Is it safe to extract file from potentially infected disk

I have a hard drive used for years, there are windows and many personal files on it. What I called "files" are images, musics, documents (pdf or docx), but not programs. All the "files" were not initially infected. As I said in the title, the hard drive may be infected by malware (I did not safely use it).

My question is : can I extract these personal files on a safe computer without risk of contamination ? In other words, may these files be infected and spread malware ?

Self-XSS From File Upload Name

I encountered this type of vulnerability a couple of times but weren’t able to fully exploit it, need help! This vulnerability is self-xss which is triggered from file names. E.g. If I were to upload a file named ‘[xss-payload].png’, it will be executed as javascript and the window will prompt ‘1’. But it only goes as far as that, the file name stored in the server is randomly generated, therefore this isn’t a stored xss. Is there anyway I could exploit this? The Javascript is executed when uploading the file only. I tried chaining with Clickjacking, but website doesn’t allow iframe. And from what I heard, CSRF is not possible since setting a ‘pre-filled’ file name is not possible when uploading a file. Any idea where I should go with this? Can I chain this with other vulnerabilities? Thank you all.

[XSS-Payload] = Any XSS payload as file name will be executed when uploading the file

E.g. File Name: <img src=x onerror=alert(1)>.png

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?I want to run pcap malware to test snort in my cloud server.I want to know on doing so if it will affect my local machine.

How to create a html file offline with app cache

We have an online html file that is accessible through the browser, we want this to be available offline and looking in to it the best thing would be using the App Cache with a manifest file.

I believe i have done all the steps correctly but it still doesn’t preload all the files for the html. Here is what i have done:

1. Updated the html tag to read

html manifest="location of manifest file"

2. Created a manifest file listing the individual files

CACHE MANIFEST

1360_VT_04data60_VT_03.js

1360_VT_04data60_VT_03.swf

1360_VT_04data60_VT_03.xml

1360_VT_04data60_VT_03_core.xml

etc….

3. Edited the .htaccess file with

AddType text/cache-manifest .manifest ExpiresByType application/x-web-app-manifest+json "access plus 1 year" ExpiresByType text/cache-manifest "access plus 1 year"

Any ideas why this is not working?

Getting bus error (core dumped) whenever I start Nautilus or any gnome specific file manager [closed]

For about a year I am having trouble with my computer it just happen to crash and after a restart it render useless and I then have to install a new os, the problem persists but now I have new problem (For which this post is actually about)

I was downloading php docs from Firefox and suddenly it hanged and I had to kill it and after that to see if anything downloaded or not I started Nautilus but it didn’t opened and when I looked into the error it says:

Bus error (core dumped)

And now no file manager is starting.

I am kinda frustrated now and really looking for some help, I’ll be really gratefull for any help.

Os: Linux fedora

What’s the point of providing file signatures for verifying downloads?

Many projects offering binaries, also offer checksums (e.g. SHA256) of those binaries, e.g. as ASC files. This isn’t to protect against network-caused corruption, as that’s ensured by the TCP protocol.

Given that the binary and the .ASC file are downloaded from the same server (example from very sensitive software), what attack scenarios does this technique prevent?

If an attacker managed to tamper with the binary, why wouldn’t they tamper the signatures in the same way? Same for the attacker performing MITM and tampering the download in transit.

I can imagine that a separate, secret, monitoring bot hosted on a completely different system, could download the signature file every minute (given its tiny size) and check it against tampering, but I haven’t heard of this being done.

I am not getting output for the below batch file as expected [closed]

I wrote the below mentioned test batch file… But while executing it, when I give input as "How are you" then the file automatically gets terminated.

@echo off echo Hi! echo Happy to be at your service 🙂 :start set /a A = How are you set /p help="How may I help you? " if /i %help% EQU excel (start excel) else (if /i %help% EQU %A% (echo I am good! Thanks for asking)) goto start

But, if I write…

@echo off echo Hi Sir! echo Happy to be at your service 🙂 :start set /a A = How set /p help="How may I help you? " if /i %help% EQU excel (start excel) else (if /i %help% EQU How (echo I am good Sir! Thanks for asking)) goto start

and when I give input as "How"… I get the output as expected.

The output that I get at this case is…

Hi! Happy to be at your service 🙂 How may I help you? how I am good! Thanks for asking How may I help you?

Kindly help me in solving this issue.

how to get rid of curly brackets writing minimization output to file

I have the following code

SetDirectory["C:\test"]; fname = FileNameJoin[{%, "results.dat"}]; str = OpenWrite[fname, FormatType -> StandardForm]  D1 = 0.4; D2start = 0.26; D2fin = 0.5; Ntot = 12; D2step = (D2fin - D2start)/Ntot;  For[i = 0, i <= Ntot, i++,   D2 = D2start + i*D2step ;   With[{minsol = NMinimize[fnew[D1, D2, x], x]},   fmin = First@minsol;   xn = Values@ Last@ minsol;];   Write[str, D2, " ", xn]; ]   Close[str]; 

i.e I minimize the function fnew wrt x and write the value of x in the file results.dat. The problem is that the output is

0.26 {0.711259} 0.28 {0.744881} 0.3 {0.776204} 0.32 {0.805418} etc. 

How do I get rid of these annoying curly brackets?