I have a need for database/list of viruses information so my tool be able to detect them.
..scanning a file for a signature isn't the "hard" part that these people solve[^], it's getting those signatures.
Ram Shmider wrote:
Does any one know where i can buy/download a list like that with license to use in my tool.
You're always welcome to download ClamWin[^], and build on it's database. You can even look at the sourcecode to see how it's done. If you use that database, your software might fall under the GPL license, dunno - you'd have to check with someone who knows about legal stuff.
A quick consultation with the Almighty Google revealed that Norton's database[^] might be "free" to. It might reveal more if you consult it after sacrificing some bacon.
Hello, everyone, this is my first question in codeproject, please forgive me for my bad English.
Currently, I was working on designing a system which will store some data in local PC(ATM machine).
The customers(banks) hope we providing a security mechanism which can make sure any data recorded in PC was not changed by anyone.
I learned from internet and I fail to find a good way to handle it. Since we know if we have the right to visit the pc, we can changed the data, even though we can add MAC field for each records recorded.
I know that a third party CA organization would be involved to add proof to my application, but it is not allowed by my customer.
I want to know if tamper man change the data and meanwhile he/she change the
hash key, how can we prove the data was not changed.
If the hacker can generate a new hash, you're toast. If the tamper-man has the seal of King Midas - he'll be King Midas.
It's the same as logging who's accesssing your Linux-machine - if a hacker gains root-access, they can change the logs as they like and the logs become useless. Hence the suggestion to store it somewhere else (with limited access).
From my previous thought, I think I can at least add a column in the data table,
and record the hash key in this column, whereas you mean we can record the hash
key in another table.
I think your idea is a little better than me,
since if someone delete one row from data table the correlation will be broken
for the foreign key doesn't match.
Not only that; if a hacker sees a column with something that resembles a hash, he/she will focus on that column. If you got .NET code that's not obfuscated, then it might become very easy to break it.
Another layer of security could be added by adding auditing[^], but this requires a licensed version of Sql Server 2008 (not available for Sql Express, but you could leave a trace running there). Additionally, you can have the logs being written to an encrypted drive as suggested by Microsoft.
..and no, there is no fool-proof lock. The idea is to make it as hard as possible, just as you lock the doors around your house. Ask the bank, even their vault is vulnerable to attack in certain (yet hard to create) circumstances.
When customer came to Bank and claims he/she got a fake money from ATM machine. bank need a proof to prove whether or not this money was dispensed by their ATM or not. Obviously, Bank will always announce the security of their ATM and won't like to pay for the cost of fake money.
If bank and their customer can not get an agreement on that, there is probably a court case to deal with it. The court will ask bank to give our a proof to prove the money was not dispensed from their ATM.
So bank want ATM vender to record transaction information on ATM for at least 30 days, if there is any case like we mentioned happened, ATM should provide this type of information including serial number of each money. it is quite easy to get and record these required information on ATM, but who can prove no one changed in after it is record on hard disk.
Bank ask us do it, we have to do it, because "Customers are always right". this transfer the responsibility of proof from Bank to ATM vender(my company), meanwhile the trouble and risk was changed to us.
Now, without 3rd party certification organization, I think we need to hold a hash function in same assembly and generate runtime key with this function, then encrypt sensitive data with the generated key.
I don't know if this method have the legal validity, all in all, I think I have to do it for time urgency.
And I believe other venders will have the same problem. we can do it first and see what need to do to solve this problem.
I want to design and implement an arquictecture for manage alert in real time for geofencing information. The system must trigger an alert (email/sms) when a vehicle arrive or aprouch in an pre definined route.
My actual system is based in Java (server), php, google map, OpenLayers and Postgis database.
I have no experience in this area, I would appreciate any kind of help, either in reference bibliografica, sites or ideas.
Outside of your normal n-tier approach there is not so much different going on.
for email you can always write it to use smtp. This implies you have an smtp server. (IIS eg is already capable of doing this, so I guess a java equivalent can also)
An smtp mail is pretty straightforward, to, cc, bcc, from, subject, mailbody and attachments depending on what you need and I'm pretty sure Java has objects available.
To send an sms you'll need an application that can do this and provides a component that you can use. I say application, because that will have to go through a phone central or something similar. The best thing you can do is check with the provider, who knows they have a webservice that you can use. Once you have that, it's basically the same as an email: phonenumber sender, phonenumber receiver, smstext.
when a vehicle arrive or aprouch in an pre definined route
This will be the hard part depending on your needs. If it is a real route they're following you'd somehow need to match the 'triggering' route with the real followed route. Can't help you here.
If the 'route' corresponds to an area and you need to trigger if an object entered that area this might be simpler, unless the area is polygon (polygons can be pretty complex), in that case you need a special algorithm that divides the polygon in seperate regular polygons (square, triangle, ...). If the area is a circle or a square or something like that you just need to check if the XY coordinate of the object is within the regular square/triangle/circle/... If you can go for a square or circle.
Normally you can subscribe to a callback of the object that provides the coordinates of the moving vehicle (GPS?). In that callback you need to check whether it is within the boundaries of the area or is on the triggering route for an email/sms and send.
I realize that this not a complete answer to what you probably want, but I hope it might give you enough information to start. if you have more detailed questions, shoot, I'm no wizard, but I can try to answer
I wonder how you can mention real-time and e-mail in one thread. All an email system does is try and deliver your message at some undefined point in time, there is no guarantee whatsoever as to success nor speed. Messages that typically arrive in under one minute may as well take hours to arrive, or get lost permanently.
I'm not sure, however I guess the same holds true for SMS.
Then I doubt anyone cares if it gets to a location on time. What they care about is when they don't get there on time.
And humans are not "real time" and email/sms isn't either.
If you are using a GPS then it sends location information every X interval.
You have a map (on a server) tied to GPS id which locates itself on the map and which receives the GPS info.
If the analysis finds a problem (or maybe a ontime for a student app) then it sends a notification.
The notification api (its own layer not part of the above) determines who to send the notification to and how to send it.
For a real business system it probably needs throttling as well. That way the COO doesn't get 1000 pings an hour when the city has a snow storm.
I got a requirement from the admin group of a public website that they need to get a report everyday. The reports can be created wth an operation in the site and at the end of the day admin should be able to access the data. I am exploring the possibilities of exposing an ftp path location without compromising the security.
Any suggestions on this?Basically, I want to know is it risky to do this in this way and should i suggest some alternate solution.
Last Visit: 31-Dec-99 18:00 Last Update: 25-Sep-21 22:47