Tag: existing

How to change passwords for existing FileZilla sites?

This seems like such a simple question that I can’t believe I’m asking this, but I’ve spent 45 minutes trying to figure this out and just hit dead ends.

It used to be that there was a “Password” field in FileZilla Site Manager:

enter image description here

Now, for some versions of FileZilla it seems, sites look like this:

enter image description here

The Password field is completely gone, and there’s nothing related on any of the other tabs.

How can one change the password for an existing site without recreating the entire site from scratch? A password change occured this morning, and now I’m locked out of everything without spending an hour manually recreating everything. I used to be able to just replace the password – how is this done now?

wordpress – Google Optimize for A/B test: Trying to edit existing HTML but says it’s over the limit even when I test deleting some of it?

I am trying to set up an A/B test of a company’s website for my project. There are certain changes I’d like to make such as changing the ‘favourites’ products on the home page to one with the top selling products which I was trying to do by substituting the existing code simply with the top selling products instead (i.e. their jpg, their links, their names etc).

However I found that when making ANY change (by selecting the element and clicking ‘edit HTML’), even testing it by deleting one character from the original code, that it then pops up with this error notification saying that it’s over the word limit. Even when I put the character back for example, the error message is still there. And it will say weirdly that it is quite a lot of the word limit even though it’s basically the original code! I then have to click cancel every time.

Please see the attached photo for reference (where I deleted one character from the original code to demonstrate how any editing (even deletion of original working code) then comes up with the error that the html is over the limit).

View post on imgur.com

Thanks in advance!

php – WP Job Manager – connect filter to an existing widget-field

I’m using WP Job Manager in combination with ListingEasy (theme).

I have made an extra search filter, based on a new custom form field. However, now I want to refer to an existing field, named: working_time_text__day. It is already displayed in a widget on the listing-page, however I’m not sure how to connect to those fields.

Hereby the code with which I created the filter:

/**
 * This code gets your posted field and modifies the job search query
 */
add_filter( 'job_manager_get_listings', 'filter_by_salary_field_query_args', 10, 2 );

function filter_by_salary_field_query_args( $query_args, $args ) {
    if ( isset( $_POST('form_data') ) ) {
        parse_str( $_POST('form_data'), $form_data );

        // If this is set, we are filtering by salary
        if ( ! empty( $form_data('filter_by_salary') ) ) {
            $selected_range = sanitize_text_field( $form_data('filter_by_salary') );
            switch ( $selected_range ) {
                case 'vrijdag' :
                    $query_args('meta_query')() = array(
                        'key'     => '_job_salary',
                        'value'   => 'vrijdag',
                        'compare' => '==',
                    );
                break;
                case 'zaterdag' :
                    $query_args('meta_query')() = array(
                        'key'     => '_job_salary',
                        'value'   => 'zaterdag',
                        'compare' => '==',
                    );
                break;
                case 'zondag' :
                    $query_args('meta_query')() = array(
                        'key'     => '_job_salary',
                        'value'   => 'zondag',
                        'compare' => '==',
                    );
                break;
                case 'maandag' :
                    $query_args('meta_query')() = array(
                        'key'     => '_job_salary',
                        'value'   => 'maandag',
                        'compare' => '==',
                    );
                break;
            }

            // This will show the 'reset' link
            add_filter( 'job_manager_get_listings_custom_filter', '__return_true' );
        }
    }
    return $query_args;
}

In the picture below the script of the side-widget. I want my filter to search on the working_time_text__day, instead of the salary custom field.

enter image description here

To which value I should change the ‘key’ in the query_args?

exploit – Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

JTAG

System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing infrastructure around the basic JTAG protocol. – source

I’d like to know if there are any malware detection solutions that use the dedicated debug port on x86 motherboards leverage the JTAG protocol to observe processes and detect malicious behavior signatures as they occur on the victim machine.

This port seems like a powerful solution to modern malware detection problems based on the fact that external hardware gets to monitor the system’s every state change.

I have a lot of research left to do on how JTAG works, but some possibilities I considered for why it (using the dedicated physical debug port) might not work are:

  • Perhaps JTAG can only debug one core at a time, or not all cores at once, making it impossible to use for a system-wide monitoring solution. Relevant question

  • Perhaps the performance cost is too high. Relevant question

  • Perhaps I completely misunderstood the workings of this capability and various details make what I’m suggesting impossible.

Context

Based on this related question I asked recently about using an OS’s debugging API to track a process state, you should be able to understand this question about JTAG a little better.

To recap, that question is about my research on the application of machine learning against register and memory state change patterns to defeat evasive and polymorphic techniques used by modern malware to avoid behavior based signature recognition traditionally performed within emulator sandboxes.

By watching processes actually executing on the real machine where they must demonstrate their behavior in order to accomplish the desired goal, we can avoid the weaknesses experienced by emulator based approaches (which would be an already defeated layer in our defense strategy by the time the solution I’m asking about now would be relevant).

The question

Are there any existing JTAG (hardware) based malware detection systems, and if not, why?

Does receiving a student visa replace my existing business travel visa? (China)

Does receiving a student visa replace my existing business travel visa? Is it possible to hold two visa types simultaneously?

I still hold a now rare 10 year multiple entry business travel visa (though COVID-19 rules mean this is temporarily unusable). If I receive a new visa e.g. student visa, must this replace my existing visa? or put another way, what would I expect to see when I receive my passport back from the embassy?

gui design – What title could differentiate an “Inventory” page (containing items on-hand) from an “Ingredients” page (containing a full list of existing items)?

I’m making a recipe app with an inventory.

When making a recipe, the user can add ingredients from an included list of available ingredient. If the users cannot find an ingredient, he can add a custom one in the “Ingredients” page. That page has a list of all custom ingredients and all included ingredients. The user cannot delete the included ingredients, and deleting custom ingredient isn’t encouraged, because it would break the recipes that use those ingredients

The user can also specify the quantity of each ingredient he has on hand using the “Inventory” Page. The inventory is independent from the recipe and the ingredient page. Since the inventory page only contains information related to the actual inventory (perishable dates, quantities…), the user can freely modify the information and delete items.

I’m looking for a way to make it clear to the user the difference between the Inventory and the Ingredients page. Currently, I find that the word “Ingredients” is misleading, since you might think that it’s related to the ingredients you currently own.

How can I clearly differentiate those 2 pages? Thank you.

target users – Should I interview existing offline customers as a part of foundational research?

I am pursuing a Google UX design professional certificate. In this course I need to design the UX for a project titled: “Design a specialised app for a travel agent”. As a part of foundational research, I need to identify target users and interview them. I have identified one travel agency that has been in business for more than 5 years and has a sufficiently large existing user base; this agency has no app or website. Their customers call them and visit their office to do what is needed.

My question is: Would it be helpful to interview some of the existing offline clients as target users?

target users – Can i interview existing offline customers of travel agency as a part of foundational research to design an app for that agency?

I am perusing a Google UX design professional certificate. In this course I need to design UX for a project titled : “Design a specialised app for a travel agent”. As a part of foundational research i need to identify target users and interview them. I have identified one travel agency who is in business for more that 5 years and have a sufficiently large existing user base and this agency has no app or website. Their customers call them, visit office, and do the needful.

My question is: Can I interview some of the existing clients as target users?

What prevents an attacker from registering a TLS certificate for an existing site?

What prevents an attacker from registering a TLS certificate for an
existing site?

Certificates are issued by Certificate Authorities (CA’s), which are inherently trusted by the major web browsers. The job of the CA is to prevent exactly what you describe in your question. They do this by validating that you own/control the domain that you are asking them to issue the certificate for. This is often done by way of Domain Validation. Typically, it requires the domain owner to do one of the following:

  • Publish a string provided by the CA at a URL at the site for the
    domain
  • Click a verification link sent to an administrative email
    address for the domain
  • Publish a string provided by the CA in the
    domain’s DNS

It is very much in the interests of CA’s to perform this validation procedure accurately, in order to prevent issuing certificates to attackers who do not in fact own/control the domain that they are requesting a certificate for. If a CA issues a certificate to an attacker, users may no longer trust this CA, and browser could take the step of revoking their trust in this CA as well. This is what happened with DigiNotar in 2011.

Best practices using OAuth 2 for authentication in existing API

I am extending an existing API (GraphQL) with authentication through OAuth 2.0 and OICD:

The current API uses JWT tokens for authentication (there is more than one type of token, but I don’t think that makes any difference for this question). To get a token you identify with email and password. Note that this token is a custom type for the API, and not related to OAuth in any way.

Now I want users to be able to identify themselves using their Google (or other) account as an alternative to using email and password. So I’ve created an OAuth flow like this:

  1. The user goes to mysite.com/auth/login which redirects to the Google OAuth endpoint
  2. User grants access and is redirected back to mysite.com/auth/callback with an authorization code
  3. The backend uses the authorization code to get an access token
  4. With the access token, the backend request userinfo
  5. Backend now considers the client authenticated as the user with email from userinfo
  6. An API JWT token (same as the token you would get using email and password) is generated for the authenticated user and is returned to the client as the response to the callback request

This seems to work quite well, but what has me worried is the last step. I find suspiciously little documentation about best practices when using OAuth (OICD) only for authentication of an existing API.

Am I doing this right? Are there any obvious security concerns with this approach? Is there a better way to handle authentication, that will still allow non-oauth users to access the API?