in this post you will learn a little about publicly available information on malscripts what is a trojan.malscript? -a quick google search turns up this result from 2014 (outdated?)
Search Results (Featured snippet from the web) Systems Affected: Windows - Trojan. Malscript is a heuristic detection for Web-based malicious script files that exploit vulnerabilities and/or perform heap spraying.-Sep 3, 2014- -Trojan.Malscript | Symantec- -https://www.symantec.com › security-center › writeup-
-not very clear!... lets try learn some more!!.. *another quick google search gives up some information about other systems not just windows affected -If we add keywords like linux we get varied results such as this (albeit, older but w/e)
so given a couple quick searcheswe can guess a bit -we need: *java *HTML *access to the internet somehow (could be by an offline file touching an online source; this puts the item at risk for "contracting" offline ai or crawling codes) another way would be *write a "safe" code on here on reddit but its gonna take me time since reddit allows this:
if 1 * 2 < 3: print "hello, world!"
this can be achieved by possibly writing a code to a site that had malscripts already deployed such as an embed code, or request in an "iframe"
Alot of people may remember sites such as:
https://www.xanga.com and various other places; *these places allowed HTML editing for themes and overall page layout -sites such as http://www.neopets.com etc. had/have this ability as well. -these sites are great examples of how easy it could be to place an HTML or java malscript that was made to either be good/bad/both; especially now, given our extremely large usage of internet! Sure; #scareme... what can a trojan.malscript do! quick learned facts: -exploits an available resource via internets (lol) -is a form of 'script' (really generic term) that employs heuristic based approach; defined as and asked to google before:
What is a heuristic approach?- -“A heuristic technique, often called simply a heuristic, is any approach to problem solving, learning, or discovery that employs a practical method not guaranteed to be optimal or perfect, but sufficient for the immediate goals.-Feb 5, 2018- -Heuristic Approaches to Problem Solving- | -101 Computing- -https://www.101computing.net › heuristic-approaches-to-problem-solving-
-may perfrom heap spraying which is defined here
A heap spraying attack is a remote code execution exploit that allows the attacker to insert arbitrary code in the system's heap memory space. ... The spray is followed by exploit code that, when inserted into the heap memory, will exploit a weakness or vulnerability, allowing the code to execute on the system.-Aug 11, 2010- -Heap Spraying Buffer Overflow Attacks - Cisco.com- -https://tools.cisco.com › center › resources › security-alerts-announcement-
WAIT! isnt that good...or bad...or OMG wth! #notscared?scared? it really depends 0.o -why is there a malscript in the first place; this is a great place to start asking questions for any individual or business by asking what OS is being used and what version/type/grade/blahblah I use windows xp, windows xp is a "unsupported"(mostly) os - I use it to dissect information. its wonderful! also sucks sometimes when the software is riddled with holes and various other "things" shoutout to Microsoft for updates in DEC 2019! x<.3 Windows xp pro sp3 5.1.2600 x86 smbios2.4 I use AVG anti-virus with highest settings and personal settings that the free version can have get to know my computer better? #thisajoke?? Nah, over the years Ive collected knowledge and some more common answers to basic questions in cyber security, qustions like "what is a malscript"? have simple answers, mostly... things like these 5 objects can be defined as being malscript:
any word processor may or may not be defined as malscript if it can "spell check" your work or place a timestamp
third party input/output mechanism; things such as mouses, sd, usb, cd, internet(s) that crawl for information like web.archive, bitcoin code, cryptocode overall if it has a weakness to malscripted behaviours
there are MULTIPLE other reasons, one such problem is: mass-malware campaigns and adware from older computers attempting to propogate and control older versions of networks that no longer work as expected/coded to seek ^ this type of malscript"poorly planned, and hastily executed or outdated"; can have adverse impacts on the internet as a whole - not just for the computers expected to be impacted. ok, malscripts. so what can #I do? when approaching cyber security its easy to become overwhelmed by the amount of information that is available; to research; to dissect; to use as examples... what the best thing anyone or a group can do?; attempt to make an effort to learn about the item a bit before, using or expecting them to work a certain way; due to a biased info source like ones own also: seek outside sources, but also be careful an use knowledge seeked as knowledge that may or may not be "useful" for the current project or situation... this post was an attempt to gain knowledge and some skills in writing and information sharing. thanks everyone! hope you enjoy my reading material!! Have a Awwww-some new year! ReachOutForBits recommends "useless" backup scanning after securely and safely removing identifiable information before scanning at https://www.virustotal.com before resell of computer or devices ; in order to avoid costly data blunders such as ids/creds cloning phonenumber collection email collection by persistent threats that are EXTREMELY HARD TO DETECT ; even penetrating some hardwares with advanced capabilities such as "sleeping" AI or, Run-mocking AI! think of all the people who said AI will skynet us; maybe AI is just a stepping stone for some BAD F-IN MALWARE that someone has written that needs no C&C mechanism or user interaction at all - not the AI itself persay. this is one form of persistant threat that needs to be identified to ensure non-tainted, verifiable, security information results into the future and beyond... other threats include:
over-patriotic; otherwise defined as "EXTREMIST" - individuals of ANY COUNTRY, ANY RELIGION, ANY CREED, ANY BELIEF or OATH or CONSTITUTIONAL AGREEMENT.
fake bomb threats and faux-emergency calls
PAID INFORMANTS AND THEIR COUNTERPARTS
So called, anons, that gather in groups and communicate between each-other; effectively destroying the meaning of being ANON. singular noun
the types of people(s) that write their own definition at urbandictionary and then proceed to agree together that thats it.
ahha, hah..hahahah...this is funnny....get this:
-they also gather en-masse in attempts to overwhelm and proceed to cause irreprible cost or some form of damage - rarely peaceful anymore.
names like troll are no longer what they were, fictional characters under a bridge; troll is now Pseudonym for prankster(s) @ anycost
Crypto-currency Jackers who have designed tech to prevent proper payments and reward systems (at-source or in-transit) from being implemented; according to consensus.
Outdated, over-sourced(more than 10 downloads) malware
Junk and bloat that often comes preinstalled with no intention of caring whether or not the user will actually "use" it.
this type of item hogs CPU/GPU and introduces ill timed updates that cannot be controlled!
My band trying to use Bitcoin for mp3 downloads. Does it have to be this complicated?
I'm writing a web app (Flask, Tornado) and would appreciate an expert's opinion on best practices. I don't know any other Python devs in real life :(
I don't know how/where to ask this, so if I chose the incorrect site and subreddit forward me along :) But I've been working on a project for around a week and I don't know if I'm approaching it correctly. Right now I'm using:
Flask for the WSGI/routing
Tornado for the IOLoop, HTTPServer, and WebSockets
SQLAlchemy as the ORM with SQLite as the temp database
Flask-Cache for caching with a Redis backend
Modified Flask snippet for throttling using Redis as the backend
Beaker for sessions
Requests for API calls
Jinja2 for templating
Knockout.js for client framework
Bootstrap for styling
JQuery and Underscore for DOM manipulation
I'm using Python 2.7.5, with Debian on my production server, Windows 7 with Debian VM on my dev box.
Basically, I just need help. This isn't the first web project I've done .. but it's by far the most complicated. I know I'm not doing some things right and want to fix them before it gets too far along. I would love to talk with someone for 20 minutes about any of the following:
Configuration best practices; right now I'm using a _globals.VARIABLE scheme...it's not good.
....how do you store sensitive data in plain view? I had to base64 a password because it made me cringe to see it in English.
Fabric to deploy with a Git pull
Best way to JSON / WebSocket data to the client
Best way to receive AJAX requests
Encryption. I've got HTTPS working with a signed certificate...but what about cookies and encrypting data? What about sending data to and from the server? Verifying identity? Is HTTPS even working?
API for my APIs? I'm using three different APIs in my project..and they all return values differently. How do I manage incoming data uniformly? How do I manage data to the client uniformly?
....do people use an internal REST api to get data from the ORM into more simple views?
In what part of the project do I do all my data crunching? Is it done in the View, in the DB model, in the API response code, separate module?
Input Validation? Client or server side? How do I do this correctly?
....and how reliable are encrypted cookie values to sign the transaction?
Server setup...I still feel vulnerable.
Utilizing the IOLoop...I think I could make this do more work for me.
How to test if caching and sessions are actually working and secure.
Is there a way to keep my local project in sync with the server, so I can make UI changes live?
How do I keep PyCharm from wigging out after a couple days of coding...I get random errors that go away when I cycle through the tabs.
Do people compile Python from source so their .pyc files can't be undone if compromised?
What do you know about bitcoins? (project uses them, best practices only)
How do you fail gracefully?
What am I overlooking?
ANY tips on logging to keep a server and user history.
I'm studying CS in school but picked up all the python-web-stuff on my own over the last year or so, and I don't think I'm doing it right. As a broke college kid I can't pay for your time but might be able to exchange something instead. Thank you in advance if you can help me with any of the above topics. Note) I should note that everything WORKS, so this isn't a "how do I get this and this working for that to happen" -- I could finish the project without any answers. I just want to tighten security and make sure I learned things correctly while spending so much time on a "major" project for myself. Also, I'm still waiting on the Flask text book from kickstarter if the author happens to see this post ;)
Does anyone know if I can use AppInventor to generate bitcoin addresses and sign transactions? I'd like to be able to put together an open source basic wallet that others and I can learn on. If you have any thoughts or ideas please share. Together we can make something awesome. Update: