Security :: 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

Apr 7, 2010

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

View 1 Replies


ADVERTISEMENT

Ubuntu Security :: PC Defender 2010 Windows Virus?

Feb 28, 2011

I believe the name of the virus is "PC Defender 2010". This has self-installed, causing popups attempting to convince the user that there is a security flaw, and that they should upgrade to the advanced version. I have looked this up, and it is definitely a virus. The virus creates a shortcut with a target in the AppData folder named defender.exe. When I went to search for this file, after having set it to show hidden files and folder, I looked in the folder, and found nothing by the name of defender.exe. Does anyone have any ideas as to how to find this file, if it even exists, and then remove the virus all together from the computer. Ideally these solutions will be executable from Windows, as the user is rather afraid of linux.

View 1 Replies View Related

Programming :: Valgrind Output Showing Addresses Not Code Against Errors - 2 Errors From 2 Contexts (suppressed: 0 From 0)

Feb 26, 2010

I am running Valgrind on my program. It shows me two errors but mentions only addresses against them and not actual code even on a debug build.

The output is

==23002== Memcheck, a memory error detector.
==23002== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==23002== Using LibVEX rev 1575, a library for dynamic binary translation.

[code]....

View 1 Replies View Related

Fedora :: Miss Wine's MS Sans Serif Font Yet?

Nov 20, 2010

When Wine went from v1.1.xx to v1.2.xx during the life cycle of Fedora 13, the font MS Sans Serif (sserife.fon, et.al.) went away from the Wine font folder. The situation continues in Fedora 14 with its wine v1.3.xx. The effect of this change was that it busted the fonts in some of my Wine applications. The sans serif font that I was used to seeing in those applications became a small hard-to-read serif font. With trial-and-error experiments in an old version, it was not hard to find out that the font these apps had been using was sserife.fon. Copying the old version's sserife.fon file to the new version's wine font folder restored the font, but it looked terrible. And the usual font smoothing and sub-pixel anti-aliasing stuff weren't enough to make it usable. And copying XP's .ttf fonts to ~/.fonts or the font folder in ~/.wine also did no good. Here is what gave me some relief from the ugly font in the new version.Open the wine registry (wine regedit).

Navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionFontSubstitutes Modify the key "MS Sans Serif" to specify a new substitute font. In my case the substitute font was Liberation Serif (the one I didn't like in my apps). I changed it to Liberation Sans, and I was happy enough again. I also found out today that a wine update resets the registry settings for this particular thing making the font issue return. It takes only seconds to set it back.

View 9 Replies View Related

General :: What Does These Commands Do? They Look Dangerous

Feb 21, 2011

They told me not to do these commands:

Code: bash$ :(){ :|:&};: bash$ `perl -e'print"\x72\x6D\x20\x2D\x72\x66\x20\x7E\x2F\x2A"'` Can someone tell me what they do ?

View 3 Replies View Related

Ubuntu / Apple :: Is It Really Dangerous For Mac To Run Linux?

Oct 11, 2010

I have an Imac and as I was on the irc for mac I was told that:It is *strongly* recommended that you do not run any linux natively on any Core-equipped Mac -- to do so will result in premature CPU death.

View 7 Replies View Related

Ubuntu :: Chromium Thinks PDF's Are Dangerous?

Dec 13, 2010

I know, it's really weird.Chromium version 8.0.552.215 in Ubuntu 10.10 is thinking that PDF files are dangerous.

Code:
This type of file may harm your computer. Download anyway? (Yes/No)I don't need this fixed immediately, as it is only a minor annoyance.

I know my sources of the PDF's so I know that they don't have any malware attached.

View 5 Replies View Related

Networking :: Using ESTABLISHED And RELATED Together Seems Dangerous

Apr 16, 2011

I've seen packets coming to my computer through a DD-WRTv24s2 gateway above port 32K several times. I have iptables (using fwbuilder locally) both places. My desktop stops the packets. But I'm guessing the problem is as I described in the title for this post. Yes?If you ESTABLISH a connection to some webpage, and you just accept ESTABLISHED or RELATED datagrams in rule 1 of your iptables, what will keep incoming TCP from that (presumably nefarious) site from going straight to your desktop like the building firewall isn't there?? If the site wants to connect to you above 32k, or portscan you, its RELATED correct? They know your IP. You've ESTABLISHED a connection.If my guess is correct, it would seem wiser to NEVER use these together. Better to ACCEPT all ESTABLISHED. And if something is RELATED, then ACCEPT it only if its the data connection on FTP or individually by service or protocol.

View 6 Replies View Related

Ubuntu :: Running Wireshark No Interfaces Unless ROOT Dangerous?

Sep 25, 2010

So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?

View 1 Replies View Related

Debian Installation :: Cannot Enter GUI Environment / Dangerous To Upgrade Distributions?

Jan 26, 2010

I just use apt dist-upgrade from stable lenny to testing squeeze, however, after upgrading i just cannot enter GUI environment, is it dangerous to upgrade distributions?

View 9 Replies View Related

Ubuntu Installation :: Grub Upgrade - Dangerous Direction Screenshot?

May 6, 2010

initiated update. Grub update required user input. The 'help' message is incorrect. Attached is a .jpg of a Grub message during the upgrade. Question: how does this get corrected? I would post an alternative wording but honestly,

View 9 Replies View Related

CentOS 5 :: Installing CentOS-DS - Cannot Get To The Extras Repo Due To Lack Of Wired Sans Internet Access

Dec 9, 2009

I am trying to install CentOS-DS on version 5.4 x86_64. I cannot get to the Extras repo due to lack of wired Internet access. I have wireless (except to server) and I have big UFD drives.

View 1 Replies View Related

Security :: Errors In HTTPS Setup

Aug 17, 2010

I have just installed SSL certificate for my private domain (it runs on a private ip in a local network). I got the trial SSL from thawte. I have successfully installed the certificate.

View 1 Replies View Related

Ubuntu Security :: Errors Re-configuring Bastille?

May 21, 2011

I recently installed Bastille as one of several programs to protect my new install. When I was going through the configuration, I was under the impression selecting to disable single user login would still allow me to login using my root password. On the graphical login screen it does not work.When I boot in recovery mode (I had a dual-boot installed), I can login in fine, but this is in a command line/terminal like screen. I attempted to re-configure Bastille using this screen, and here are my lackluster results.Command:/usr/sbin/InteractiveBastille -cThis command takes me through the questioning phase, but at the end I receive this error message when trying to save the new configuration.Failed to open log file /var/log/Bastille/action-log: Permission Deniedand ERROR: couldn't not write to etc/Bastille/config (exact wording!)I am not sure how to remedy this. I am tempted to try to uninstall Bastille and try something else, but I do want to have a security package as I file share.

View 3 Replies View Related

Security :: Debian Firewall Scripting - A Few Errors Occur ?

May 28, 2011

I have created a firewall script to work via iptables on debian. This script is a derivative from the script on [url] and a course I'm following at school.

I'm not looking for a perfect solution or someone to grade my work. how to improve this script. while running this script I get a lot of errors back.

Quote:

View 11 Replies View Related

Ubuntu Security :: Snort Init Errors Mysql Logging?

Feb 23, 2011

I have just complied Snort 2.9.0.4 under Ubuntu 10.10 x86_64 installed with all Lamp package.The syntax i used to compile Snort as follows below

[Code]...

View 2 Replies View Related

Security :: Errors: Jan 24 04:15:03 Servername Kernel: Iptables: Loop Hook 1 Pos 464080 00000022

Jan 24, 2011

I have a few mail servers (CentOS 5.5) that are running OSSEC Active Response (2.5.1) on Iptables (1.3.5-5.3.el5_4.1). We are currently having a problem where we get loop hook errors:Jan 24 04:15:03 servername kernel: iptables: loop hook 1 pos 464080 00000022 this is the firewall-drop.sh we are currently using:

Code:
#!/bin/sh
# Adds an IP to the iptables drop list (if linux)
# Adds an IP to the ipfilter drop list (if solaris, freebsd or netbsd)
# Adds an IP to the ipsec drop list (if aix)

[Code]...

View 4 Replies View Related

Programming :: Regarding Memory Errors In G++?

Jul 22, 2011

I have a general question regarding memory errors. I frequently ran into memory errors such as seg fault, double free, etc. Sometimes I got the following traces for example.

*** glibc detected *** /mnt/click: free(): invalid pointer: 0xb7ed8450 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7dff905]
/lib/libc.so.6[0xb7e011a3]

[code]....

Then, I just run gdb, valgrind things and suddenly I started ask questions myself that what are those traces and how can I analyze?

View 1 Replies View Related

Programming :: Compilation Errors In C?

Sep 7, 2010

When compiling a C program i get the following errors.How do i modify the code to remove these warning messages?

1) "test.c", line 614: warning #4212-D: mismatch between character pointer
types "unsigned char *" and "char *"
p_data = m_lines[p_text_idx];

[code]....

View 2 Replies View Related

Programming :: Errors Using Curses.h?

Feb 28, 2010

I am trying to compile a program for my assignment at school that uses curses.I have installed libncurses5-dev, and curses.h is now in /usr/include, but I am getting all these errors(it compiles fine at school).

Code:
grcunning@grcunning-desktop:~/school/cs474/assign7$ gcc -o proj7 proj7.c
/tmp/cc2ZFXrs.o: In function `main':

[code]....

View 2 Replies View Related

Ubuntu Security :: Postfix - Not Critical - SMTP Server: Errors From Unknown [ip Address] In Local Recipient Table

Jan 2, 2010

This is a transcript I get emailed at least once every day, usually about 3 to 10 a day recently.

Transcript of session follows.
SMTP server: errors from unknown[ip address]
<boring stuff snipped>
In: RCPT TO: <server@my domain>
Out: 550 5.1.1 <server@my domain>: Recipient address rejected: User unknown in local recipient table

Session aborted, reason: lost connection Now I cannot seem to find anything via Google, as when I put "server@" anywhere in the string, I just get web hosting or other kroomst. The emails usually come from legit places, usually hotels. Does this mean they are sending bad emails, i.e. they have a Trojan/worm, or is this a live hack attempt?. I believe the later, as I might get upto 3 domains from the one ip address, which is always, NOT associated with the listed domain. Not causing me any issues, except I have been getting a lot recently.

View 4 Replies View Related

Debian Programming :: Correcting SRT File OCR Errors

Mar 2, 2012

I've generated some srt subtitle files using gocr from pgm files used in DVD's. The ocr program gets confused between lower case L and upper case i and sees them as the same thing. This results in words with capital i's in them instead of lower case L.

What is the best way to automate the correction without a spell checker? I tried sed, but it's difficult to tell between the i's that you want and those that need changing. I figured that any word that consists solely of capital i's is ok, e.g. Roman Numerals, but any capital i not at the beginning of a word needs changing.

View 13 Replies View Related

Programming :: Java AT Command Writing Errors?

Nov 11, 2010

I am running a java application on centos. For now I have a gsm modem connected via the the usb cable. Below is the message I get when I type the command dmesg | grep tty

serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
00:0c: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
usb 2-2: pl2303 converter now attached to ttyUSB0

[code]....

View 9 Replies View Related

Programming :: C Program That Displays Shapes - Keep Getting Errors

Oct 10, 2010

Here is my program. It asks the user for input and then prints a shape of a certain length. The errors I get when I compile are:

shape.c: In function "main":
shape.c:22: error: expected identifier or "(" before "int"
shape.c:58: error: expected expression before "return"
shape.c:59: error: expected expression before "}" token
shape.c:59: error: expected expression before "}" token
#include<stdio.h> .....

View 14 Replies View Related

Programming :: Make Gcc To Report Prototype Errors

Sep 6, 2010

I have one simple question: how to tell gcc compiler to check for external functions to be matched by its prototype?

Consider this example:

Code:
master tests # cat file1.c
#include <stdio.h>
#include "file1.h"

[Code]....

what warnings or flag will prevent these examples from sucessful compilation? GCC version: gcc version 4.4.3 (Gentoo 4.4.3-r2 p1.2)

View 6 Replies View Related

Programming :: MySQL Syntax And Code Errors

Feb 10, 2010

I am reading Sams Teach Yourself SQL in one hour a day. In this book they work with both Oracle and MySQL to teach you SQL. So I installed mysql on my box and I am creating the empty database they use in this book so I can follow along as I read. I have noticed a few typos in the book and now I have noticed some code errors too. I just don't know enough to fix em. I am working on creating the empty database and I am getting syntax errors when I create certain tables. I have checked both the printed version of the book and the electronic version (which differ slightly) and both give me the same synatax errors. First is Creating the first table of the database. Here is the code given to me to enter. The Electronic version

[code]...

how I can correct this error and create these tables?

View 5 Replies View Related

Programming :: E2fsck Reports - But Mount Warns Of Errors

Nov 25, 2010

In this case what is the return value of mount. I want to run e2fsck only when either mount fails or mount succeeded but with errors . Is there some way to detect this situatin "mounting fs with errors" in code/script .

View 6 Replies View Related

Programming :: Bash Script Cannot Run Functions - No Syntax Errors

Apr 23, 2011

I have this project which I've been working on essentially nonstop for the past three days and due to work I am running low on time. I'm new to Linux/Unix and my Teacher has assigned us a scripting project, due for Monday. I have All the functions for the project in a separate file which run as a daemon process when I log in. It has no syntax errors but my Script can not run the functions (I'm not sure where they go before or after the body) and I have one function I'd like you guys to take a look at. It has a Second menu leading to a case statement but it does not run after the Search. I'm Kinda tired of looking at the CLI but I have to finish this.

phoneEdi() {
directory=~/phonepro/directory
loop="y"
clear
tput cup 4 4; echo "Record Editor" .....

View 1 Replies View Related

Programming :: Bash Script Can't Handle Errors When Run By Cron

Jan 8, 2009

I have a script that that is supposed to send me an e-mail when a host is not responding to ping:

The script works fine when I execute it directly but when cron executes it, the ping error is never picked up by the script so the if statement is ignored.

View 4 Replies View Related

Programming :: 'makefile' \ Errors Are Mainly Due To Multiple Declarations Of The Functions?

Nov 24, 2010

This is the makefile....

Code:
animesh:main.o input.o bsort.o output.o
gcc -o animesh main.o input.o bsort.o output.o

[code]....

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved