This morning I found a letter in my mail:
In fact, this letter does not have any files attached, it just has 6 links (View, Download...), and they lead to the same address: http://18.104.22.168/~ru1/account.googlemail.com/viewer/13083e7f5f2c0890&
First I got to fake Google Docs with the message "document cannot be displayed", and then I was redirected to fake Google Account, where I was asked to enter a password. I guess for my own safety :). After I entered “screw you”, I got to the third fake page of docs with a list of some components.
There is no fragment in program code where you cannot make mistakes. You may actually make them in very simple fragments. While programmers have worked out the habit of testing algorithms, data exchange mechanisms and interfaces, it's much worse concerning security testing. It is often implemented on the leftover principle. A programmer is thinking: "I just write a couple of lines now, and everything will be ok. And I don't even need to test it. The code is too simple to make a mistake there!". That's not right. Since you're working on security and writing some code for this purpose, test it as carefully!
It would be true to say that everything new is well forgotten old.
A feature to embed remote resources (such as images from other websites) on the page of your website is a very bad practice that at some point may lead to quite serious consequences for the website. As far back as 10 years ago, I was surprised to read about that possibility. Now after 10 years nothing changed, and it seems that it hardly ever will change.
Many people have faced the DDoS attacks and HTTP flooding. No, this is not just another tutorial on setting up nginx, but I would like to introduce my module that works as a quick filter between the bots and backend during L7 DDoS attacks, as well it allows filtering the garbage requests.
The module can do:
• To set cookies in a standard way through HTTP header Set-Cookie. After the cookies are set it redirects the user using the response code 301 and Location header.
• After the cookies are set it redirects the user using the response code 200 and HTML tag Meta refresh.
• To count the number of attempts to set the cookies and to direct the user to a specified URL after exceeding the maximum number of unsuccessful attempts.
Skype security lapses allow identifying the user’s IP address, even if user is not using Skype, but it is running in the background, an attacker could still get the IP address.
The study's author Keith Ross, a professor of computer science at NYU-Poly explains the essence of vulnerability, which allows setting up a direct connection (P2P) between the attacked computers and a hacker’s computer in order to get a Skype ID and the user’s IP address.
Once I have watched a movie about the computer hackers who have received an access to control the power system, water system and the road navigation of some city (or country). As far as I remember, the attackers nearly destroyed the control system of the entire country, because they had all the controls. The movie was shown at the beginning of 2000, so all that was interpreted as a science fiction. But the ideas that were shown in the movie gradually begin to be embodied by the real criminals. Thus, recently it became known that the unknown people managed to take control of U.S. public water system by remotely accessing one of the water treatment facilities and controlled the equipment.