Very true, at which point this function simply doubled up the string delimiters, breaking the SQL injection. The major problem with Classic ASP was the casting of variables, if not done properly you were asking for it. If it's numeric, check it..NET does not suffer from this problem unless the coder specifically passes a numeric value thou to an SQL statement as a string, which would be stupid. If everyone used stored procedures to deal with the SQL data, none of this would happen. My above checks alert you to the fact that someone if having a go, you can't do that when checking for string delimiters as they are valid characters, but yes, if your code uses a shitty "execute" command, check it. If you use proper stored procedures, this will no affect you.
Lame coders who either 1) Just don't understand, so are fucking stupid! 2) Just don't care, so are fucking stupid! Note: I'm a coder, but I've always taken security very seriously, hence I get emails everytime someone trys:) and the sites I manage are OK.
Lame, or just to stupid to understand! OK, I'm a coder but I take security very seriously. Why are sites still prone to this type of attack? I used to work with Classic ASP scripts, (I use.NET now obviously), which were very prone to SQL injection attacks but I had no problems, mainly because on all pages, I simply check the query string for the following:
char(
cast(
convert(
If it contained any of these, add IP to bad list and redirect to/banned.htm page.
SIMPLE!!
I should know, I do deauthentication attacks against WPA-PSK encrypted networks, hence my site has a few captured packets then need cracking:
http://www.md5decrypter.co.uk/forum/forum_topics.asp?FID=9
I currently only have 1 cracked but tbh, as long as you use a very good password, no one is going to crack it. We'll all have to wait until someone figures out a major hole like in the WEP encryption;) 5-10 mins, no problem!!
I've seen ads delaying page loads numerious times, classic is what they have said further up this page, white screen with "connecting to foo.ads.doubleclick.com" in the status bar >:( The page data should be rendered anyway and then the images loaded, but it's not always the case.
As a comparason, it's like me developing an online project, releasing it live, find a security hole and then putting a news item on the front page telling everyone about it and how to exploit it.
Stupid.
I mean, we have no Helium 3 left, lets tell everybody so they know that they can import nukes without being found out.
I would have thought it best to keep this sort of thing COMPLETELY under wraps, what the enemy don't know doesn't hurt.
I use this for storing all my password, its simple and needs no install, meaning you can run it from a USB key!
Password Corral
http://www.cygnusproductions.com/freeware/pc.asp
With regards to getting around the path location issue, simply use . to tell the prog to look in current directory.
Un-secured wireless networks are a problem but so are WEP encrypted networks, they can easily be cracked using the likes of BackTrack 3. WPA and WPA2 encryption is a "bit" better but can also be cracked using either brute-force of dictionary based attacked after a target client has been "force" to re-authenticate via packet de-auth. WEP is a no no and with WPA, you need to use a strong password, nothing obvious;)
I agree, total LIES!! If they did have backups, they must have had them accessible from the main server, which is stupid! Hackers are not stupid. Backup servers should PULL data from servers, not the other way round. This means the backup servers are totally locked out to all other servers. On top of this, why the hell didn't they use backup tapes?
www.avsim.com has just learned the ultimate lesson, and may pay for it with it's life.
There is a simple answer to this:
1). Copy all your data onto an external device.
2). Perform a system restore on the laptop with the restore disks, (All laptops come with them).
3). Take it back to the store and they can't refuse you:) If they ask, "Have you installed any other OS", LIE! and say "NO".
This is linking 4 750 GB HDs in a RAID 0... errrr, bad idea. RAID 5 more like. At which point you loose 1 HD for the parity bit which changes the size to:
2.046 PB
RAID 0 is baaaadddddd as you will loose everything if 1 HD fails.
"Window's PatchGuard" should be an optional feature. If you dont' want to use it, (like me!), you should be able to NOT include it when installing etc. Being able to do what you want is the best way, forcing users only pisses them off.
If they build a house, ya, it would probably kill U:P The amount of programs that don't empty, (Null), variables after they have finished with them, talk about gobble up memory.
Come on fellow programmers, clean up after yourselves.
When I was at college 7 yrs ago, (Damn, it's been that long?), it wasn't exactly hard to get other people's information etc. I'll be honest now, I copied off loads of accounts while I was there, just did it for fun, (I was 16!), no real reason. One thing I did make sure was that I DIDN'T GET CAUGHT:P lol
After all, we were mmmmmmmm, quite a lot years past that so going on that basis, any idiot would define 00 = 2000. Being honest tho, the 2 digit year format is a pain in the ass as the problem will occur again, so invalidating any old archived data using 2 digits as the year.
It's a nitemare waiting to happen:P
muuhhhaaaaaaaa
I gotta admit that that's pretty kewl but it's so easy to write P2P software, I write me own Chat, SE Reporting, URL Ripping software, it's so simple. I even go as far as to develop my own encryption algorithm based on RC4 but seriously modified, e.g. rather than having a Key of 256, (0 - 255), I have 65026, (0 - 65025), with a lesser percentage of 0 ascii codes than RC4.
I always have a Firewall running now! Removes loads of ad sh!t! I personally hate ads! If I want something, I'll go and get it myself!
The ideas of larger ads being introduced total sucks! TV is nearly just as bad, start watching a proggy, 10 mins later, ADVERTS!, 5 mins later, back 2 proggy, 10 MINS LATER! ADVERTS!... and so on! Advertising has gone stupid! If they kept it within moderation, it might not be tooooo bad!
(All in all, it sucks!)
Slashdot Mirror
Very true, at which point this function simply doubled up the string delimiters, breaking the SQL injection. The major problem with Classic ASP was the casting of variables, if not done properly you were asking for it. If it's numeric, check it. .NET does not suffer from this problem unless the coder specifically passes a numeric value thou to an SQL statement as a string, which would be stupid. If everyone used stored procedures to deal with the SQL data, none of this would happen. My above checks alert you to the fact that someone if having a go, you can't do that when checking for string delimiters as they are valid characters, but yes, if your code uses a shitty "execute" command, check it. If you use proper stored procedures, this will no affect you.
Lame coders who either 1) Just don't understand, so are fucking stupid! 2) Just don't care, so are fucking stupid! Note: I'm a coder, but I've always taken security very seriously, hence I get emails everytime someone trys :) and the sites I manage are OK.
Lame, or just to stupid to understand! OK, I'm a coder but I take security very seriously. Why are sites still prone to this type of attack? I used to work with Classic ASP scripts, (I use .NET now obviously), which were very prone to SQL injection attacks but I had no problems, mainly because on all pages, I simply check the query string for the following:
char(
cast(
convert(
If it contained any of these, add IP to bad list and redirect to /banned.htm page.
SIMPLE!!
I should know, I do deauthentication attacks against WPA-PSK encrypted networks, hence my site has a few captured packets then need cracking: http://www.md5decrypter.co.uk/forum/forum_topics.asp?FID=9 I currently only have 1 cracked but tbh, as long as you use a very good password, no one is going to crack it. We'll all have to wait until someone figures out a major hole like in the WEP encryption ;) 5-10 mins, no problem!!
I've seen ads delaying page loads numerious times, classic is what they have said further up this page, white screen with "connecting to foo.ads.doubleclick.com" in the status bar >:( The page data should be rendered anyway and then the images loaded, but it's not always the case.
Firefox + ABP = No ads.
As a comparason, it's like me developing an online project, releasing it live, find a security hole and then putting a news item on the front page telling everyone about it and how to exploit it. Stupid.
I mean, we have no Helium 3 left, lets tell everybody so they know that they can import nukes without being found out. I would have thought it best to keep this sort of thing COMPLETELY under wraps, what the enemy don't know doesn't hurt.
Link: http://www.tomshardware.com/news/Asus-Nvidia-Supercomputer-Cores-960,8943.html I know it costs more but when you consider you'll get 1.1 teraflops of power, it'll munch away at a mental speed. All this in a standard PC tower!!!
I use this for storing all my password, its simple and needs no install, meaning you can run it from a USB key! Password Corral http://www.cygnusproductions.com/freeware/pc.asp With regards to getting around the path location issue, simply use . to tell the prog to look in current directory.
Un-secured wireless networks are a problem but so are WEP encrypted networks, they can easily be cracked using the likes of BackTrack 3. WPA and WPA2 encryption is a "bit" better but can also be cracked using either brute-force of dictionary based attacked after a target client has been "force" to re-authenticate via packet de-auth. WEP is a no no and with WPA, you need to use a strong password, nothing obvious ;)
I agree, total LIES!! If they did have backups, they must have had them accessible from the main server, which is stupid! Hackers are not stupid. Backup servers should PULL data from servers, not the other way round. This means the backup servers are totally locked out to all other servers. On top of this, why the hell didn't they use backup tapes? www.avsim.com has just learned the ultimate lesson, and may pay for it with it's life.
That's an average speed of 87 MPH. Not bad.
There is a simple answer to this: 1). Copy all your data onto an external device. 2). Perform a system restore on the laptop with the restore disks, (All laptops come with them). 3). Take it back to the store and they can't refuse you :) If they ask, "Have you installed any other OS", LIE! and say "NO".
The main point in there being "1949". Yeah, it was over 50 years ago when that was done, time to GET WITH THE TIMES me thinks :)
This is linking 4 750 GB HDs in a RAID 0... errrr, bad idea. RAID 5 more like. At which point you loose 1 HD for the parity bit which changes the size to: 2.046 PB RAID 0 is baaaadddddd as you will loose everything if 1 HD fails.
"Window's PatchGuard" should be an optional feature. If you dont' want to use it, (like me!), you should be able to NOT include it when installing etc. Being able to do what you want is the best way, forcing users only pisses them off.
If they build a house, ya, it would probably kill U :P The amount of programs that don't empty, (Null), variables after they have finished with them, talk about gobble up memory.
Come on fellow programmers, clean up after yourselves.
is on the 2nd June 2040 @ 03:57:02 so long wait till the next one :P
There are 1,099,511,627,776 bytes in a Terabyte...
s ionTable.asp
http://www.webopedia.com/quick_ref/FileSizeConver
Going on that basis:
1,099,511,627,776 / 8 = 137438953472 Bytes = 128 GB
(Divide by 8 as they specified bits)
When I was at college 7 yrs ago, (Damn, it's been that long?), it wasn't exactly hard to get other people's information etc. I'll be honest now, I copied off loads of accounts while I was there, just did it for fun, (I was 16!), no real reason. One thing I did make sure was that I DIDN'T GET CAUGHT :P lol
After all, we were mmmmmmmm, quite a lot years past that so going on that basis, any idiot would define 00 = 2000. Being honest tho, the 2 digit year format is a pain in the ass as the problem will occur again, so invalidating any old archived data using 2 digits as the year. It's a nitemare waiting to happen :P
muuhhhaaaaaaaa
I gotta admit that that's pretty kewl but it's so easy to write P2P software, I write me own Chat, SE Reporting, URL Ripping software, it's so simple. I even go as far as to develop my own encryption algorithm based on RC4 but seriously modified, e.g. rather than having a Key of 256, (0 - 255), I have 65026, (0 - 65025), with a lesser percentage of 0 ascii codes than RC4.
Nooooooo, am no advertising copy-writer :P, just havin' an angry episode. Ads... just... well... piss me off! and that's about it.
I always have a Firewall running now! Removes loads of ad sh!t! I personally hate ads! If I want something, I'll go and get it myself! The ideas of larger ads being introduced total sucks! TV is nearly just as bad, start watching a proggy, 10 mins later, ADVERTS!, 5 mins later, back 2 proggy, 10 MINS LATER! ADVERTS!... and so on! Advertising has gone stupid! If they kept it within moderation, it might not be tooooo bad! (All in all, it sucks!)