Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm aware that for adding HTTPs to a site, one can either:
buy a overpriced SSL certificate from a reputed CA like
VeriSign
or purchase a much lower priced certificate from several
other companies
or one could even use his/her own self signed
certificate i.e, for free.
But for a decent HTTPs implementation that is:
you want most of standard browsers recognize the certificate(there shouldn't be any warnings/ errors on standard browsers)
security is tight rather than just a false impression of secure site.
brand name of CA is not that really important to you.
for a public site similar to LinkedIn but smaller in scale(no financial transactions, but users profile data).
economical pricing
Would implementing such an HTTPs always come at a price ? What is the cost effective way to implement it ? I don't want to spend hundred of dollars an year initially, when I have lower user base.
StartSSL offers certificates at prices based on the effort it takes to validate the data that you want to have validated, rather than based on the added value percieved by the customer. As a result, domain validated certificates are free, because validation can be fully automated. These kinds of certificates ensure that the client is talking to the domain advertised in the common name, rather than to some man-in-the-middle or some host that the domain resolves to as a result of DNS poisoning.
None of the personal information that you provide will be available in a domain validated certificate. If it would, than it would imply that the CA actually validated that information.
For a lot of sites, this is enough security. For shops, banks and other sites that require certain personal information from the client, this is clearly not enough. These sites should use certificates that not only ensure that the user communicates with the site that he wants to, but also that the site is run by the company that he wants to do business with.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I want to set up a honeypot type trap to catch out and secretly record a tech support scam firm that conned my Grandparents out of a lot of money for a non issue on their computer. Like many such scam firms, they occasionally change their web address and phone numbers and are partially based in India.
I was thinking about running Windows 7 inside a virtual machine and using a SOCKS proxy for the VM's internet connection to hide my true Static IP.
I am then planning to make a video about the scammers and put it on YouTube.
The thing is though, I am doubting whether that I can legally record a conversation in a covert manner and then put it on YT. (In UK)
What I really want to know is whether the scammers will be able to get my private license key, or any other identifiable information from the VM when they have control of it? Also does them having the product ID (including them going through Microsoft) put my license/copy of Windows in jeopardy?
I ideally want to bring them to justice and spread the word about them so that they get closed down. In other words, I want to get my own back on them.
Side Note: If this forum is not appropriate for this question, where would be?
Regards: Elliott
they can easily know that you run on a VM. Just with simple command about your hardware. But, I am sure they will not check if it is a honey pot.I dont know how you are planning to record them. I dont believe that you can record something interesting visually.The first step for them is to have a rootkit on your pc. After that is just about command line. There will be nothing good to record visually other that text line in your honey pot software. And You dont know when the attack you will come. Your Vm must be up all the time and the Ip and Mac address the same. Like the others say dont waste your time.No one in history a been put in jail for hacking a honey pot.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Are there any self-hosted equivalents to Sendgrid, Mandrill, and other like services? With Mandrill, for instance, there are a number of features like bounce and open tracking, all exposed over a nice user interface. I'm looking for a similar technology, but one we could host in-house (I'm aware about the need to warm up IPs, etc). I found one solution called MessageGears but it looks like they're maybe more geared towards large enterprise implementations.
The problem with such in-house systems is that they either concentrate on the laborious task of sending out emails efficiently (and thus, lack a friendly interface) - or they do the opposite which is they have a very nice interface, but not as robust in the meat and potato department of sending messages out.
Ideally, you would want a combination of something like Sendy + a very fast email relay. I can recommend socketlabs for the second part.
They have two main products - an assembly server (think of it like a very robust templating engine), and a MTA. Combine the two for your own hosted campaign management server. Their MTA server is especially robust and full featured; and they have a comprehensive api as well.
I will warn you though - these products are designed as fast delivery engines, so unless you have a large volume of emails they may not be the best solution. The second thing which I alluded to a bit is their interface; its not the best but it will get the job done; have a look at the screenshots and judge for yourself.
You'll have to build something on top of this yourself. Sendy is a good candidate to customize for this.
I haven't tested it, but I've heard of this solution a couple weeks ago:
http://sendy.co/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I have created a Chrome extension that I would like to give away for free, but provide a "tip jar" on the extension's options page where people can, if they want, opt send me a small amount of money to show their appreciation. I've looked through the documentation for one-time payments and Google Wallet for Digital Goods, but nothing I see there seems like a fit. It seems like the only options listed are:
Free extension, no payment mechanism: Not desirable because I want to offer people the option to pay something.
Paid extension: No, I want it to be free.
Free trial: This will make people think that the extension is limited in some fashion unless they pay, which it isn't.
In-app purchases: Same as above. I'd rather that my extension not be marked as having in-app purchases, since there is no limitation that you have to pay to remove, and the only thing paying gets you is good karma.
Is there a built-in Chrome Web Store option that is suitable for what I'm trying to do? If not, can Google Wallet be leveraged in some way to provide "tip jar" functionality, or will I have to find some other payment mechanism?
A lot of developers implement voluntary tips via PayPal donation buttons.
One could simply add the button to their options page. E.g.: [1] [2]
Cautionary tale: PayPal can, in principle, throw a hissy fit over collected funds, but as long as you don't rake in thousands you should be okay.
Please note: Fundraisers that are not verified nonprofits will be asked to demonstrate how their donations will be used, once they raise more than $10,000
Patreon is currently gaining popularity. I know at least one extension (Enhanced Steam) that went that route.
You may use ko-fi for this purpose: https://ko-fi.com/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
Currently I'm working in a team creating a custom POS solution. We came to a point were we'd like to integrate with a IC/Credit Card terminal (like VeriFone which we have, i.e. Vx510). I think the simplest mode is to allow Cashier to manually enter into the terminal the amount a client has to pay. In more advanced (the desired) way our POS will send to the terminal the amount to be payed.
Regardless of the "mode" we'd like to get the information from VeriFone if the transaction was successful or not. Here's the dead end we've reached. AFAIK, to program VeriFone terminals or integrate with it you have to become a certified VeriFone developer. If it is so, then I know where to start. If not, please let me know.
Are there any other ways to get information for a terminal that the payment was successful? Are there any 3rd party libraries to communicate with this kind of devices? The most relevant to my problem SO thread I could find is this but it wasn't much of help for me. We don't want to process any confidential data, therefore we don't want to integrate with Authorize.NET
Ok, things got clear a bit... It turns out that if you buy a device from a manufacturer (e.g. VeriFone) it comes "clean", so you have to program it all by your own and satisfy PCI Compliance. Therefore, you have to be certified developer... at least for VeriFone devices.
However if you order a terminal from some kind of 3rd party provider, for example SIX, or Polskie ePłatności (one of the providers in Poland), it comes with some kind of, let call it "firmware". This "firmware" will, or at least should provide you an application for performing cashless transactions. It also should come with handy communication protocol. Of course you'll have to sign some kind of NDA.
In short:
If you want to integrate with a credit card terminal just call a local credit card payment service and ask them to send you a terminal you want to integrate with. Keep in mind that every country has its own transactions centers so your solution will be country-wide.
payworks offers a SDK to integrate a credit card reader within an iOS/Android app. They manage the connection from the card reader to the merchant's bank. You never have to touch confidential data.
Regarding Verifone terminals, they support the Verifone e105, e315, and e335. You can see the full hardware list here.
Disclosure: I am a software engineer at payworks.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I have been told by my hosting server that my website has had a "DDoS attack". What is a "DDoS attack" and how do I prevent it?
GOOGLE!
Check out and read: http://en.wikipedia.org/wiki/Denial-of-service_attack
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management.
One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
See also http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_nameservers
DDOS stands for Distributed Denial Of Service