|
I've just had a "your router is corrupted" spam call* but they obviously aren't doing as well as they were.
This time they tried to give me the spiel in Hindi instead of English, so it looks like they can't afford English speaking spammers any more...
* It came in on a number on a block of phone numbers set on my phone as "spammer1, spammer2, ..." is how I know
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: I've just had a "your router is corrupted" spam call* but they obviously aren't doing as well as they were.
This time they tried to give me the spiel in Hindi instead of English, so it looks like they can't afford English speaking spammers any more...
Last week I finally got a couple of the emails where they reckon they have video of me tugging like a monkey while watching porn. They had a really old, really bad password I once used in the subject to scare me.
I was really worried as I do have a web cam someone gave me back in 2012. But it's still in the box, still has the security seal on it and is in a box in the garage somewhere.
On the subject of phone calls, I've gotten a couple over here but they are in Chinese (don't speak it so don't know if Cantonese or Mandarin) and I have no idea what they want me to do.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Michael Martin wrote: they have video of me tugging like a monkey while watching porn
Ask him if he got off and whether he wants a better one,
The prick.
|
|
|
|
|
My idiot brother-in-law forwarded one that he got...and asked me if he should be concerned! The fact that he even asked speaks to either his guilt or stupidity, probably both.
"Go forth into the source" - Neal Morse
|
|
|
|
|
OriginalGriff wrote: Hindi
You figured it out? Impressive.
"It is easy to decipher extraterrestrial signals after deciphering Javascript and VB6 themselves.", ISanti[ ^]
|
|
|
|
|
I'm not young, and I've had quite a few Hindi friends over the years - I can't speak it, or even really understand it, but I've heard enough to recognise the "flow" if you know what I mean.
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Any recommendations on code scanners that check for security vulnerabilities? In particular the Top 10 OWASP vulnerabilities?
I have never used one before so I'm not even sure what I'm looking for. Something that can scan code, preferably in Visual Studio, and can find security vulnerabilities.
Any experience you can share would be helpful.
Thanks.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
1. post a question on Q&A
2. post your code as a reply
many people will scan, critique and perhaps even improve it.
100% free.
This internet thing is amazing! Letting people use it: worst idea ever!
|
|
|
|
|
If you post it as a solution at SO, you will get a whole load more critique!
(Though most of it will be from people who know a lot less than the OP does, I suspect)
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I see what you did there.
I am not the one who knocks. I never knock.
In fact, I hate knocking.
|
|
|
|
|
So there really aren't static code analysis tools that I know of that will really do what you're asking, as most OWASP vulnerabilities are based on a running configuration.
The freeware that I'd recommend for someone that isn't familiar wil security scanning is the OWASP utility ZAP:
OWASP Zed Attack Proxy Project - OWASP
There are, of course, other utilities, but if you have access to security professionals that are accustomed to running vulnerability scans, I would highly suggest making use of their expertise. If not, ZAP is definitely better than nothing, but needs to be run against an operating site. You can use it against a site running on IISExpress on your local machine.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
I see. So, maybe OWASP is not the right term for what I need. I'll look into static code analysis.
Thanks.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
No, that's correct. OWASP is the organization that is dedicated to web security, and their top 10 are based on the most common vulnerabilities seen in the wild.
The problem is that, generally, vulnerabilities can be difficult to identify from static (not currently executing) code. Some are obvious, like SQL injection, but most are not so easy to identify unless an application is actively executing, like MitM attacks or exploits that are based on malformed packets. You won't see these until they are used against your application, which is exactly what ZAP does.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Got it. That makes sense.
Thanks. Very helpful.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
|
It looks like Black Duck helps you manage which Open Source projects you are using in your code. I didn't see anything that said it can scan your own code looking for issues. Perhaps I missed it?
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
we use AppScan and Klocwork, for our static scans.
|
|
|
|
|
|
If you're using .NET, for static analysis you can take a look at PumaScan[^] or Security Code Scan[^]. Both are open source. Security Code Scan has better support for .NET Core.
OWASP maintains a list of code analysis tools here[^].
|
|
|
|
|
Thanks.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
Is a hurricane report just a rough draft?
Sent from my Amstrad PC 1640
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
well blow me down, that one was almost sensible.
This internet thing is amazing! Letting people use it: worst idea ever!
|
|
|
|
|
Eye don't know weather you are under a lot of stress but it appears that a low pressure environment would be swell for you.
Socialism is the Axe Body Spray of political ideologies: It never does what it claims to do, but people too young to know better keep buying it anyway. (Glenn Reynolds)
|
|
|
|
|
I eye'd that comment and saw it could be improved just a bit cycloned it, below,
Cloned for this FIFY:OriginalGriff wrote: Is a hurricane report just a rough draft?
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Nice to see you re-gale us with this thought, you may see a surge in up votes leading to a flood of rep points.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|