The very good security recommendation is: the mobile app should check if the developer mode is turned on and it should not start. Both in android and iOS. Do you agree with this sentence? What the development mode is threatened with? Or what other requirements do you recommend in exchange for this?
Most hackers keep their links undetected and also up for a long time and send phishing messages.
How is it done? Even Outlook server could not detect them.
Quais as maneira conhecidas para proteção de plugins premium, contra uso irregular? 🤓 🤔
Você quer lançar um plugin pago, o que pode ser feito para prevenir se não dificultar a distribuição ilegal(craqueada) do plugin?
Técnicas como chamadas para um servidor remoto para verificação da chave/dominio do plugin poderiam dificultar isso. Porém poderiam ser alteradas no código, então invalidando a técnica.
Então, que ideias vocês teriam dentro desse âmbito visando proteger o direito de distribuição do plugin.
I was looking through the 404 errors of my nginx logs today to see what the hackers are trying to do on my website.
I usued this command:
cat access.log | grep '404'
I saw the usual requests for directories like “/admin.”, “/backup/”, or “/private/” but I also see a few requests like these:
"GET /yatjgmatiak/ HTTP/1.1" "GET /gkjasdhytkaf/ HTTP/1.1" "GET /ukaewlinfsda/ HTTP/1.1" "GET /vankhasgeskl/ HTTP/1.1"
There aren’t that many of them (only about 50 total requests) so if it were a brute force attempt at trying to find an admin panel, it would be a poor one.
What do you think these hackers are looking for or trying to do?
Curious how to manage admin rights of the ethical hackers during a pentest when they coming on premise to test of different application.
A common saying among people in the field of cryptography and security is that when providing a back door to law enforcement, you also provide a back door for hackers.
I was trying to examine the implementation of Lawful Interception from 4G and the proposed implementation in 5G and to me it looks secure. The only way for a hacker to gain information that they shouldn’t would be if they knew the private key of the base station.
If we assume that the private key of the base station is secure, what could a hacker do that they could not have done without Lawful Interception being implemented?
I saw an ad for a vpn provider recently where they claimed that, without using a vpn, my credit card information is “wide open to hackers” while shopping on-line. I guess the implication here was that vpns are encrypted, while regular connections are not. However, isn’t https encrypted, and therefore safe to use without vpn? And aren’t on-line stores required to use https or other forms of secure payment?
eval() on their website’s code.
Hypothetically, if someone had access illegally to your network, wireless, or the alike. If you setup a VPN, would that stop the hacker from being able to see everything that you do or would him having prior access to the network trump the VPN setup?
Also, if I do setup a VPN, what protections does it give me as far as keeping people from accessing my email, what I do online, being able to convos through our phones, etc?
As an added security, is the general consensus to use something like a Tor browser or setup (not sure what the technical terms are) along with using a VPN?
Basically, I just want to take steps to the point of overkill to protect my network and any device that is using it as well.
I am planning to start a new asp.net core MVC web application. One of the features we are having is that anonymous users can register inside our web application by entering their email addresses. then our system will send them a confirmation email, to activate their accounts.
Now by default the system will show error message, in-case a user try to register using existing email address, even if the existing email address was not confirmed. now this will pose a major problem in our system, is that hackers can use others’ email addressees, and prevent them from registering inside our web application. Our web application is a CRM-like for real estate companies, and hackers can try to add as many email addresses has they want, they can get these email addresses from the companies’ web sites such as
admin@.. , etc. So is there any problem if I do the following modifications:-
- If the user did not confirm the email address in 1 hour, then the system will automatically remove his email address?
- When I want to check if an email address is unique to check only the approved email addresses.