Sometimes if you want to hide some important files on your computer which you don't want others to see, how would you do that? Find a professional tool? Set password for some folders? Change the file properties to hidden? They are possible, but they may not be so convenient or so secure. Here we share with you how to hide a file in a picture.Prerequisites1 picture for example : test.jpg1 test file, for example : test.txtWinRARStepsPrepare the picture test.jpg and test file test.txtUse WinRAR to compress test.txt to test.rarOpen command prompt : Start->Run->Type "cmd", then cd to the dire...

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input.Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injection vulnerabilities can not be fixed by the two functions above, and sometimes we are not allowed to r...

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing tools.N-Stalker Free VersionN-Stalker Web Application Security Scanner 2012 Free Edition provides a...

Facebook, Zynga, and other hot companies use Interview Street to recruit programmers. Interview Street posts programming challenges and invites contenders to solve as many as they can.According to their message board, nine of Interview Street's top ten hackers are all from China. One is from an unknown country.A hacker called ralekseenkov, who is ranked number 11, is from the United States.What does that say about the talent crunch here?Read more: http://www.businessinsider.com/hackers-the-best-all-come-from-one-country-2012-4#ixzz1rkl1LN9B...

A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the usable space is substantially less; you can start seeing significant collisions once you've filled half the space, but half of an impossibly large number is still impossibly large.Back in 2005, I wondered about the difference between a checksum and a hash. You can think of a checksum as a person's full name: Eubediah Q. Horsefeathers. It's a shortcut ...

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the appl...

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead.OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.This is a quick guide to illustrate, as simply as possible, how OAuth works.The ActorsThere are 3 main players in an OAuth transaction: the user, the consumer, and...

The Quest for IdentificationIn my previous blogpost about the Duqu Framework, I described one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different language than the rest of the Duqu code. As technical experts, we found this question very interesting and puzzling and we wanted to share it with the community.The feedback we received exceeded our wildest expectations. We got more than 200 comments and 60+ e-mail messages with suggestions about possible languages and frameworks that could have bee...