Protection against Decompilers

Similar Messages

• Obfuscation Tools ~ Protection against Decompilers

  I want to suggest Adobe provide a really good set of tools for Protection Against Decompilers.
  I realize it's a loaded quesion/topic of which there are various opinions.
  To provide Tools for Obfuscation od SWFs I tink would be great.
  Maybe there's a way to build a special loader that is further secure and possible be able to disable logging of files that are loaded, and encryting them on the client side cache etc.
  What are the best practices and free solutions availible today?

  I know there's other "after market" solutions. They are relatively cheap, so charging for it seems unessecary from an Adobe perspective I would think. It seems something that potentially sides on the responsibility of Adobe to be included in my opinion. So I'm putting it out there and on here for that reason.
  The issues are in observing or simply asking for all dynamicaly loaded content and either generating an "do not" obsfucate lists or matching up the scrambling of cross reference stuff.
  I started one a work in progress myself but I found a serializer desierializer library say half a year ago to work with and it seemed to fail to putting out the same bytes from one to the next. I believe it was in the doubles list, which was pretty early on and a pretty low level problem I'd planned to get back to communicating my issue to them.

• Protect against audio downloads

  Hi,
  I have a flash application that plays .mp3 files. I use the Sound object and the .loadSound method. It is quite easy for someone to download the mp3 files from say a plugin for Firefox called DownloadHelper, or using the Safari Activity window. Is there a way to protect against this?
  Thanks

  i don't know of any other way to protect your assets.  you could make it difficult to determine what file is what changing names/extensions.
  so, for example, you could name an mp3 something like "boringsubject.doc" and still play it without problem in flash.  you could even encrypt the file name in your swf against decompilers if that appealed to you.
  but anyone with a little savy could always clear their cache before loading your sound and then load your sound and see what's changed.  and while you could load a number of bogus files along with your mis-named mp3, it wouldn't take long to find the mp3 if the user was a little savy and a little motivated.

• Each time I start Firefox it says: "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it's fast and free!" I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Each time I start Firefox it says:
  "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it’s fast and free!"
  I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Your UserAgent string in Firefox is messed up and needs to be reset. <br />
  [http://en.wikipedia.org/wiki/User_Agent]
  type '''about:config''' in the URL bar and hit Enter <br />
  ''If you see the warning, you can confirm that you want to access that page.'' <br />
  Filter ='''general.useragent.''' <br />
  Right-click the preferences that are '''bold''', one line at a time, and select ''' ''Reset'' ''', <br />
  Then restart Firefox

• Itunes error. the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention helps protect against damage from viruses and other threat.

  I have a windows Xp computer. and i needed to download the newest itunes to support my ipod touch. but now my computer doesn't let me open itunes. The the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention (DEP) helps protect against damage from viruses and other threat." I tried excluding itunes from DEP on settings but it still doesn't work. I don't know what to do. please help me!!!
  thanks 

  try to select the computer cd/dvd autorun off.
  I had the same problem, then Kaspersky software found a conflict suggesting me this solution.
  Itunes now works...even if it always asks to set the cd/dvd autorun on when lunched.

• SCC4 - Protection against SAP upgrade

  Hello guys,
  i have a question regarding to the "Protection against SAP upgrade" flag in SCC4 for the client settings.
  I know that this flag will make a client unusable in case of an upgrade (for example from ERP2004 to ERP2005), but what is about applying support packages?
  Is this flag also valid for support packages?
  The documentation about this parameter does not make a statement to this point:
  > If this flag is set, the client is no longer supplied with data during SAP upgrades. After an SAP upgrade, it is not possible to work actively in the client. The flag can only be set for a test client or an SAP reference client (Early Watch).
  Does SAP understand "applying support packages" as an upgrade?
  Answers will be rewarded.
  Regards
  Stefan

  No.
  Applying SP is not SAP upgrade.
  -Pinkle

• What are the most common/important DB firewall intrusion methods Security Admins need to protect against?

  Hi everyone,
  I was curious about the top methods attackers are using to breach Oracle DB firewalls.  We are running Oracle 11.2.0.4 DB running on RedHat Linux 5.3 and using the standard IP tables/firewall for Linux turned on.  We have all the ports closed that were recommended by our security auditing company.  However, we just wanted to know if there were specific attack methods that are commonly being used which we should additionally protect against.
  Thanks in advance for any info.

  Anybody? Bueller?  Bueller?

• CS3/CS4 protecting against SQL Injection

  Hi:
  I was wondering if the newer versions of Dreamweaver like CS3/CS4 do a good enough job to protect against SQL Injection when using the built in Insert/Update/Delete behaviors or should I use Commands with Stored Procedures (MS SQL)?
  Thanks!
  Mitch

  David , Günter - many thanks for your help !
  In my ignorance I appear to have been misled by my website host who, in response to a related problem, informed me as follows:
  "your website's scripting does appear to be highly vulnerable to SQL  injection attack, this can be easily seen via the following example:
  /s-sub_detail.php?cat_id=TEST
  As  you can see, arbitrary data entered as the cat_id variable of the shopping cart  script is being passed unchecked to the SQL server, which is then returning a  notice relevant to the data passed (in the above example case this is an  "unknown column" error) - This effectively demonstrates that your shopping cart  script performs no validation on variables used within the script and passes  them directly to the SQL server, which means arbitrary commands can potentially  be added as variable data for the SQL server to execute.
  In order to  correct this all variables and any other posted data used by the shopping cart  script must be fully validated by the script itself before being passed to the  SQL server so that SQL commands cannot be executed by simply manually entering  these as a script variable".
  Thanks to David I understand the issue with the need for data validation but the response above appears to indicate that they believe there is more to it.
  David and Günter - I would welcome your response to the above and perhaps recommendations for SQL injection vulnerability testing.
  Kind regards
  J

• "FRM-40200: Field is protected against update"

  "FRM-40200: Field is protected against update" ...
  hi guru,
  when im about to check the checkbox in transaction statuses in receiving-> transaction status summary . to  resolve the pending receiving transaction in PO, this error occurs "FRM-40200: Field is protected against update" ...
  Thanks

  Hi,
  In this form you may delete the record but won't be able to update it.
  Thanks,
  PS.

• Lightswitch Security, Protection against SQL Injection attacks etc.

  Hi all,
  I have been hunting around for some kind of documentation that explains how Lightwitch handles typical web application vunerabilities such as SQL injection attacks.
  In the case of injection attacks it is my understanding the generated code will submit data to the database via names parameters to protect against such things but it would be good to have some official account of how Lightswitch handles relevant OWASP
  issues to help provide assurance to businesses that by relying on a framework such as Lightswitch does not introduce security risks.
  Is anyone aware of such documentation? I found this but it barely scratches the surface:
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  There is this which describes best practices but nothing to say that these practices are adopte within Lightswitch
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  Thanks for any help, I am amazed that it is so difficult to find?

  LS is a tool built in top of other technologies including Entity Framework.
  Here is a security doc about EF.
  http://msdn.microsoft.com/en-us/library/vstudio/cc716760(v=vs.100).aspx
  LS uses Linq to Entities and therefore is not susceptible to SQL injection.
  HTH,
  Josh
  PS... the only vulnerability that I'm aware of is when a desktop app is deployed as 2-tier instead of 3-tier.  In that case, the web.config which contains connection strings is on the client machine, which is a risk.  Here is a discussion related
  to db security & 2 vs 3-tier.
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/93e035e0-0d2e-4405-a717-5b3207b3ccac/can-sql-server-application-roles-be-used-in-conjunction-with-lightswitch?forum=lightswitch

• CFInsert/Update: protection against SQL injection?

  Hello,
  I'm trying to find out if the use of CFInsert or CFUpdate
  offers any protection against a SQL Injection attack. We are on a
  project that uses many CFInserts and Updates, and lack the time to
  rewrite new queries using CFQueryParam. Will a CFInsert or Update
  handle the situation?

  Validate every field before you get to the cfinsert/cfupdate
  tag, something you should have been doing anyway.

• What is the best protection against virus

  what is best protection against any virus.

  what is best protection against any virus.
  You.
  There will always be threats to your information security associated with using any Internet - connected communications tool:
  You can mitigate those threats by following commonsense practices
  Delegating that responsibility to software is an ineffective defense
  Assuming that any product will protect you from those threats is a hazardous attitude that is likely to result in neglecting point #1 above.
  OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple.
  A much better question is "how should I protect my Mac":
  Never install any product that claims to "clean up", "speed up",  "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.Such products are very aggressively marketed. They are all scams.
  Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources.
  Illegally obtained software is almost certain to contain malware.
  "Questionable sources" include but are not limited to spontaneously appearing web pages or popups, download hosting sites such as C net dot com, Softonic dot com, Soft pedia dot com, Download dot com, Mac Update dot com, or any other site whose revenue is primarily derived from junk product advertisements.
  If you need to install software that isn't available from the Mac App Store, obtain it only from legitimate sources authorized by the software's developer.
  Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
  Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iCloud, iTunes, or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
  Don’t install browser extensions unless you understand their purpose. Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.
  Don’t install Java unless you are certain that you need it:
  Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  Java can be disabled in System Preferences.
  Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
  Beware spontaneous popups: Safari menu > Preferences > Security > check "Block popup windows".
  Popup windows are useful and required for some websites, but unsolicited popups are commonly used to deceive people into installing unwanted software they would never intentionally install.
  Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  If you ever receive a popup window indicating that your Mac is infected with some ick or that you won some prize, it is 100% fraudulent. Ignore it.
  The same goes for a spontaneously appearing dialog insisting that you upgrade your video player right this instant. Such popups are frequently associated with sites that promise to deliver "free" movies or other copyrighted content that is not normally "free".
  The more insistent it is that you upgrade or install something, the more likely it is to be a scam. Close the window or tab and forget it.
  Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  The most serious threat to your data security is phishing. Most of these attempts are pathetic and are easily recognized, but that hasn't stopped prominent public figures from recently succumbing to this age-old scam.
  OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
  Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.
  Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

• Firefox 3 says I no longer have protection against online attacks

  firefox 3.6.13 says I no longer have protection against online attacks. Version 4 will not run because I don't have "enough previledges for some itms.'''
  '''

  The Firefox 3.5.x branch has reached end-of-life and is no longer maintained.<br />
  You will no longer receive security updates.<br />
  You can update Firefox via "Help > Check for Updates" or download and install the latest Firefox 3.6.x or 4.0.x version.<br />
  <br />
  Download a new copy of the Firefox program and save the DMG file to the desktop
  * Firefox 4.0.x: http://www.mozilla.com/en-US/firefox/all.html
  * Firefox 3.6.x: http://www.mozilla.com/en-US/firefox/all-older.html
  * Trash the current Firefox application to do a clean (re-)install
  * Install the new version that you have downloaded
  Your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks and other personal data.

• How can I protect against email spam robots in muse?

  how can I protect against email spam robots in muse?

  Put recaptcha or becaptcha on all of your contact forms and set up cloudflare on the site.

• *****Is there any way to protect against this latest cyber "bug"?

  I just read a newspaper article this morning that announces a major danger of a new computer but to Mac OSX systems.  Does anyone know of a way to protect against this?  I have one iMac, but also have an Apple router in my home.  It is scary to think that a bug can take control of your computer.

  My understanding from posts here and official statements in the public domain is that Apple is working diligently on the issue.
  I fear that we older model/OSX owners may be out of luck with patch help from Apple, as officially Apple does not support older stuff. Fortunately, there are many folks in the WebWideWorld that still care about us old folks - so Google searching " yourCurrentOSversion BASH patch " may help in finding those who have tackled the task of helping old folks across the street.
  When and if you discover such help in the WWW, Caveat Emptor - Buyer Beware... there will surely be nefarious characters looking to exploit this all-too-real fear (not paranoia if they are really after you)
  I follow with vested interest.
  CCC