A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

I believe my email or device was hacked: how can I verify and how can I resolve it?

Here is what happened:  

My wife sent  an email to my accountant which contained a few minor bits of information and I got a response that read (with bad grammar):

"please email me your Drivers license and 1040 from last year. I did a system update and lost many informations. thank you"

and below that was included a copy of the email text I sent to my accountant.

First, it is obvious that this is a spoof due to the bad grammar

But, my questions are

(1) How could a hacker manage to send me a faux reply that contained my exact original message?
(2) This email was sent from an IPAD, does that suggest my wife's email is compromised. the IPAD is compromised or both?

Free Tool: Subnet Calculator
LVL 12
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I am hoping to use the Uri object to reject the following XSS exposure.

for example, a return URL which includes the following puts your website at risk:

So, I hope I can use the  System.Uri object to throw an exception. This means I do not get into modifying my RegEx.

I would be surprised to learn that  the following is not a reg flag:

When can HttpUtility.HtmlEncode() reduce risk of XSS attack?

I was under the impression that it was best practice to encode the URL before I call Redirect().

For example:
                    return Redirect(HttpUtility.HtmlEncode(returnUrl));

But then was told it makes no difference, since encoding it just means the browser needs to decode it. And, all that matters is how you protect yourself from incoming malicious URL's. Obviously, a hacker can reformat any outputted URL.

Where and when does it make sense to use HttpUtility.HtmlEncode(returnUrl) ?

How comprehensive is this malicious URL test?

        public static bool IsUrlDomainValid(this Uri uri, List<string> whitelist)
            return whitelist.Any(w => uri.Host.EndsWith(w));

Open in new window

I create a while list that contains various good domains:

and want this function to fail if there is a single domain that is not whitelisted.

Is that was this code does? I get worried with the use of "endswith"

What if the last domain is a good one, but there is a bad one in the middle?


We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.

Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.

$mbs = Get-Mailbox 

Open in new window

Does this C# block return URL hacking?

            if (Url.IsLocalUrl(redirectToAfterLoggingIn) && redirectToAfterLoggingIn.Length > 1 &&
                (redirectToAfterLoggingIn.StartsWith("/") && !redirectToAfterLoggingIn.StartsWith("//")) &&
                return Redirect(redirectToAfterLoggingIn);

Open in new window

I find it confusing, at best.

How can it be a local URL if it starts with a "/"?

In an MVC App, can Session[] be hacked?

How confident should a Controller Action be that the Session data is legit?

Something tells me, zero percent confident.

Is the data stored in Session[] under the same restriction as query string params? That it must be encrypted? Or does the .NET Framework take care of that?

Does Microsoft's Anti-XSS Library block:

HTTP Splitting and Cache Poisoning?

These are new concepts to me, so surely I need to spend more time reading this article:

If you have the time... :)

Which vulnerability is NOT blocked by Microsoft's Anti-XSS Library?

Is there any other mitigation measures other than the usual 3 patchings below for Meltdown & Spectre?

3 steps approach (physical servers) :
-              A registry key has to be applied (manually, via GPO, SCCM or via AV program)
-              A patch from Microsoft has to be applied
-              A BIOS/firmware update has to be executed

We are concerned with the performance impact : I heard it's the BIOS/firmware update that will cause performance impact.

Fair to say that only servers in DMZ (directly facing Internet) runs much higher risk of data leakage/loss compared to
servers (in internal/backend zone) that have no Internet connectivity?

Anyone know if McAfee NIDS (Network IPS) appliance has signature to mitigate or DLP (we have Codegreen
network DLP appliance) can help prevent such data loss/leakage?
Can an AJAX Request be hacked?

I am trying to put my arms around all the work that needs to be done on four .NET Applications and have found XSS URL Vulnerabilities in Controller Actions.

I have been told by experts that "100% of the XSS exposure is on the server, and that no change could be made in javascript that could reduce the risk of an XSS attack."

I paraphrased in the quote above. Is it true?

What about an AJAX call?

If there were a way to "harden the URL" inside the AJAX call, could a hack hack that URL?

Get expert help—faster!
LVL 12
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Is context.HttpContext.Request.RawUrl inside a controller action a "must fix" problem?

I am trying to highlight everywhere in four .NET Applications which are exposed to XSS URL hacking.

So, it seems EVERY TIME I find the line of code:


I need sanitize it by checking the web domains against my white list.

Is this a correct assumption, that EVERY instance of RawURL is dangerous?

Can you think of any other C# keywords I can search for while looking for vulnerabilities on the C#.NET application?

Need a C#.NET sample project that shows (and fixes) various URL related XSS exposures.

I will build one myself, if need be. But if one exists, all the better.

Can you suggest anything?

Domain hacking this javascript:

I see the following code in my javascript and need to harden my MVC site against XSS attacks

I already have a function which inspects the URL and rejects it if the domain is not white listed. I found lots of places in the javascript where domains are being constructed, yet I do not know if that domain can be hacked or not.

 window.location = window.Server.mapPath('~/TestAdminis/Index?testId=' + testId + '&redirectFromCreateTest=' + true);

What redirection trick could a hacker play if the code above is used?

This javascript is clearly assigning the URL of the href attribute of window.location.

So, when the page renders, that URL value exists in the DOM. And a hacker could use some tool to insert his own domain and url into that variable.

Do I have that right?

What do I do about it?

Trying to understand the exposure caused by window.location

used in an .ajax call thusly:

                            window.location = buildTokenUrl('~/editor/', {
                                id: data.contentbankresourceid,
                                assettype: assetType,
                                poolid: self.cachedData().pool,
                                returnUrl: window.location.toString(),
                                defaultStyleId: defaultStyleId,
                                testId: self.testId,
                                formId: $("#formid").val()

Open in new window

I need some ideas how to block XSS attacks on this kind of code.

One was is for me to possibly expose a new server method that can be used to validate a url, before redirecting.

How might this look? What kind of input params could there be coming from the javascript? How might that server method return a valid URL for that particular case?

Might it choose from a white listed set of URL's?

Need to find Redirects throughout multiple solutions so I can check for evil domains.

I have designed the code to parse through a URL to find if a domain is not on a white list. But I need to check more than just the LogOn() function.

How do I scan an entire C#.NET MVC solution to find the places where redirects take place and which could create the need to examine the URL for malicious domains...

I will search for "redirect" and "window.location," in all Javascript files. But I see the following...

What do you suggest about how to find which calls need to have this malicious domain check?

I am currently experiencing an annoying VPN issue

I have a WatchGuard M300 cluster based in datacentre 2 which has an existing site to site VPN to datacentre 1

The same customer has a satellite office with a Watchguard xtm33 that has a site to site VPN to datacentre 1.  The satellite office is double NAT'ing, with an external IP in a 1 to 1 NAT direct through to a private IP range that is the external interface on this Watchguard.

datacentre 1 will be turned off soon so I need to connect the satellite office to datacentre 2, however when I set it up I get a timeout error on the Datacentre 2 side (it's like it cannot even see the external interface nevermind start negotiating) and the satellite side doesn't even attempt to start the VPN.  I have checked all of the settings, all traffic is definitely being passed through the satellite offices provider interface and other services are working.  As there is a VPN in place and working on both sides I cannot understand why the issues exists, but seems buggy.  The firmware on the satellite WatchGuard is old, its the only thing I can think to change.  Or its the 1 to 1 NAT, never had an issue before but its a question mark.
How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
My Os is win 10 prof 64 bit and I recently underwent a hacking and I am uncertain if the hacker had left any malware to come to live whenever the pc is booted on.  Hope if the Experts please take a look at the list of processes that are running and flag for me any potential threat that is still running.  Thank u. regards
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Removal Instructions:

Too many removals this week, we recommend you read and implement our suggestions, and try again later.
We've had Symantec Backup Exec 2010 running just fine on this server but all of a sudden its services keep on stopping all by themselves and we have to keep on restarting them, but, it's unusable at the moment.

The admin password hasn't changed, I re-entered it for all the services, but they keep on failing all by themselves.

I've restarted the server as well, tried a repair, but nothing has helped.

Any thoughts?

The OS is Windows Server 2012, Backup Exec is up-to-date.

Where is the PCI DSS compliance does it say I need to do regular internal scans of my network?
Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Looking for the security of a Web Application Firewall, with the least amount of work.

I have been told I needed a Web Application Firewall (WAF) and wonder if it's smarter to use a Web Cloud based WAF? It's for a .NET MVC App. running on IIS.

It sounds like it's a smart way to get security, without first needing to become an expert in it. And to know they are always on the lookout, making their system more secure, would let me rest easier.

Any good names you can recommend?

Also, how difficult is it to "build our own?" What kinds of customization capabilities would we lose, if we went with a Cloud based version?

How long might it take to deploy a cloud version of the WAF?

If I wanted to use AWS, for example, must I also host my website with AWS?

Assessing Vulnerability from URL parameters

I am in the processing of helping secure a .NET website against URL hacking. So I have spent some time adding a whitelist of valid domains and sub-domains. But what about query parameters?

My instincts are to add a second whitelist of valid query string parameters, but does that do anything to protect me?

I suppose a determined hacker could, with time and experimentation, find a query string param that has some exploitation value.

What do you think?

My worry is that whitelist of query string params may be difficult to generate, as this website is quite large. And there is always a risk of rejecting a legitimate request. The query string exposure is about revealing key data in the URL, but I am asking whether there is value in asserting that each query string param is in a whitelist of such params?

So, this is a customer service versus hack risk, threat assessment. And if there is little or no measurable reduction in threat, then this parameter whitelist could cause more harm than good.





A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.