Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.
This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.
Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.
The group of researchers found serious shortcomings in the WPA2 protocol, which provides protection for all modern Wi-Fi networks. An attacker who is in the victim's area can use these shortcomings using Key Reinstallation Attacks. Attackers can use this new attack method to read information that was previously considered to be encrypted.
UPD: the post was updated with partial details of the attack and the list of vendor updates.
Performing daily tasks of the system administrator is considered safe when working through the SSH session. This article will discuss modern tools for conducting MITM attacks on the SSH protocol and how to protect against them.
I want to share one feature when setting COOKIE values, which is often overlooked by the web developers.
According to my experience as for research of the web application vulnerabilities for 2009-2011, this error occurred in 87% of the web applications that were written in PHP.
In order to reduce this rate, I have decided to write this article.
I will not even talk about httpOnly flag, though its use is very important and necessary.
Let’s look at the example of code:
A few days ago, the earliest Half-Life 2 version was released in the network for the media. Obviously, this version has not been finished yet, as the main game’s character is not known to the whole world of players a theorist physicist, who wears glasses and a protective suit and holds in his hand a crowbar, but bearded dwarf Ivan, a space biker, who is opposing against the staff of the research center. 15 years ago, the disk contents was reserved exclusively for members of the regular publishers.
This morning I found a letter in my mail:
In fact, this letter does not have any files attached, it just has 6 links (View, Download...), and they lead to the same address: http://22.214.171.124/~ru1/account.googlemail.com/viewer/13083e7f5f2c0890&
First I got to fake Google Docs with the message "document cannot be displayed", and then I was redirected to fake Google Account, where I was asked to enter a password. I guess for my own safety :). After I entered “screw you”, I got to the third fake page of docs with a list of some components.
It is known that any system reliability is determined by its weakest link. Now we take a good look at the protection from copying of one popular toy that was released a few days ago for OS X and the way of its bypass. In addition, we just look at one of the options for implementing the protection from copying. Of course, this research was conducted in the study purposes, and you still should buy the good software and games.
Let’s run the game and see the registration form or purchase. The registration is done online by entering a serial number, or manually by entering a name and the key in accordance with the displayed identifier of a specific computer. Next, we run gdb and get program exited with code 055.
This article is not a panacea for all security lacks, and it does not reveal any new attack vectors. I just saw a serious implementation of the fake for Google mail and decided to warn all UMumble users.
Recently, I have received an interesting letter, supposedly to confirm / cancel automatic forwarding to my mailbox.
It would be true to say that everything new is well forgotten old.
A feature to embed remote resources (such as images from other websites) on the page of your website is a very bad practice that at some point may lead to quite serious consequences for the website. As far back as 10 years ago, I was surprised to read about that possibility. Now after 10 years nothing changed, and it seems that it hardly ever will change.
Many people have faced the DDoS attacks and HTTP flooding. No, this is not just another tutorial on setting up nginx, but I would like to introduce my module that works as a quick filter between the bots and backend during L7 DDoS attacks, as well it allows filtering the garbage requests.
The module can do:
• To set cookies in a standard way through HTTP header Set-Cookie. After the cookies are set it redirects the user using the response code 301 and Location header.
• After the cookies are set it redirects the user using the response code 200 and HTML tag Meta refresh.
• To count the number of attempts to set the cookies and to direct the user to a specified URL after exceeding the maximum number of unsuccessful attempts.