Home Tags Header

Tag: Header

How to make your Web API responses consistent and useful

When working with ASP.Net Web API, it is important to return a consistent response for all the requests that are processed by your API regardless of success or failure.

This makes it a lot easier to consume the API, without requiring complex code on...

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year.

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.

As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.

The 10 tools every modern developer should use

Years ago, all you needed to be a developer was an editor, a compiler, and hopefully some kind of revision control system. (Sadly, many developers still donrsquo;t use revision control systems properly.)These days, you need to know more even for basic software development. Herersquo;s the top 10 list of tools every modern developer should know and use:[ The art of programming moves rapidly.
InfoWorld helps you navigate whatrsquo;s running hot and what's going cold. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]
Git and GitHub: Although there are companies that still use Subversion or CVS even, let alone the awful Clearcase, you probably shouldnrsquo;t work at one of them.

Git is now a basic skill like tying your shoes or spell checking. SSH: Yeah, I know: Yoursquo;re a Windows developer and you donrsquo;t know no stinking shell.

But yoursquo;re going to run into having to create an SSH key or do other SSH stuff.
So you may as well learn now. Terminal Services or remote login: Even if yoursquo;re a Linux or Mac person, sooner or later yoursquo;ll have to deal with Windows.

These tools are how you will connect in. Amazon Web Services: AWS isnrsquo;t just cloud, it is the reason you donrsquo;t have to wait on IT.

There are other cloud providers, but yoursquo;ll have to deal with AWS sooner or later.

AWS has gotten so big that you canrsquo;t know all of AWS any more, but you do need to know at least the EC2 stuff. JavaScript: You donrsquo;t need to know it cold, but this is the scripting language of the now.
If a product or tool is going to add a scripting API, it will probably be for JavaScript. Bash and PowerShell: Sure, more modern devops tools are handy, but sooner or later something isnrsquo;t going to work and it wonrsquo;t have quite what you need.
So, expect to need to know how to write a basic restart script, grab an error code from an exiting command, or do a few things in a loop.

Thatrsquo;s what Bash (in Linux, many Unixes, MacOS, and Windows 10) and Microsoftrsquo;s PowerShell let you do.

Bonus: Add a tool like Grep (PowerShellrsquo;s equivalent Select-String is more wordy) and yoursquo;ll be an even more powerful deity. MongoDB: You need to know how to work with at least one document database. MongoDB is the easiest to learn. Whether yoursquo;re ultimately going to use MongoDB isnrsquo;t relevant; what matters is learning how to deal with a new-generation database.
If yoursquo;re going to use an index like Apache Solr, which is document-shaped, or yoursquo;re going to work with a more columnar structured database, the MongoDB skills will transfer. Curl and Invoke-RestMethod: Most software now has a REST API. On Mac and Linux, Curl is the command-line tool that lets you test and tweak and even script against a REST API.
In PowerShell, it is Invoke-RestMethod (although like everything on PowerShell, it requires more typing).

There are GUI tools like Postman that accomplish the same work, but a serious developer needs to be able to move past a point-and-click interface for efficiencyrsquo;s sake. Markdown: This is the format of the README.md file in GitHub. You should be able to read and write a simple Markdown document.

And thatrsquo;s easy because it has just seven symbols: (# is a header, ## is a subheader, * is a bullet, __ and ** are bold, _ and * are italics, ` is monospace, and --- is a break or rule). Markdown editors often have extensions but those are the basics.

From that basic markup language, you can get slides, PDFs, and HTML. Often these output formats can be consistently formatted with CSS or some other way.

Best of all, you donrsquo;t end up with smart quotes in your code samples. Basic HTML: I canrsquo;t make a decent-looking web page to save my life; Irsquo;m a back-end developer.

But whether yoursquo;re going to stub something out or have to parse HTML, you will need to know basics of the web markup language. To read this article in full or to leave a comment, please click here

Decrypted: American Gods takes a shot at patriotism and gun worship

Double-header! Lee Hutchinson talks guns, and we interview actors Ricky Whittle and Orlando Jones.

Dridex: A History of Evolution

In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.

Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability

Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

Spam and phishing in Q1 2017

Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of spam for the quarter amounted to 55.9%.

The US (18.75%) remained the biggest source of spam, followed by Vietnam (7.86%) and China (7.77%).

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

Personalized Spam and Phishing

Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him.

Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

VU#834067: Apache Struts 2 is vulnerable to remote code execution

Apache Struts,versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10,is vulnerable to code injection leading to remote code execution(RCE).