I need a person to look over and test the security of a program that I am writing. It is in its final stages so no major bugs should be in it. You have to be good in C programming, and know how encryption works. Being knowledgeable in security is a plus. Email me at <removed> or message in post if you are interested.
View 4 Replieswhy when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies View RelatedI am new to ubuntu natty narhwal 11.04 i want to ask as i have used only windows OSs where one must have to run anti virus for smooth computing. I am shifted to ubuntu now please tell me is there any need to use anti virus in ubuntu or not if yes then please guide me which anti virus and how should i install it on my ubuntu.
View 9 Replies View RelatedI get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies View RelatedI'm trying to make a program for Windows Me and linux that will mimic/imitate Windows Security Center. Maybe put it in the cloud? WIndows Me is good, it doesn't matter that Windows Me is discontinued, and I'm not trolling. But my main focus is linux.
View 9 Replies View RelatedIs there any point to running a personal firewall when using a linux live CD or DVD with a dialup internet connection? My chief concern is compromise of the underlying Windows installation. I do not need corporate-grade security.
View 11 Replies View RelatedI have set up a user to login remotely to our Red Hat 5 server via SSH. A rule in our department firewall enables this user to login from a single static ip address. The ssh port on our server is 22. I am able to login to port 22 from locations within our department firewall. Our administrator says the firewall configuration is unchanged. The remote user had been successful logging in. But now the remote user gets a Connection Timed Out message, before being asked to authenticate by the server.
I regenerated security keys, but the remote user still gets the connection timed out message. (I can login locally with the new keys). I suspect either a firewall or an authentication problem--inclining a firewall problem. Am I correct? Is there a Linux command to check whether port 22 is available or blocked, prior even to authentication, for login from the user's remote location?
I would like to test my firewall rules. Is there some app or web service where I can do that ?
View 6 Replies View RelatedI am learning exploit development and learning some stuff about shellcodes now! The shellcode is absolutely right and have tested it. I am using the following code...(created by me) to run my shellcode..
Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers..
char shellcode[] = "x31xc0xb0x01x31xdbxb3x07xcdx80"; // basic exit shellcode
int main()
{ int *ret; // a simple integer pointer pointing a address
ret = (int *)&ret + 2; // change the address pointed by
(*ret) = (int)shellcode; }
Compiling :-
Code:
aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector
Compiling gives no errors as expected..
Now the problem I am facing is that As I run the program :-
Code:
aneesh@aneesh-laptop:~/articles/C$ ./test
Segmentation fault
Strace output :-
Code:
aneesh@aneesh-laptop:~/articles/C$ strace ./test
execve("./test", ["./test"], [/* 37 vars */]) = 0 .....
set_thread_area({entry_number:-1 -> 6, base_addr:0xb78016c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xf5e000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0x15c000, 4096, PROT_READ) = 0
munmap(0xb7802000, 81274) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault
I have some feeling that its because the program has no access to the memory containing the shellcode (May be???)..
My make file has the following lines:
blah blah
INCLUDES= -I./src
-I./include
-I$(PROJECTPATH)/myproject/libs/liburi/include
LDFLAGS+= -L$(PROJECTPATH)/myproject/libs/liburl/
[code]....
The LDFLAGS specifies the library path, which is specified as -L$(PROJECTPATH)/myproject/libs/liburl/ When I check this directory on my machine I see that the file: liburi.so.1 is indeed there.
I have a problem, I need to launch another binary from my application, but I need to get the control back once the other binary is initialized. fork/exec doesn't seem to give anything on that side using pthreads I'm able to wait until the new thread exits, but that's not what I want at the moment I'm using popen, but it doesn't seem to do the job right...
View 14 Replies View RelatedI have installed a "backtrack 4" in order to test the the wireless network security of my router. how and which commands would be needed. Also, do I need to install airodump into the host?
View 1 Replies View RelatedI launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.
View 3 Replies View Relatedi have an application that launches several pthreads, i know that the default size used by Linux is 8Mb for each pthread. However i would like to optimize the total memory usage by my application by decreasing the default stack size of each pthread to the needed resources. My questions:
- Are there any rules to set the pthread stack size.
- How to compute the memory needed by each thread.
- Is the malloc call inside a thread counted from the stack size of the same pthread?
I am involved in a project where some regression tests are to be automated. Could you please tell me what are the testing tools that are available for doing automated GUI testing in Linux?
View 2 Replies View RelatedI'm writing a bash script that can be run by crontab or by a user interactively.
If the script is run by a user interactively, it will ask for a parameter interactively.
If the script is run by the crontab, it validates if a command line parameter is provided.
In doing so, I cannot get these tests to work inside the bash script
Code:
This shell is not interactive
How the tests be done inside a script?
I would like to know the Tools which are used for Testing the performance of C and C++ programs under linux?
View 4 Replies View RelatedI am trying to build architecture specific binaries of gtk-sharp2. So far I have been unable to get gtk-sharp2 to build even without specifying a specific architecture. I got the source with apt-get source gtk-sharp2 and attempted ./configure, make, but it fails to build with the error message:
Code: Select allNo rule to make target 'thread.c', needed by 'thread.lo'.
I've also tried downloading the source directly from the mono project [URL] ...., but when building it fails with
Code: Select all#error "Only <glib.h> can be included directly."
This site [URL] .... provides a patch to fix the error, but when I applied it I got the same error.
I think the Debian version applied the patch correctly, but for some reason I still get that other error message.
These message outputted by configure may point to the problem:
"checking if gcc supports -fno-rtti -fno-exceptions... no"
"./configure: line 12920: enable_msi: command not found"
Basically, I am provided with a file "temp.dat" with 30 high temperatures (integers) in it. The program is supposed to read them in and compute/print the average. Then it is supposed to print the temperature of each day and, in addition, display a + by each day that is over the average, but only if it is above the average high for three or more consecutive days. This is the part I am stuck on. I'd appreciate any tips that would point me in the right directionFull disclosure: This is a school project. Code:
Code:
#include <stdio.h>
#include <stdlib.h>
[code]....
I have this treacherous program in C which uses external static libraries (extern etc), and want to do a coverage test of it. The libraries are written in fortran. I compile like this Code: gcc -fprofile-arcs -ftest-coverage -o main main.c library.o I run my nice program like that
Code: ./main Then I do the magic stuff
Code: gcov main.c library.f
Ok 98% of the lines were used in main.c, and I get a file with line counts and all that. Great! But, I need to know the coverage in my library too! It says 0.0% and that's impossible. So what can I do? I can't run it like an executable because it's a library.
And why is the terminal not accepting my copy paste? I copy some lines from my IDE, then I want to paste it into the terminal (with ctrl-v of course, not some crazy local application non-standard counter-intuitive key combo made just to cause agony among honest users!), and that could've been the only problem here, but it isn't. I can't even paste with that right click menu. So, if I was crazy before, I went nuts after that. My great "solution" was to paste it into the firefox URL field (not the search field ) and then copy that and paste it into the terminal. Is that common practice for you all while dealing with that unburied DOS-window?
I want to move files from a $SOURCEDIR to a $DESTBASE/$DESTDIR. Under $DESTBASE there are many directories, and I need to test beforehand if a file from $SOURCEDIR already exists in any of them.
This is obviously extremely slow, and the real use case involves dozens of dirs and thousands of files. Creating a temporary "index" file for the find command (instead of running it every iteration) speeds it up a little, but it's still very clumsy.
I am using Fedora 13 and I have one program (wine) that I need to start grabbing for the updates-testing repo instead of the default repositories in order to get newer versions. I think I can figure out how to add that repository, but I need to know if there are any others I need to disable or any other changes I need to make to my system so that I don't confuse my set up with conflicting updates.
Also, is there anything special I need to do to be sure that only that one program is grabbed from the testing repo when I run regular updates?
when ever i try to install updates i get shown an error & the updates stop the error i get says "librpmio.so.0 is needed by package abrt-1.0.3-1.fc12.i686 (updates) librpm.so.0 is needed by package abrt-1.0.3-1.fc12.i686 (updates)"
View 12 Replies View RelatedI am a ubuntu user but I want to go to the next level to use debian because what I heard of it, but I get confused to what to install on my computer do I install debian testing or debain stable with testing repositories.
- I want to use this system to the home use only.
- I want to use the newest packages because the stable packages is too old to use.
- What about using more than one repository i.e stable with testing with unstable at the same time (the same sourcelist)
- Is the testing and unstable sid packages good enough for the home use?
I am trying to program iptable rules for implementing a 1:1 NAT which does the following:
1. Forward all traffic from all ports on a public ip to a private ip
2. Forward traffic from a range of ports (x-->y) on a public ip, to a private ip
I did some google searches for the same, and came up with the following.
iptables -A FORWARD -t filter -o eth0 -m state
state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state
state ESTABLISHED,RELATED -j ACCEPT
The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.
View 5 Replies View RelatedAnyone know what tweaks are needed for above set up?
View 5 Replies View RelatedI am looking to setup some computers as thinclients to connect to my MS Terminal Servers. We have a homebrew application that configures RDP sessions. A user logs into a webpage that dynamically generates a "launch.rdp" file. This file is generated to balance the load between servers.What I'd like to do is configure an image to boot up into Mozilla. When the user goes to the webpage, I'd like the launch.rdp file to open up in a terminal server session.I've tried with rdesktop and tsclient, but unfortunately neither would work with a "rdp" file.
View 14 Replies View RelatedI'm running my newly-built minimal slackware-13.1 system and considering install X and fluxbox into it. The problem is, as a minimalist, I want just the packages that needed for X and fluxbox and no more.
View 14 Replies View Related