Isn’t it better to “open” our doors, ajar, leaving a bit of honey behind the door, instead of trying to close what makes it more interesting for the hacker to keep on the operation?
Maybe using a trap behind the open door?
To give a real-world example, leaving the key under the house’ door mat, you make the key available to the intruder and so you try to hide it, it will help to leave the house open and “faking the infrastructure”.
about attacks like this where the do change the router dns using malicious code on fake sites or ads … how these sites were allowed to access the router while routers doesn’t have
Access-Control-Allow-Origin response header ?
There has been some fraudulent access to my machine. I can see in browser history that they’ve tried to buy gift cards, tried to access PayPal, amazon, etc.
I’ve turned off networking to the machine, but I’d like to know how they got access. Is there something I can search in the console logs to show a list of remote access times? And IP addresses?
The very good security recommendation is: the mobile app should check if the developer mode is turned on and it should not start. Both in android and iOS. Do you agree with this sentence? What the development mode is threatened with? Or what other requirements do you recommend in exchange for this?
Most hackers keep their links undetected and also up for a long time and send phishing messages.
How is it done? Even Outlook server could not detect them.
Quais as maneira conhecidas para proteção de plugins premium, contra uso irregular? 🤓 🤔
Você quer lançar um plugin pago, o que pode ser feito para prevenir se não dificultar a distribuição ilegal(craqueada) do plugin?
Técnicas como chamadas para um servidor remoto para verificação da chave/dominio do plugin poderiam dificultar isso. Porém poderiam ser alteradas no código, então invalidando a técnica.
Então, que ideias vocês teriam dentro desse âmbito visando proteger o direito de distribuição do plugin.
I was looking through the 404 errors of my nginx logs today to see what the hackers are trying to do on my website.
I usued this command:
cat access.log | grep '404'
I saw the usual requests for directories like “/admin.”, “/backup/”, or “/private/” but I also see a few requests like these:
"GET /yatjgmatiak/ HTTP/1.1" "GET /gkjasdhytkaf/ HTTP/1.1" "GET /ukaewlinfsda/ HTTP/1.1" "GET /vankhasgeskl/ HTTP/1.1"
There aren’t that many of them (only about 50 total requests) so if it were a brute force attempt at trying to find an admin panel, it would be a poor one.
What do you think these hackers are looking for or trying to do?
Curious how to manage admin rights of the ethical hackers during a pentest when they coming on premise to test of different application.
A common saying among people in the field of cryptography and security is that when providing a back door to law enforcement, you also provide a back door for hackers.
I was trying to examine the implementation of Lawful Interception from 4G and the proposed implementation in 5G and to me it looks secure. The only way for a hacker to gain information that they shouldn’t would be if they knew the private key of the base station.
If we assume that the private key of the base station is secure, what could a hacker do that they could not have done without Lawful Interception being implemented?
I saw an ad for a vpn provider recently where they claimed that, without using a vpn, my credit card information is “wide open to hackers” while shopping on-line. I guess the implication here was that vpns are encrypted, while regular connections are not. However, isn’t https encrypted, and therefore safe to use without vpn? And aren’t on-line stores required to use https or other forms of secure payment?