Server – Page 21 – WindowsTechs.com

Time leakage effectiveness of small strings

Posted on December 14, 2020 by the correct answer

Supposedly, a server should never use naïve comparison between secured and user-provided strings, because of time leaks.
But I wonder, during a server response there are many random factors that have a greater impact on running time.
I won… Continue reading Time leakage effectiveness of small strings→

How to make Squid Proxy undetectable by ip-check.net?

Posted on December 13, 2020 by Oussama

I have setup squid proxy on a CentOs server where I set forwarded_for to delete and denied request headers on the /etc/squid/squid.conf file. However, whilst connected to the proxy, if I visit http://ip-check.net/detect-proxy.php it still … Continue reading How to make Squid Proxy undetectable by ip-check.net?→

PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

Posted on December 10, 2020 by Lindsey O'Donnell

Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases. Continue reading PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers→

Strange cyrus/imaps Logins without valid password

Posted on November 24, 2020 by mko

I found apparently successful logins from a foreign ip-address to our cyrus-imap server:
Nov 24 08:16:20 server-1 cyrus/imaps[12101]: starttls: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 24 08:16:20 s… Continue reading Strange cyrus/imaps Logins without valid password→

XSS on marketing websites like craigslist. How does this work on a technical level?

Posted on November 21, 2020 by Freddy Nova

I was wondering how this works.
We have a marketing site in Holland where people can sell second hand goods.
Rumor goes that there is a lot of phishing going on there and XSS code is used in the images that are uploaded to the site for mal… Continue reading XSS on marketing websites like craigslist. How does this work on a technical level?→

Does BYOB Botnet work when target and attacker are on different networks?

Posted on November 8, 2020 by Wannabe Hacker55

I know that to start the BYOB server you need to put
python server.py –host PRIVATEIPADDRESS –port 8080

But, after –host I put the private IP address, but won’t that not work if the attacker and target are on different networks as a pr… Continue reading Does BYOB Botnet work when target and attacker are on different networks?→

Is SSL Always Required When Communicating With Internal Client/Servers?

Posted on November 4, 2020 by pat17

I’m in the planning/design stages of a project which will incorporate an internal server that communicates with internal clients. A quick summary of how this server will behave is as follows: end-users will make calls/commands to the serve… Continue reading Is SSL Always Required When Communicating With Internal Client/Servers?→

How to use Vssadmin command-line to manage VSS in Windows 10

Posted on October 20, 2020 by AnandK@TWC

Microsoft Windows systems create snapshots or backup copies of files on your hard drive…

For more visit TheWindowsClub.com. Continue reading How to use Vssadmin command-line to manage VSS in Windows 10→

Hackaday Links: October 11, 2020

Posted on October 11, 2020 by Dan Maloney

If you’re interested in SDR and digital signal processing but don’t know where to start, you’re in luck. Ben Hillburn, president of the GNU Radio Project, recently tweeted about an online curriculum for learning SDR and DSP using Python. The course was developed by Dr. Mark Lichtman, who was a …read more

Continue reading Hackaday Links: October 11, 2020→

Server to server authentication

Posted on October 11, 2020 by bodeke56

I need to perform sensitive REST API calls between 2 server applications that I am writing. To do this I need to be able authenticate the server that is performing the sensitive API calls.
The current architecture + what I need to add in o… Continue reading Server to server authentication→