Explain this Snort Rule – Information Security Stack Exchange

You can learn all these things by reading the manual.

alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 1433 

Shout when you see a TCP packet from what I have defined as external networks to What I have defined as SQL Server on port 1433.

(msg:"Attack Detected"; 

If you scream, say "Attack Detected"


Just shout if the SQL Server in this connection is the TCP "server" and this TCP connection was made (for example, ignore random packets that are not part of a connection).


Just scream if you find a binary 0x02 character in the first 1 byte of the message.

content:"sa";depth:2;offset:39; nocase;

Shout only if you also find the string "sa" (or "SA" or "Sa" or "sA") in the two bytes after the 39th byte of the packet.

detection_filter:track_by_src,count 5,seconds 2;)

Shout only if you see 5 packages within 2 seconds that meet these criteria.

Security – DMZ Setup Reality Check?

Currently, some servers and networks in our network are being updated. I'm also looking for a reality check for our DMZ configuration. I put it together a long time ago and wonder if it is still relevant or if there is a better (safer) way.

I'm thinking specifically of our web server traffic. We have many web applications that users from outside our network need to access. Almost all of them need access to our internal Active Directory and sometimes to other internal services.

I've always hated putting the web servers in the DMZ and punching holes in the internal network for Active Directory and / or LDAP instead of setting up a reverse proxy in the DMZ and forwarding the Web requests from the DMZ to port 443/80 in the servers in the internal network (a bit like this example). It has worked well over the years, some applications work well with it and others are a bit of an attempt.

Anyway, before I update some of the servers in question (some are 2k8 R2, which will soon be EOL), I thought I would check everything. I know you can do this in other ways (for example, by putting the web servers into the DMZ with an RODC). I wonder if I need to change my setup (and what an alternative might look like) or if it is still valid.

Many thanks.

Smartphone – iMessage Security Exploit?

Our family has decided to set up an additional telephone line for our exchange student today. I went to our mobile service provider and added it without any problems. So I was a bit confused when my sister came down the stairs and told me she had a problem with her phone. My sister has an iPhone, but the foreign exchange student and I both have Android phones. I was able to have an SMS conversation with the exchange student. My sister could receive the text messages from the exchange student's Android phone, but when she answered, the message went to another iPhone user who had the exchange student's phone number. We know that because another girl answered. I called Apple to solve the problem and they gave the exchange student a link to remove her number from iMessage. This seems to have solved the problem for us.

I am worried that this does not really solve the problem. What if two people had met in a bar, one with a newly connected Android, the other with an iPhone, and the first thing they exchanged were nudes? What if one of them had just received a new number that happened to be connected to an iMessage account? The Android user would send his photo to the right person, but the iPhone user would send his photo to the person who previously had the Android user's phone number (that's how iMessage works). And what if an iPhone user were overwhelmed with SMS messages to the point where he changed his phone number and did not bother updating his iMessage account? The spammer could register a phone at this number, intercepting text messages sent to the phone by other iPhone users. This is obviously a security issue with iMessage, but would it be considered a security exploit?

ANDROID STUDIO: Enable VT-x in your BIOS security settings

The following warning appears when I try to run an emulator in Android Studio:

Intel HAXM is required to run this AVD.
/dev/kvm is not found.

Enable VT-x in your BIOS security settings, ensure that your Linux distro has working KVM module.

But VT is already activated. Look here in the stack overflow and see that I had to disable Hyper-V. I did it and it still does not work. What can I do?

Enter image description here

NOTE: I am using Windows 7, 64-bit

Violation of Biostar 2 – Information Security Stack Exchange

According to this blog post (which I assume contains a precise description of the violation):


A large amount of very sensitive biometric BioStar 2 data has leaked. I'm not familiar with BioStar 2, but in some situations in the past, I've been fingerprinted and I'd like to know if there's a way to find out if I'm affected or not.

(I do not know if this violation would only affect people who have specifically ordered a device or are working in certain locations (my work does not use fingerprint tests) or, for example, people who pass immigration controls when crossing borders.)

Is there a way to know if I am affected by this injury?

Try SQL Injection – Information Security Stack Exchange

I play a game in which I try to make SQL injection. It is about logging in as administrator (username field password field). The URL is the parameter "?uid=4" that's probably vulnerable. I've tried all the payloads that are in there burpsuite and that's 3 different results that I get.
a) Username field = admin
b) Username field = Josh
c) The Username field is empty

And that's the result of sqlmap

Parameter: uid (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: uid=4 AND (SELECT 5670 FROM (SELECT(SLEEP(5)))DQVx)

But I do not know how to log in as an administrator.