See today's DHS DailyOpen Source Infrastructure Report (DOSIR) for information regarding a phishing attack disguised as a message from the FDIC. It is impacting the Fedwire. Will it impact your business?
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Hii can anyone pls tell how to limit the max no of message in a posix message queue. I have made changes in proc/sys/fs/mqueue/msg_max
But still whenever i try to read the value of max. message in the queue using attr.mq_curmsgs (where struct mq_attr attr) its giving the default value as 10.... (0 Replies)
It's an online con that is growing fast and stealing tens of millions of dollars.
An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords.
To read the rest of... (0 Replies)
HASH_EQUALS(3) 1 HASH_EQUALS(3)hash_equals - Timing attack safe string comparisonSYNOPSIS
bool hash_equals (string $known_string, string $user_string)
DESCRIPTION
Compares two strings using the same time whether they're equal or not.
This function should be used to mitigate timing attacks; for instance, when testing crypt(3) password hashes.
PARAMETERS
o $known_string
- The string of known length to compare against
o $user_string
- The user-supplied string
RETURN VALUES
Returns TRUE when the two strings are equal, FALSE otherwise.
ERRORS /EXCEPTIONS
Emits an E_WARNING message when either of the supplied parameters is not a string.
EXAMPLES
Example #1
example
<?php
$expected = crypt('12345', '$2a$07$usesomesillystringforsalt$');
$correct = crypt('12345', '$2a$07$usesomesillystringforsalt$');
$incorrect = crypt('apple', '$2a$07$usesomesillystringforsalt$');
var_dump(hash_equals($expected, $correct));
var_dump(hash_equals($expected, $incorrect));
?>
The above example will output:
bool(true)
bool(false)
NOTES
Note
Both arguments must be of the same length to be compared successfully. When arguments of differing length are supplied, FALSE is
returned immediately and the length of the known string may be leaked in case of a timing attack.
Note
It is important to provide the user-supplied string as the second parameter, rather than the first.
PHP Documentation Group HASH_EQUALS(3)