С ростом популярности социальных сетей, растет и количество различных систем управления сообществами. Зачастую такие CMS пишут не совсем компетентные в безопасности люди. В этом видео ты увидишь демонстрацию уязвимостей InstantCMS

Юный ОС-Ризёчер №0x00 http://www.xakep.ru/post/20097/default.asp Юный ОС-Ризёчер №0x01 http://www.xakep.ru/post/20171/default.asp Юный ОС-Ризёчер №0x02 http://www.xakep.ru/post/20279/default.asp Юный ОС-Ризёчер №0x03 http://www.xakep.ru/post/20357/default.asp Юный ОС-Ризёчер №0x04 http://www.xakep.ru/post/20438/default.asp Юный ОС-Ризёчер №0x05 http://www.xakep.ru/post/20577/default.asp Юный ОС-Ризёчер №0x06 http://www.xakep.ru/post/20625/default.asp Юный ОС-Ризёчер №0x07 http://www.xakep.ru/post/20677/default.asp Юный ОС-Ризёчер №0x08 http://www.xakep.ru/post/20756/default.asp Юный ОС-Ризёчер №0x09 http://www.xakep.ru/post/20838/default.asp Юный ОС-Ризёчер №0x0a http://www.xakep.ru/post/20890/default.asp Юный ОС-Ризёчер №0x0b http://www.xakep.ru/post/20965/default.asp Юный ОС-Ризёчер №0x0с http://www.xakep.ru/post/21058/default.asp Юный ОС-Ризёчер №0x0d http://www.xakep.ru/post/21212/default.asp Юный ОС-Ризёчер №0x0e http://www.xakep.ru/post/21300/default.asp Юный ОС-Ризёчер №0x0f http://www.xakep.ru/post/21388/default.asp Юный ОС-Ризёчер №0x10 http://www.xakep.ru/post/21486/default.asp Юный ОС-Ризёчер №0x11 http://www.xakep.ru/post/21749/default.asp Юный ОС-Ризёчер №0x12 http://www.xakep.ru/post/21987/default.asp ОСи реального времени http://www.xakep.ru/post/17912/default.asp ОСи реального времени: QNX в вопросах http://www.xakep.ru/post/18109/default.asp Архитектура QNX №1 http://www.xakep.ru/post/18432/default.asp Архитектура QNX №2 http://www.xakep.ru/post/18465/default.asp Оверклокинг серого процессора http://www.xakep.ru/post/18538/default.asp Оверклокинг серого процессора №2 http://www.xakep.ru/post/18558/default.asp

Сегодня я хочу рассказать тебе о некоторых особенностях функционирования веб-приложений, которые могут повлиять на их безопасность. Прежде всего, предлагаю обратить внимание на различия между терминами "безопасность сайта" и "безопасность системы управления сайтом"

Задумался я тут над смыслом подписания компоновочных блоков .Net. Наверняка, ты тоже подписывал свои библиотеки, чтобы установить их в GAC. В ходе сегодняшнего расследования мы научимся изменять подписанные сборки, не обладая исходниками и секретными ключами.

Many popular software applications have avoided including security protection mechanisms built into the latest versions of Windows. The omission leaves these applications at greater risk of hacker attack, according to a study by security patching and notification firm Secunia.

Hackers and pranksters began exploiting a newly discovered scripting flaw on YouTube on Sunday, provoking rumours that a virus was spreading on the site.

Although IT security threats have risen in number and diversity over the last decade, the actually technical competency of the hackers controlling the malware and botnets has actually decreased, according to Sebastian Zabala, project manager with Panda Security.

Although Apple locks its phones to carriers as per exclusive and subsidized agreements, those who braved jailbreaking have found ways to unlock phone to work on other networks.

When it comes to cyber attacks and breaches, the hospitality industry has been the most heavily targeted industry in 2009. The reason behind this increased criminal activity targeting hotels and hotel chains is the sheer amount of credit card information floating around those systems and the fact that the hospitality industry wasn't such a big target two years ago, which resulted in weaker system security.

Intel is trying to get its paws on America's finest minds after investing huge amounts of cash in plants in foreign parts.

A week after U.S. Vice President Joe Biden warned that the government would start cracking down on illegal file sharing, the feds swooped in and seized assets belonging to operators of accused movie-pirating sites.

Если вы любите свою работу и она отвечает вам взаимностью – это замечательно. Но не стоит забывать, что кроме работы вокруг вас есть и остальной мир и люди, окружающие вас. К тому же, работа без полноценного отдыха приносит не такие хорошие результаты, вы перестаете следить за своим здоровьем и просто становитесь опасными для общества, особенно если водите автомобиль и недосыпы стали нормой

Многие из нас каждый день по несколько часов проводят за компьютером. При этом не все знают, что правильная настройка дисплея монитора может сделать работу более эффективной и комфортной. Желательно поднять частоту обновления экрана до максимума, а яркость и контрастность уменьшить

Adobe has released updates for its popular Reader and Acrobat software that fix 17 separate vulnerabilities including one that could enable hackers to take control of a user’s PC.

New research pours scorn on the comforting but erroneous belief that Windows surfers who avoid smut and wares on the web are likely to avoid exposure to malware.

Strathclyde Police from Glasgow, UK, was compelled to shut down its website because of the fear of virus attack from Chinese hackers.

A data breach of computers at the University of Maine’s counseling center allowed hackers to access not only the Social Security numbers and dates of birth of students and alumni who have sought its services in the past eight years but clinical information as well.

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

It looks like Steve Jobs is no longer alone in his crusade to rid the world of Adobe's video player software Flash, as the adult video industry turns towards the open HTML5 standard.

In a blog post on Monday, Barbara Gordon, who heads Microsoft's customer service and support, argued that her company's offerings beat Google's hands down.

Artemisa is an open source VoIP/SIP-specific honeypot software designed to connect to a VoIP enterprise domain as a user-agent backend in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed.

Как и в ранее опубликованных статьях данного цикла, в целях монопольного и беспрепятственного взаимодействия программы с оборудованием при работе с предлагаемым примером, автор применил "древнюю" технологию отладки под DOS

В любой организации есть юзвери, которые пытаются использовать ресурсы Сети в своих целях. В результате, несмотря на установленные антивирусы и брандмауэры, клиентские системы начинают кишить вирусами, троянами, малварью и левыми программами, периодически вызывающими сбои в работе Windows

Though hardware costs for the iPhone 4 have risen slightly, Apple is still expected to make a strong profit on the handset.

The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.

A court in central France has convicted a young Frenchman accused of infiltrating Twitter and peeping at the account of President Barack Obama, and given him a five-month suspended prison sentence.

An insecurity study into the use of SSL certificates has revealed that it is about as effective as an English team preventing a German striker from getting a ball in the back of the net.

A clandestine network of Russian spies in the United States used private Wi-Fi networks, flash memory sticks, and text messages concealed in graphical images to exchange information, federal prosecutors said Monday.

Malware (malicious software) continues to be the No 1 threat to personal computers, according to Security Intelligence Report version 8 (SIRv8), released by Microsoft Corp.

TD Bank is encouraging its business customers to do their part in preventing fraud by being smart money managers.

A total of $465,000 was recently stolen from California-based Village View Escrow via 26 consecutive wire transfers.

Developers have plugged a critical hole in a PNG reference library used by many browsers to render graphics file.

Благодаря своей открытости, Twitter способен тесно интегрироваться со сторонними приложениями с целью обмена данными. В частности, можно выполнять экспорт твитов для их резервного копирования на случай сбоев Twitter и для навигации по ним

Сегодня мы разберемся с новейшей методикой преодоления hardware DEP и ASLR для IE8 — JIT Spray. Разработаем простой прототип эксплойта, а также свой собственный JIT-шеллкод.

 A Santa Ana man was arrested Tuesday after authorities say he hacked into dozens of computers and demanded sexually explicit videos from female victims in exchange for keeping their personal information private.

South-African physicists are working on a technology called 'Quantum Cryptography' to thwart hackers from leaking out information about the FIFA World Cup.

A recently published e-book penned by the self-proclaimed “world's No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family.

The community-driven Fedora 13 Linux distribution has been reviewed by eWEEK, which was highly impressed with its cutting-edge enterprise features. The review praises Fedora security and permissions features such as the AccountsDialog user management utility, and it also likes the new command line interface for NetworkManager.

To clarify from the start, this isn’t a release of any sort but rather news on an upcoming release. Although we’ve heard a lot about jailbreaking from several different hackers, Geohot has been rather quiet. This doesn’t mean that he isn’t working on anything. George Hotz (Geohot) has currently been in France for the Nuit Du Hack conference. An event started in 2003 by Hackerz Voice team, and inspired by world famous DEF CON, “Nuit Du Hack” is one of the oldest French underground hacking conferences to date.

With corporate budgets still reeling from the economic downturn of 2008 and 2009, a senior analyst at the research firm Gartner is urging IT managers to take a shrewder posture on information security, leveraging free or lower-cost solutions to shore up data systems without breaking the bank.