Search Results

Search found 16593 results on 664 pages for 'adf security deploy'.

Page 104/664 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111 | Next Page >

Did Microsoft Add Wiretapping Capability to Skype?

Ryan Gallagher, writing for Slate, put two and two together from a lot of no comments. He noted that back in 2007, German police forces said that they couldn't tap into Skype calls because of of its strong encryption and complicated peer-to-peer network connections; in fact, Skype bluntly stated at the time that, due to its encryption and architecture techniques, it couldn't conduct wiretaps. But that may have changed. Gallagher cited a Forbes article that claims the hacker community is talking about recent changes to Skype's architecture and whether they will allow users to be wiretapped. ...

Read the article
Seeking for a better solution to restrict access in GRUB2 menu

- by LiveWireBT

I just read that in certain situations you should also protect access to your GRUB2 menu by setting a password and may be refining acces by adding --unrestricted or --users as arguments to menuentries und submenus. I read the corresponding pages in the Ubuntu Community Documentation and the Arch Wiki. So, I created /etc/grub.d/01_security, stored usernames and passwords in there, made the file executable and ran update-grub. This is working as intended, every action in the menu prompts for username and password, but I also want to modify the automatically generated entries to either restrict them to certain users (via --users) or make them available for everyone, but not editable by everyone (via --unrestricted). I was able to find the proper lines in 10_linux and edit them accordingly, however I'd love to see an easier solution. Perhaps an option like GRUB_DISABLE_RECOVERY="true" or GRUB_DISABLE_OS_PROBER=true in /etc/default/grub for easy (re)configuration (for linux and os-prober generated entries). Here's a diff from my 13.10 installation: $ diff /etc/grub.d/10_linux /etc/grub.d/10_linux_bak 123c123 < echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} --unrestriced \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^$ --- > echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_inde$ 125c125 < echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_$ --- > echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 323c323 < echo "submenu --unrestricted '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_$ --- > echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" tl;dr: I'd love the see a simple solution for GRUB2 entries that cannot be modified without a password or are limited to certain users. (Yes, GRUB_DISABLE_RECOVERY="true" is active.)

Read the article
How to protect own software from copying [closed]

- by Zzz

Possible Duplicate: How do you prevent the piracy of your software? Is possible to protect some file from copying if you are administrator of machine? I heard some story about some behavior: one software developer sells his software in some way. He is installing it on every client's computer and this software does not work on other computers or cannot be copied physically. How to implement the first and second protection. Is it effectively protection if software costs about $100 for all copies across client's company?

Read the article
How do PGP and PEM differ?

- by Dummy Derp

Email messages are sent in plain text which means that the messages I send to Derpina are visible to anyone who somehow gets access to them while they are in transit. To overcome this, various encryption mechanisms were developed. PEM and PGP are two of them. PEM - canonically converts-adds digital signature-encrypts and sends PGP does exactly the same. So where do they differ? Or is it that PGP (being a program) is used to generate a PEM message?

Read the article
How to backup encrypted home in encrypted form only?

- by Eric

I want to backup the encrypted home of a user who might be logged in at backup time. Which directories should I backup if I want to ensure that absolutely no plaintext data can be leaked? Are the following folders always encrypted? /home/user/.Private /home/user/.ecryptfs Just want to make sure that no data leaks, as the backup destination is untrustworthy. Edit: Yes, as Lord of Time has suggested, I'd like to know which folders and/or files I need to backup if I need to store only encrypted content in a way that allows me to recover it later with the right passphrase.

Read the article
25 Passwords to Avoid to Thwart Hackers

SplashData, a vendor of smartphone productivity applications for consumers and businesses, recently released a list of the top 25 most commonly used passwords for 2011. The company compiled the list after analyzing files of stolen passwords that hackers posted online to share with their cybercriminal colleagues. Without further adieu, here is the list of passwords that made SplashData's top 25: password, 123456, 12345678, qwerty, abc123, monkey, 1234567, letmein, trustno1, dragon, baseball, 111111, iloveyou, master, sunshine, ashley, bailey, passw0rd, shadow, 123123, 654321, superman, qazwsx...

Read the article
How can I allow a user to stream my videos securely?

- by John Baber

I've got a script that records 10 minute videos from a webcam to video1.mp4 video2.mp4 video3.mp4 video4.mp4 Then records over video1 again in rotation. I'd like one user to be able to view these in winamp or itunes by having a playlist with the four of them on repeat. (This is my way of getting around the many hours of figuring out how to actually livestream from a webcam with VLC). I don't see any examples of things like icecast being used for video, and I don't see any mentions of secure streaming. My question is, is there any way to have these videos be seen securely? I can do things like https on my server, but I don't have great access to the user's machine, so just sharing a directory by samba or sshfs isn't much of an option.

Read the article
Are two database trips reasonable for a login system?

- by Randolph Potter

I am designing a login system for a project, and have an issue about it requiring two trips to the database when a user logs in. User types in username and password Database is polled and password hash is retrieved for comparative purposes (first trip) Code tests hash against entered password (and salt), and if verified, resets the session ID New session ID and username are sent back to the database to write a row to the login table, and generate a login ID for that session. EDIT: I am using a random salt. Does this design make sense? Am I missing something? Is my concern about two trips unfounded? Comments and suggestions are welcome.

Read the article
Need suggestions on how to create a website with an encrypted database.

- by SFx

Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

Read the article
How do you go about checking your open source libraries for keystroke loggers?

- by asd

A random person on the internet told me that a technology was secure(1), safe to use and didn't contain keyloggers because it is open source. While I can trivially detect the key stroke logger in this open source application, what can developers(2) do to protect themselves against rouge committers to open source projects? Doing a back of the envelope threat analysis, if I were a rogue developer, I'd fork a branch on git and promote it's download since it would have twitter support (and a secret key stroke logger). If it was an SVN repo, I'd create just create a new project. Even better would be to put the malicious code in the automatic update routines. (1) I won't mention which because I can only deal with one kind of zealot at a time. (2) Ordinary users are at the mercy of their virus and malware detection software-- it's absurd to expect grandma to read the source of code of their open source word processor's source code to find the keystroke logger.

Read the article
Get phone number of (via mobile networks) browsing mobile device

- by TrialUser

I recently figured out, that the web site of my phone provider (mobile) mysteriously identifies me and automatically logs me into my account when I'm accessing with my android phone, as if it knew my phone number. (I used several browsers. When I'm using the phone as WLAN hotspot and access the same site from another device that doesn't happen.) How does my phone provider do that? On the one hand, as a programmer, I'd like to be able to do that too, but on the other hand, as a user, I'm kind of scared. What information do they have, such that they (believe they) are able to identify me just by my device? I hope this question isn't completely inappropriate for this site; feel free to add better tags — it's hard to find the right ones without knowing the Webmasters site at all.

Read the article
More than one way to skin an Audit

- by BuckWoody

I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more audit capabilities were added to the product, and in typical database platform fashion, as we added a feature we didn't often take the others away. So now, instead of not having an option to audit actions by users, you might face the opposite problem - too many ways to audit! You can read more about the options you have for tracking users here: http://msdn.microsoft.com/en-us/library/cc280526(v=SQL.100).aspx In SQL Server 2008, we introduced SQL Server Audit, which uses Extended Events to really get a simple way to implement high-level or granular auditing. You can read more about that here: http://msdn.microsoft.com/en-us/library/dd392015.aspx As with any feature, you should understand what your needs are first. Auditing isn't "free" in the performance sense, so you need to make sure you're only auditing what you need to. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Read the article
Is file permission secured when it transferred from Ubuntu to Windows?

- by Gaurav_Java

I am having 9GB text file which is encrypted . This file contains some confidential data . Which is on my system(Ubuntu) and my external HDD (ntfs) . This file get daily updated and then encrypted . But it has to be shared among 2-3 (Windows) person. I defined permission so that no other person can even read this file(chmod 660). It is too large file, so I can't upload it anywhere and it get updated daily basis. But this file travel on Windows OS and Ubuntu also. Even I am having copy of this on my personal computer. Recently it was deleted by some other user over Windows . I just want to know how can I set permission over that file so that it cannot be deleted from any other operating system. If someone delete this file, then I am having data old for couple of days, which is only on my system. I gone through this question it says there is nothing. And from this question I am not able to understand how can I protect it. Can I do anything for preventing this file from being deleted. Then how can I secure this files from getting deleted any suggestion or software or ideas. Maybe I sound silly or this is stupid question. Please don't close it, thanks for any suggestion or solution.

Read the article
Web api authentication techniques

- by Steve

We have a asp.net MVC web service framework for serving out xml/json for peoples Get requests but are struggling to figure out the best way (fast, easy, trivial for users coding with javascript or OO languages) to authenticate users. It's not that our data is sensitive or anything, we just want users to register so we can have their email address to notify them of changes and track usage. In our previous attempt we had the username in the URI and would just make sure that username existed and increment db tables with usage. This was super basic but we'd notice people using demo as a username etc so we need it to be a little more sophisticated. What authentication techniques are available? What do the major players use/do.

Read the article
Is this safe? <a href=http://javascript:...>

- by KajMagnus

I wonder if href and src attributes on <a> and <img> tags are always safe w.r.t. XSS attacks, if they start with http:// or https://. For example, is it possible to append javascript: ... to the href and src attribute in some manner, to execute code? Disregarding whether or not the destination page is e.g. a pishing site, or the <img src=...> triggers a terribly troublesome HTTP GET request. Background: I'm processing text with markdown, and then I sanitize the resulting HTML (using Google Caja's JsHtmlSanitizer). Some sample code in Google Caja assumes all hrefs and srcs that start with http:// or https:// are safe -- I wonder if it's safe to use that sample code. Kind regards, Kaj-Magnus

Read the article
Keeping files private on the internet (.htaccess password or software/php/wordpress password)

- by jiewmeng

I was asked a while ago to setup a server such that only authenticated users can access files. It was like a test server for clients to view WIP sites. More recently, I want to do something similar for some of my files. Tho they are not very confidential, I wish that I am the only one viewing it. I thought of doing the same, Create a robots.txt User-agent: * Disallow: / Setup some password protection, .htpasswd seems like a very ugly way to do it. It will prompt me even when I log into FTP. I wonder if software method like password protected posts in Wordpress will do the trick of locking out the public and hiding content from Search Engines? Or some self made PHP script will do the trick?

Read the article
Identify "non-secure" content IE warns about [on hold]

- by Doug Harris

As many know, if you serve a page over https and the content loads resources (images, stylesheets, js, SWF objects, etc) over http, older versions of Internet Explorer will show the user a warning saying "This page contains both secure and non-secure items". This is discomforting to many non-technical users. Usually, I can look at the HTML source and identify which item(s) are triggering this error. Sometimes a Flash object will load something else or some embedded javascript will put a new object in the DOM and trigger this. What tools are good for quickly tracking down the source of the warning?

Read the article
How to do a login page for third party service without letting them sign on?

- by AAA

We have a unique situation (at least for me, first time seeing this). We have a web form where accountants can fill in requests and that part is taken care of. But after their login we redirect them to a third-party website where we need more information from them. The process is crazy right now since we have to give our account login info to all people filing with us. So is there a way in PHP or any other solution where we can after that form on our website auto login with our information to that third party website in a way that our credentials are not visible to the users using the service?

Read the article
What are some internet trends that you've noticed over the past ~10 years? [closed]

- by Michael

I'll give an example of one that I've noticed: the number of web sites that ask for your email address (GOOG ID, YAHOO! ID, etc.) has skyrocketed. I can come up with no legitimate reason for this other than (1) password reset [other ways to do this], or (2) to remind you that you have an account there, based upon the time of your last visit. Why does a web site need to know your email address (Google ID, etc.) if all you want to do is... download a file (no legit reason whatsoever) play a game (no legit reason whatsoever) take an IQ test or search a database (no legit reason whatsoever) watch a video or view a picture (no legit reason whatsoever) read a forum (no legit reason whatsoever) post on a forum (mildly legit reason: password reset) newsletter (only difference between a newsletter and a blog is that you're more likely to forget about the web site than you are to forget about your email address -- the majority of web sites do not send out newsletters, however, so this can't be the justification) post twitter messages or other instant messaging (mildly legit reason: password reset) buy something (mildly legit reasons: password reset + giving you a copy of a receipt that they can't delete, as receipts stored on their server can be deleted) On the other hand, I can think of plenty of very shady reasons for asking for this information: so the NSA, CIA, FBI, etc. can very easily track what you do by reading your email or asking GOOG, etc. what sites you used your GOOG ID at to use the password that you provide for your account in order to get into your email account (most people use the same password for all of their accounts), find all of your other accounts in your inbox, and then get into all of those accounts sell your email address to spammers These reasons, I believe, are why you are constantly asked to provide your email address. I can come up with no other explanations whatsoever. Question 1: Can anyone think of any legitimate or illegitimate reasons for asking for someone's email address? Question 2: What are some other interesting internet trends of the past ~10 years?

Read the article
How to Configure Windows Defender

The existence of spyware and other unwanted irritations on the Web is so widespread that keeping your PC protected is an absolute must. Microsoft responded to this need with the inclusion of its Windows Defender program with Windows 7. Windows Defender does exactly what its name suggests, which is to defend your PC from spyware and other malicious programs. It does this first with real-time protection that notifies you if any spyware tries to run on your computer or if a program tries to change any vital settings in Windows. Windows Defender also helps to keep your computer protected thro...

Read the article
How to secure Ubuntu for a non-technical user? (your mom)

- by Gil

My mother will be traveling for a while and I need to provide her with a secure laptop so she can work. A windows laptop is out of the question because: she'll be logging into dodgy hotel wireless networks and conference networks price of the windows license to install on a netbook I've installed libreoffice, media players and skype on it. Also enabled SSH so I can intervene but I am worried that I might not be in a position to do so. Possible threats: web browsing USB sticks insecure networks prone to intrusions malware SSH/VNC vulnerabilites Skype vulnerabilities All the "securing Ubuntu" guides out there assume the user has a certain level of technical knowledge but this is not the case with moms in general. If a malware can gain even user level access it might compromise her files.

Read the article
client website compromised, found a strange .php file. any ideas?

- by Kevin Strong

I do support work for a web development company and I found a suspicious file today on the website of one of our clients called "hope.php" which contained several eval(gzuncompress(base64_decode('....'))) commands (which on a site like this, usually indicates that they've been hacked). Searching for the compromised site on google, we got a bunch of results which link to hope.php with various query strings that seem to generate different groups of seo terms like so: (the second result from the top is legitimate, all the rest are not) Here is the source of "hope.php": http://pastebin.com/7Ss4NjfA And here is the decoded version I got by replacing the eval()s with echo(): http://pastebin.com/m31Ys7q5 Any ideas where this came from or what it is doing? I've of course already removed the file from the server, but I've never seen code like this so I'm rather curious as to its origin. Where could I go to find more info about something like this?

Read the article
Setting to protect gnome-terminal from key logging

- by yanychar

Looks like it is easy to log keystrokes of all processes of the same user. A basic keylogger is 'xinput'. xinput test-xi2 The command generates log of all key-presses. Unfortunately, this includes passwords in gnome-terminal. Googling suggested that grabbing keyboard may prevent other windows from capturing key strokes. Is there a way to prevent XI2 logging in gnome-terminal? Or is there an X terminal that has this feature?

Read the article
Some hint to program a webservice "by subscription"

- by Eagle

I have some web sites programmed, I know to do it with python and PHP basically. Normally they are simple web sites, but now I want to provide REST web services but only for allowed users (allowed by me). I saw that a lot of services uses the "KEY" and "SECRET_KEY" concepts, which seems to be what I need (if I understand it right). My suppositions are: If I only do a GET service to retrieve, e.g., all my clients, without anymore, anyone can retrieve my clients without limitations. I will need some KEY generator to provide keys for my allowed users, so they can use my webservices. Only with a KEY is not enough: someone can steal a KEY and supplant my user (and this is the reason because exists a SECRET_KEY, right?). If all this is right, how can I make/use a system like that in my web services? Some open source example? Or maybe there are another easy solutions I'm not considering? My objective is to allow some users to use my web services.

Read the article
Microsoft Office 2013 Takes New Approach

You can check out an article from Computerworld for a good look at the questions and answers about the new software. For instance, you've probably noticed that I'm not giving the full name. That's because Microsoft seems to be using several names. If you go the traditional route and pay the one-time upfront fee for the shrink-wrapped edition, it's Office 2013. There's also a tablet version called Office Home and Student 2013 RT - but that won't include the iPad, or at least not at first. The consumer preview, which I'll be linking to in a minute, is dubbed Office 365 Home Premium. There ...

Read the article

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111 | Next Page >