Why would a software need my IP address in authentication token?

I was looking at the authentication token used in my network requests to a software that we use at work. I noticed that this is not a general JWT OAuth token but some XML based token. I guess, old way of doing things. I am particularly interested as to why do they need my IP address?

Is there a legitimate security reason to need it? My guess is to ensure that no other machine can reuse the token.

For software programmers/script nerds

Hello,

It’s been awhile since Ive used GSA but I have been getting back into learning more code so it interests me again.

I can’t seem to find really good updated info on custom scripting. Just a way to use API on GitHub and some very old Ozz posts.

I also see Serengines may have created a GUI to make scripting easier???

Was wondering if anywhere there maybe updated info for custom things like scripts using GSA?

Also moving forward what would be best languages to know for this?

I know little html, css, javascript,   very little python and selenium.

I guess Im wondering what would be best way to start coding scripts and possibly create a little addon for this software?

Any ideas or input thnks?

Would an anti-virus software make any other processes consume more CPU?

Would an anti-virus software make any other processes that it scans to consume more CPU?

We recently switched to a new Next-Gen, AI based Anti-Virus software. On couple of our Linux servers that runs Java processes, there has been frequent high spikes in CPU usage recently. Apparently, it is Java that is the highest consumer of CPU while the anti-virus process isn’t using a lot. I am pretty sure that it is not the anti-virus behind the higher CPU usage since the these spikes started a couple of days before even the AV software was installed. So, right now, I am in the process on convincing others that it is not the anti-virus (trust me, no one is believing what they see at top -c) . Before I go back to the team, I would like to make sure that when anti-virus scans every single file that gets opened by other processes, the resultant CPU usage would show up against the anti-virus process and not against the process that opens the file. Is this how it will appear in CPU usage stats?

Server run Amazon Linux and the Anti-Virus is Crowdstrike Falcon.

Does antivirus software detect scrceen grabbing functionality in a running program?

Let’s say a malicious actor publishes a piece of software that calls a screenshot function (e.g. Graphics.CopyFromScreen() or the UIAutomation Framework in .NET) every so often, but doesn’t notify the user of that. I download and install that software.

Assuming that the software is signed with a valid publisher certificate, I have a few questions around that:

  • Would that screengrabbing behaviour be detected by an(y) Antivirus solution?
  • If yes, do legitimate screengrabbing programs need exceptions in an antivirus program to allow that behaviour?
  • If no, will at least the exfiltration of the data be detected by the AntiVirus software? (I guess the exfiltration can happen in so many different ways that it’s a bit of an arms race to see that bytes are being sent that encapsulate/encode the screengrab and not some form of telemetry, for example)

I’ve been googling for a while but can’t seem to find anything on the topic.

seo and documenting multiple version of our software

How to markup the documentation of the different version of our product?

considering that

  • The content is not strictly identical across version,
  • but it is very often the same,
  • we wish newer version to be preferred by seo engines,
  • but older versions are preferred since they are older.

for a couple of year our strategy has been to follow this answer to the question

  • have all url prefixed by their version
  • create a “latest” prefix that is a symlink pointing to the most recent version
  • the most recent version have a <link rel="canonical" targeting the “latest”
  • all version (except the most recent) start with a disclaimer indicating that this version is not the latest, this disclaimer include a link pointing to the latest version

This is an example of our urls :

  • old version : https://www.itophub.io/wiki/page?id=2_4_0%3Auser%3Astart
  • latest version : https://www.itophub.io/wiki/page?id=latest%3Auser%3Astart
  • latest version duplicate, with the <link rel="canonical" : https://www.itophub.io/wiki/page?id=2_7_0%3Auser%3Astart

This is an example of the disclaimer including a link to the latest version picture of the link pointing to the latest version


This was meant to strengthen the “latest” url by having a stable url over time and by having several pages linking to it.

This does not seem to work, since google continues to prefer olds pages. What should we do? I only see the nuclear weapon here : adding on all version a <link rel="canonical" targeting the “latest”.

I obfuscated my commercial software, i lost source

A VERY bad problem.

I obfuscated my web software with srcProtector and i archieved files, i uploaded a new version of software on the website.

The problem is i forgot to copy files in a new path for backup. VERY VERY BAD!

Code looks like: obfuscated file

I tried already unPHP.

PLEASE HELP ME!! (is there any winscp undo button (reconnectect session) or any deobfuscator for this?)

Are there any c# .net free software composition analysis tools to check opensource component used and its vulnerabilities and license

I have situation where I have to anlyse the third party components\libraries used in the code within the license terms and no know vulnerabilities.

I know there are tool name blackduck and whitesource which can meet the expectation, but we cannot afford costly tools.

Is there any free stable tools available for such analysis. One I came across is OWASP dependency.

Appreciate any help over here.

What makes software video encoder have higher quanlity than hardware video encoder

It is said commonly software video encoder have higher result quality than hardware encoder. Higher quanlity here means higher picture quality at a given bit rate.

Hardware encoder are commonly for realtime usage and some are for mobile application, then there are trade offs in hardware encoder to get realtime performance and have lower power.

Commonly what is exactly the trade off (e.g. which encoding algorithm parameter) in hardware encoder that make it have lower quanlity than software encoder?

Will simply change some encoding parameter (and as a result more chip area and power consumption) make a hardware encoder have the same quanlity as software encoder?

H.264/H.265 are considered.