Home » Information Security » Page 4
How do I know if my computer is being used for a botnet-based DDoS attack?
Information Security
A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards-based network protocols such as IRC and http.Is there a way to det

Recently set up a server, Need security help
Information Security
I set up a server running debian I opened port 22 allowing access to ssh into the port. I keep getting weird messages in my router log saying: [LAN access from remote] from 211.161.46.101:57201 to 10.xx.xx.xx:22I looked up the IP address and it said something about being from Beijing. Am I being hacked? I changed the password on the server login once already and now its saying the same thing b

How do I diagnose client-side SSL errors?
Information Security
Often on my home network I get random SSL certificate errors when I visit certain well-known sites. Today it was a Google SSL error, where Google apparently tried to identify itself as *.icloud.com. In the past we have seen errors from Facebook, Barnes and Noble, and others. It also seems to be network-wide; my desktop, phone, and wife's phone have SSL problems as well when we're connected to the

Detecting skimmers and other ATM traps
Information Security
This question has been bothering me ever since I first heard of ATM skimmers: Instances of skimming have been reported where the perpetrator has put a device over the card slot* of an ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a miniature camera (inconspicuously attached

SQL Injection with pass MD5
Information Security
I want to know, if in my login form there is any SQL injection possible. If there is, what could the exploit's web form entry look like?I send username and password by html form (POST).The login function code is:$username = $_POST['user'];$password = $_POST['pwd'];$password = md5(password);$sql = "SELECT id_user, name FROM 'TAB_USER' WHERE user = '$username' AND passwd = '$password' AND enable='Y'

VPN Authentication over WiFi -- Is it secure?
Information Security
Count this question as part of my ignorance on how authentication scheme is done on your typical VPN session. But here goes:We often advise the security-conscious user that if one must use an unsecured public wifi connection (say, at an airport, internet cafe, restaurant, etc), then always connect to a private VPN. This will allow the user to connect and surf from a trusted network with all traf

How does Google Use Cookies Securely in their two factor authentication?
Information Security
Assuming that the answer to How does Google detect new devices for two factor authentication is indeed cookies, how then do they store that information securely in the cookie? AND any ideas on what they store in there? Are they following some security pattern?I'm hoping (like fingers crossed) that there can be more than speculation, but understand that Google probably doesn't release that kind o

Storing product keys on same server as shop?
Information Security
Situation: An e-commerce system (specifically: PrestaShop) which is used to sell virtual products (specifically: product license keys). To accelerate order processing, a cronjob is supposed to be regularly executed which looks for new orders. Each of this order is checked against a list of criteria, if it passes the test, the ordered product keys will get delivered via E-Mail immediately and autom

How does Windows/IIS keep a certificate protected or should I never run Apache Webserver on a Windows server?
Information Security
If I follow the reasoning of a colleague it seems you should never run Apache Webserver or Tomcat on a Windows server if you want to keep the https certificate safe.Let me explain before this question evolves into a Windows vs Linux troll battle.For example when using Apache Tomcat for a https website the private key is stored in a keystore. For Tomcat to be able to use this key we have three opti

Kerberos . . . How exactly does it work? [on hold]
Information Security
I am trying to make a website and an engineer, my uncle, from Dow Chemical is saying that user data needs to be stored behind a secure firewall with preferably Kerberos. I really do not understand it, and I do not think that he really has a more layman's explanation than what he gave me. So, in short, I would like to know how it works and what exactly it does in the most layman's terms possible. I

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .