Search:

yeah, you and every spammer he's sued, lol. good point.

LOL

As ridiculous as this sounds, I guess I can't make that much fun of this thread considering this dude making more bank than any of us here http://tinyurl.com/4bopxkx



you'd think with a...

did you actually discover malware or any malicious activity or are you only looking at smoke at this point? if symantec didn't tell you the server was owned, get a second opinion so you're not caught...

actually, what you've found is a injection in a third party app on Facebook

http://developers.facebook.com/

apps.facebook.com is the domain name, but that's not their data.

I just signed up for tagged.com because I heard about something strange...

Apparently - they send email notifications with tokens in the URL that authenticate you automatically to their site after...

yeah, before everyone assumes it's the database md5 function, see original article using md5() before sending to the db:


<?php

$username = md5($_POST["username"]);
$passwd =...

Not like it used to be! c99 & r57 are still hot as always though.

@keezel @nihil

...and how exactly can a service provider reliably defend against a compromised user base? its not like they have jurisdiction to provide any level of security to infected asshats....

for all any of you know, there's a language barrier and he just wants to prevent people from looking at illegal **** on his network. Most of you probably do that too. :)

Does google analytics get loaded on all the same pages as your zencart statistics track for?

Browse through your access logs, see what the traffic was actually looking at. It could be you were...

oofki - thoughts on that?

ht - does ncircle have any sort of aggregation engine that can parse info from open source tools like samhain, syslog, etc?

Hey -

We're pushing to get enterprise vulnerability assessment done on our network. We're looking at IP360 and a few others (retina is one).

What do people here have experience with? Any...

Has anyone thought about how you would write malware for osx 10.4/5?

Assume you already have a browser exploit for a foothold...

How would you:

- run arbitrary code
- have a persistent...

uh, what?

Infosec vendors are horrible sources for data. Ebay + Paypal make up for so much phishing that they are usually ignored for reports like these. It's 'assumed' that they're getting raped by phishing...

It's only possible to do it well with a masterful IT department. Imagine if something went wrong and all your employees mailed back their workstations at once.

Howdy!

I've gone a long time without it very successfully, but the employer is offering to pay for test and training stuff for my CISSP certification.

Who has passed? Any hints about the test?...

howdy kids

so im doing a network assessment for a client and i just happened to notice something. I was ping sweeping (-sP) a /20 netrange from an outside host i normally work on, and I noticed...

Anyone here have experience with STRIDE or OCTAVE? I'm fitting together a threat modeling process and I'm interested in hearing about others experiences in this area... for instance what timeframes...

What setups do you have? I'm interested in hearing how much work your auditing setups do for you... and what pieces you have to give you data. (nmap, nessus, eeye, iis, etc etc)

I'm leaving a...

Howdy folks!

I'm interested in using spamassassin for some experimental purposes... or any bayesian system for that matter.

I'm wondering how tightly spamassassin is tied into email formatting,...

did you just say narsty? are you making up words? you are either really young or really old

i'd love to know what kind of hidden gems are hidden in some software available on sourceforge. you...

Ha! We agree both are equally crap. However, I find even the slightest accusation against Firefox to be somewhat ignorant when the benefit of THE SOURCE is available!

Seduced by open source......

first of all, wow. we're getting paranoid about open source code? :drink:

It's using a cert to verify the update. otherwise you can't verify it's integrity. Windows update does the same thing....

Yeah... just seems like overkill for my purpose.