specify if the user name is valid, could be more
secure because it will not expose valid user names. However, how
There's a recent report in the news of a Harvard student who emailed
in a bomb threat so as to postpone year-end exams. According to the
report, he carefully covered his tracks using the best technology he
knew about: he used a throw-away email account, and only accessed it
over TOR. It turns out that this last point -- using TOR to send his
email -- is what made him easy to find. Officials simply searched
Harvard's logs for anyone who had recently accessed the TOR network,
which led them dire
So i am trying to find out how easy it is to crack a password using
some great Linux tools.We all know about John as a password cracker
and how great it is. But how about specifying a patteren.Lets assume
the following policies.A password must start with a capital letter and
then followed by 3 small lettersA password must end with 3 numbers A
password must be excatly 7 in lengthPassword example: Aabc123So i not
the slightest clue how to do this. I tried to google it, but no succe
I couldn't find any information anywhere on what the customers should
do whose card details got exposed, any idea what should I do? As I am
one of 40 million whose card details got leaked. I have red card
associated with one of the banks checking account.
Is it possible to have OpenSSL trust a non-root CA such that a
certificate signed by that non-root CA can be properly verified? I've
noticed that the default behavior for OpenSSL is to only verify
certificates when it can build a complete chain, up to a self-signed
root CA. Can this be overridden?I specifically do not want the root to
be in the CAfile.
I have been attempting to run a MiTM on a very old XP SP3 computer. I
have attempted it with 3 products, as listed below:Wireshark: Traffic
from the computer did not even show up. (I did see traffic from
multiple IP's, so I think I have the right adapter)ARP Spoof: (with
and without SSL Strip): As soon as attack took place victim was kicked
off my network and not allowed back on until attack stoppedCain:
Showed a "half-routing" symbol. When I put in the command "ping
google.com" on the vic
I have a BlueCoat ProxySG 810 appliance and want to use it as both an
HTTP Proxy Server for clients on the Inside interface of a PIX 525
Firewall (OS Version = 8.0(4)) and a Reverse Proxy Server for my Web
Servers on the DMZ.Should I place the ProxySG 810 on the DMZ?If I do
so, does the ProxySG 810 need to access the Inside network (i.e.
Initialize connections to Inside) to be able to serve as an HTTP Proxy
Server to the Inside Clients? In other words: is it required to create
an ACL rule
As a junior security professional, I spend a lot of time goggling for
things such as 'wpa dictionaries', 'vulnerabilities...' , 'how to
crack ...','and so on.I sometimes feel like I am calling for wrong
attention (from ISP, google and/or agencies), regardless of my
intention to increase my knowledge of what I am defending against and
having fun on cracking my own home network.Will googling draw too much
draw the wrong attention? Wouldn't using proxies be too suspicious?
I'm toying around a distributed computing project. The client
application asks for a problem to solve. The server returns a problem
description from a "problems pool". When the client finishes, it
sends back the solution. I cannot trust my users, and so I cannot
trust their solutions. I need somehow to validate their solutions are
correct (for some definition of "correct"). Anyone could send a wrong
solution to the problem they are assigned. I want to validate two
things:No one can post

- Technology - Languages
+ Webmasters
+ Development
+ Development Tools
+ Internet
+ Mobile Programming
+ Linux
+ Unix
+ Apple
+ Ubuntu
+ Mobile & Tablets
+ Databases
+ Android
+ Network & Servers
+ Operating Systems
+ Coding
+ Design Software
+ Web Development
+ Game Development
+ Access
+ Excel
+ Web Design
+ Web Hosting
+ Web Site Reviews
+ Domain Name
+ Information Security
+ Software
+ Computers
+ Electronics
+ Hardware
+ Windows
+ C/C++/C#
+ VB/VB.Net
+ Javascript
+ Programming
Privacy Policy - Copyrights Notice - Feedback - Report Violation 2018 © BigHow