|
I wrote this C program and ran on my Windows system. My system hanged and not even Task manager was opening. Finally, I had to reboot. This is clearly a malicious program, but my antivirus does not detect this. Why?
#include<unistd.h> main() { while...
Started by avd on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Antivirus programs don't recognize malicious behavior - they recognize patterns of know viruses you run the fork bomb as administrator?
Well, it is not malicious behavior, looks more like.
|
|
Hello,
I have ASP.NET MVC 1.0 and Entity Framework v1 application.
By default, content submitted by user is validated for malicious input. (See here ). HTML encoding user submitted data, prevents JavaScript injection attacks. Entity Framework internally...
Started by dev on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
You should use ViewModels to presenting....
For more info check out this link: http://bradwilson.typepad.com/blog/2010/01/input-validation-vs-model-validation-in-aspnet-mvc.html
Hope this helps .
Attribute to prevent Over-Posting Problems.
Use Bind(Include ...
|
|
So I like the OpenID idea. I support it on my site, and use it wherever it's possible (like here!). But I am not clear about one thing.
A site that supports OpenID basically accepts any OpenID provider out there, right? How does that work with sites that...
Started by zigdon on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
Or are we going to have to start maintaining provider blacklists... .
Just like bots can sign up with fake/multiple email addresses to any site, but fail the "verification" step there as well .
Possible solution - you can still ask new IDs to pass a CAPTCHA test .
|
Ask your Facebook Friends
|
Hi community,
I'm currently building a website that allows public access after classic verification methods (captcha + email verif.) I do my best to sanitize all of the inputs and stay in control of the data flows. I am 100% sure that there will be people...
Started by m_oLogin on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
I'd imagine a hacker could only use the error's information for malicious as if nothing happened: if you receive malicious code, log the event (it could be the case you missed malicious users to keep trying....
That there was an error.
|
|
If you implement an interface in Java, there is nothing to prevent the caller from looking at what concrete implementation you have supplied, casting to that class and calling methods that are not in the interface. I believe this is called "malicious ...
Started by Thilo on
, 3 posts
by 3 people.
Answer Snippets (Read the full thread at stackoverflow):
Only the factory can see it and it will return only the interface type so there is no concrete implementation to cast against... .
Another way to protect against this is to use a factory class, and have the implementation be a private inner class of the factory .
|
|
We have an ASP.NET custom control that lets users enter HTML (similar to a Rich text box). We noticed that a user can potentially inject malicious client scripts within the <script> tag in the HTML view. I can validate HTML code on save to ensure...
Answer Snippets (Read the full thread at stackoverflow):
Instead of black-listing some tags (and missing some of the ways you may be attacked), it is better to decide on a set of tags that are OK for your site and only allowing them... .
XSS (Cross Site Scripting) is a big a difficult subject to tackle correctly .
|
|
I am working on a servlet (runs on tomcat) which receives requests that contains Java Script code, and using the java scripting API framework evaluates/run the code and returns the answer to the user.
Since we are dealing with user generated code, the...
Started by special0ne on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
And since this is probably what your question really meant, I'll put forward my answer - ... .
My question to you: what counts as bad code ?
If you cannot come up with a formal definition of what counts as bad code, you cannot hope to be able to detect it .
|
|
Hi,
I unfortunately found today that I have a malicious script on my website. It is chmodded 644, but I cannot delete it. Directories above it would permit me to delete it normally. The interface is cPanel.
I found out the name of the creator from the...
Started by Cyclone on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at serverfault):
For rootkits and other malicious stuff to use is use extended attributes (especially the immutable attribute.
|
|
I am a FireFox user, and I recently installed the GMail notifier add-on. When you first install the add on, it requests your GMail address and password, and will then use this to login to your Gmail account (presumably via SSL).
It shows a number on your...
Started by LeopardSkinPillBoxHat on
, 8 posts
by 8 people.
Answer Snippets (Read the full thread at stackoverflow):
If it later turns out to be malicious....
To have security professionals inspect the code for any malicious or unintentionally dangerous code it doesn't stop your app being malicious, but it does mean everyone has a good idea who wrote it.
|
|
Hi guys, my proble is to avoid that users upload some malicious file on my web-server. Im working on linux environment (debian).
Actually the uploads are handled via php by this code:
function checkFile($nomeFile, $myExt = false){ if($myExt != false){...
Started by DaNieL on
, 7 posts
by 7 people.
Answer Snippets (Read the full thread at stackoverflow):
Workarounds: http://stackoverflow.com/questions/602539/stop-people-uploading-malicious-php-files-via.
|
