The malware museum has samples of DOS virusses, but surprisingly without the malware payload, only the visual effects such as the LSD remain.
How exactly has the malicous code been removed from the malware samples? “sterilized malware”
The malware videos you see on the webpage is running in an emulator, the downloaded ZIP file contains the real malicious sample, do not execute them on your machine ;)
Related
My CRX got rejected yesterday because I did not comply with following section of our policy: https://developer.chrome.com/webstore/program_policies#chrome_apps
Require a local executable, other than the Chrome runtime, to run.
Provide a webview of a website that is not owned or administered by you.
Download or execute scripts dynamically outside a sandboxed environment such as a webview or a sandboxed iframe.
Misuse notifications by sending spam, ads, promotions of any kind, phishing attempts, or unwanted messages in general.
The extension was working fine for years. It uses native messaging to communicate with an executable.
The support is so slow to answer and still answering generic stuff that don't really apply to my work.
Thanks a lot in advance!
I've got a fairly popular chrome extension, over time I've got sporadic reports from users that this extension is malware, which of course it is not.
I've recently learned that there are malware programs who change the files of the chrome extension and make turn it into a malware.
Is there any way I can defend my extension from this kind of changes?
Thanks.
You don't have to!
Chrome has a built-in mechanism preventing it. Any extension installed from Web Store will have a signed hash of all files included.
At any time when Chrome loads an extension, those hashes are checked, and if any file is modified Chrome marks the extension as potentially compromised, disables it and warns the user of unauthorized changes.
That said, this only protects static files you have in your extension.
If you rely on external scripts, it's your duty to protect them from man-in-the-middle attacks. Chrome's default extension CSP does a good job of securing against the worst offenders, but still - if you use dynamic code, it's your responsibility to secure it, especially if you override the CSP.
Finally, if you're using a Native Host module, it's not secured. Treat it as untrusted.
I'm trying to record a script with LoadRunner but nothing happens...
I'll try to be more specific: I create a new web-based script (Web - HTTP/HTML) because I want to record actions taken into IE.
I start doing things in IE and then stop the recording.
What I expect is to find into "Action" the code that describes what I've just done in IE but nothing appears: "Action"contains only the return.
Any idea about what could be the issue?!
EDIT: I'm not recording any HTTPS action...
Have you engaged in any activity in IE which connects to a server across the HTTP protocol, submitting requests and pulling responses? if not, then you should not expect to see anything recorded.
There are also all sorts of permutations of 64 bit IE, of specific release numbers, versus your 32 bit recording engine of LoadRunner and specific release numbers, plus your credentials and any conflicts from antagonistic antivirus that could come into play.
The sample applications are your control set, such as the sample flights reservation system. If you cannot record against that site with your version of LoadRunner then you have a conflict in one of the following
Failed Installation
Wrong Credentials
Conflicting Antivirus (disable for testing)
version conflicts (see requirements for your version of LoadRunner)
64 bit IE and 32 bit VUGEN (see proxy model for recording)
You may try local proxy recording.
What versions of chrome are compatible with loadrunner 11.52 on windows?
I saw a post that said version 26 was supported, but Im looking to record using chrome version 13 on windows 7
NB: Browser version is mandated by the project.
NNB: Assume playback is browser agnostic - as the commands generated will send the raw HTTP(S) requests to the target server, without any UI
All versions when using the proxy recording model.
I just recorded again , and quit before I got the site up (so recorded for about 4 minutes with an empty chrome screen and a spinning timer) to see what Loadrunner recorded - I got web_url, web_add_cookie & web_custom_request for google safebrowsing & related api - ...
Unless you work for Google or have their expressed written permission then you do not use automated tools against their site. This is why the sample applications exist. Or, you may download and install onto a server you own, control, manage, ... any of the thousands of open source applications which are available on the market.
Pointing an automated tool at a site you don't own, manage or control is no different than driving down the street and shooting at parked cars, homes and signs just because they are there and you can. Pointing a performance testing tool at the same is akin to pointing a piece of field artillery at someone's home. This is something you do not engage in as a performance test professional.
I have a csv file with 24 columns. Out of these I only want to read 3 columns. I see that super CSV is a very powerful library, but I can't figure out how to partially read a CSV. The link that have on partial reading is broken.
Please do help me out with a working example.
Update: SourceForge is back online! The Super CSV site should work now :)
That's the correct link, but SourceForge project websites are down right now (according to the SourceForge blog):
Starting at 12:59 UTC today, we experienced a site outage, causing
general connectivity issues sitewide. At 15:12 UTC, site connectivity
was restored and most services, including downloads, are now back
online. Some services are however are offline while we continue to
diagnose and determine the root cause for this issue. The services
still offline are:
Project web (ie., projectname.sourceforge.net pages) and associated
shell and database services. This also includes access through sftp,
scp, and rsync via ssh.
So you have a few options:
view the source code of the reading example on SourceForge (this part of SF is still working). There's a link to download the file at the top left.
check out the project source from subversion (you can view/run the reading example listed above to see how it works, or you can even run mvn site:site to generate the project website locally
view the cached page from Google
I hope you enjoy using Super CSV - if you have any other questions feel free to post them here on SO, or on the project help forum on SourceForge.