Search Results

Search found 21071 results on 843 pages for 'account security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 113/843 | < Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >

  • SSH attcack CentOS Amazon EC2

    - by user37143
    Hi, I run a few Rightscale CentOS AMI based instances on Amazon EC2. Two months back I found that our SSHD security is compromised( I had added host.allow and host.deny for ssh). So I created new instances and done an IP based ssh that allows only our IPs through AWS Firewall(ec2-authorize) and chnaged the ssh 22 default port to some other port but two days back I found I was not able to login to the server and when I tried on 22 port the ssh got connected and I found that sshd_conf was changed and when I tried to edit sshd_config I found root had no write permission on the file. So I tried a chmod and it said access denied for 'root' user. This is very strange. I checked secure log and history and found nothing informative. I have PHP, Ruby On Rails, Java, Wordpress apps running on these server. This time I did a chkrootkit scan and found nothing. I renamed the /etc/ssh folder and reinstalled openssh through yum. I had faced this on 3 instances on CentOS(5.2, 5.4) I have instances on Debian as well those working fine. Is this a CentOS/Rightscale issue. Guys, what security measures I should take to prevent this. Please support me this is very critical. Thanks

    Read the article

  • Using GPO to collect data about VMware view activity

    - by MoSiAc
    Our security group wants us to begin logging data for external access to our view enviroment. At first we thought that view security would be logging all source ip's that are external in nature so if for some reason there is an intrusion we would have record of it there. Of course our firewall logs all that information but correlating it to view is sketchy at best with our current implementation. We know on viewdesktops there is a set of keys in VolitateEnviroment that contains stuff such as source ip and username, etc. We have a script in place that, when run as a logon script attached to a user account in AD collects the information as we need it. If we have a GPO run the same script the information does not get collected. We feel like there is a piece of the puzzle we're missing but we don't know what. If anyone knows what we're forgetting or misconfiguring that would be great, or if you have a better way of us collecting external source ip's for view specifically we'd be interested in that as well. Thanks, EDIT CODE Batch script to dump to text file @echo off timeout 20 echo %computername%/%username% %time% %date% c:\vdi\vmware.txt echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~c:\vdi\vmware.txt reg query "HKEY_CURRENT_USER\Volatile Environment" /v "ViewClient_LoggedOn_Username"c:\vdi\vmware.txt reg query "HKEY_CURRENT_USER\Volatile Environment" /v "ViewClient_IP_Address"c:\vdi\vmware.txt echo.c:\vdi\vmware.txt VB Script to display values Const HKEY_CURRENT_USER = &H80000001 Set wmiLocator=CreateObject("WbemScripting.SWbemLocator") Set wmiNameSpace = wmiLocator.ConnectServer(".", "root\default") Set objRegistry = wmiNameSpace.Get("StdRegProv") sPath = "Volatile Environment" lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_Machine_Name", vMachine) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_IP_Address", vIP) lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClien_MAC_Address", vMAC) msgbox "The Remote Device Name is " & vMachine & " @ " & vIP & " (" & vMAC & ") " he wanted me to mention that the batch file actually runs and I can see it counting down when I reconnect but it does not grab the registry values.

    Read the article

  • Preventing back connect in Cpanel servers

    - by Fernando
    We run a Cpanel server and someone gained access to almost all accounts using the following steps: 1) Gained access to an user account due to weak password. Note: this user didn't had shell access. 2) With this user account, he accessed Cpanel and added a cron task. The cron task was a perl script that connected to his IP and he was able to send back shell commands. 3) Having a non jailed shell, he was able to change content of most websites in server specially for users who set their folders to 777 ( Unfortunately a common recommendation and sometimes a requirement for some PHP softwares ). Is there a way to prevent this? We started by disabling cron in Cpanel interface, but this is not enough. I see a lot of other options in which an user could run this perl script. We have a firewall running and blocking uncommon outgoing ports. But he used port 80 and, well, I can't block this port as a lot of processes use them to access things, even Cpanel itself.

    Read the article

  • Unable to delete a file or take ownership on Win7x64

    - by Basic
    I'm a developer and as part of the build process, a Microsoft dll is copied to a certain folder. That file copy is now failing as the target can't be overwritten. I decided to delete it by hand (using an admin account but a non-elevated explorer) so browsed to the folder and attempted a delete. This failed (Require permission from the Administrator). The same applies when using an elevated explorer. So I tried Properties-Security-Advanced-Ownership The current owner is showing as Unable to display current owner. I can't take ownership (a simple Access Denied message with no elaboration). Elevated Command Prompt/PowerShell don't help either (both give an Access Denied in their own way). Process explorer shows no open handles on the file. Eventually, I booted to linux and deleted the file but what I'd like to know is what caused it? Security Essentials had no issues with the file. It's digitally signed by MS and the signatures match.

    Read the article

  • Safely transfer files from pc with internet connection to lan without allowing any other form of communication

    - by Hugh Quenneville
    In the company that I work there are computers that are connected to the Internet and computers that are connected to a Local Area Network. The LAN is considered a "safe zone" and the files that reside there should never be copied/moved to a computer that has Internet Access. So, now, if we want to download an installer for an application for example, we download it in a pc that has Internet Access and then move it using a "secure USB stick" to the Local Area Network. Is there a way to create an "safe, one-way connection" between a computer with Internet access and a computer from the LAN? This practically means that only files from the computer with the Internet access can be copied/moved to the LAN. In addition to that, if you want to transfer files you would have to provide your security credentials for the network (so, that only users with the appropriate access levels will be able to transfer files). Is it possible to create something like that and make it completely safe (or at least "equally safe" with the USB method that we currently use) or the fact that the computer with Internet access is connected with a wire to the LAN is a security risk by itself? NOTE: the LAN setup involves 2 Windows 2003 servers with Active Directory, Web servers and pretty much all the services that you would expect to find in a Windows network.

    Read the article

  • C# WebBrowser Control - ignore website security warnings

    - by Ramsey
    I'm currently using WebBrowser (System.Windows.Forms) in my program. When I try to access some websites over https, the message "There is a problem with your websites security certificate" appears. Is there any way I can get WebBrowser to ignore these types of warnings? There are solutions for WebClient: How to ignore a certificate error with c# 2.0 WebClient - without the certificate But those solutions do not apply to this problem, as WebBrowser seems to ignore whatever is set in ServicePointManager.

    Read the article

  • [WPF] ComboBox.Text not taking the ItemStringFormat property into account

    - by Thomas Levesque
    I just noticed a strange behavior which looks like a bug. Consider the following XAML : <Page xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:sys="clr-namespace:System;assembly=mscorlib"> <Page.Resources> <x:Array x:Key="data" Type="{x:Type sys:String}"> <sys:String>Foo</sys:String> <sys:String>Bar</sys:String> <sys:String>Baz</sys:String> </x:Array> </Page.Resources> <StackPanel Orientation="Vertical"> <Button>Boo</Button> <ComboBox Name="combo" ItemsSource="{Binding Source={StaticResource data}}" ItemStringFormat="##{0}##" /> <TextBlock Text="{Binding Text, ElementName=combo}"/> </StackPanel> </Page> The ComboBox displays the values as "##Foo##", "##Bar##" and "##Baz##". But the TextBlock displays the selected values as "Foo", "Bar" and "Baz". So the ItemStringFormat is apparently ignored for the Text property... Is that a bug ? If it is, is there a workaround ? Or am I just doing something wrong ?

    Read the article

  • Delphi & Active Directory security groups

    - by Erik
    Hi Im writing a program for my school in which users have to enter a code given to them by a teacher to access the internet. My Question is how can i from delphi check if the current user is part of the teacher security group in active directory or not before it runs my code generating program. Thanks Erik

    Read the article

  • AutoMapper Problem - List won't Map

    - by Randy Minder
    I have the following class: public class Account { public int AccountID { get; set; } public Enterprise Enterprise { get; set; } public List<User> UserList { get; set; } } And I have the following method fragment: Entities.Account accountDto = new Entities.Account(); DAL.Entities.Account account; Mapper.CreateMap<DAL.Entities.Account, Entities.Account>(); Mapper.CreateMap<DAL.Entities.User, Entities.User>(); account = DAL.Account.GetByPrimaryKey(this.Database, primaryKey, withChildren); Mapper.Map(account,accountDto); return accountDto; When the method is called, the Account class gets mapped correctly but the list of users in the Account class does not (it is NULL). There are four User entities in the List that should get mapped. Could someone tell me what might be wrong?

    Read the article

  • Subscription Management with Merchant Account via API

    - by Josh
    I'm researching gateways/vendors that provide the ability to create subscription based transitions for merchant accounts. In other words, I want to allow customers to signup for a subscription for a website service that charges once a month. Authorize.Net has an ARB (Automated Recurring Billing) Module. The cost is cheap, $10 a month for the service, with unlimited subscriptions, and they have an API that allows XML or SOAP access to create, update and cancel. The LARGE negative of the service is that it doesn't have elegant way to obtain the current status of a subscription. They can send a daily email with an attached CSV file, or someone can login into the site and review statuses – neither is an enterprise solution. The parent company "CyberSource" has a "Recurring Billing Service" which implies a more robust solution, including API access to subscription information. I’m currently waiting for a sales call back on costs related to the service. I also looked at PayPal's Recurring Billing Service, but that appears to require that users are redirected to the PayPal site to signup for the subscription -- again, not an an elegant solution. Does anyone know of any other vendors/gateways that offer subscription service, that meet the following criteria: Vendor/Gateway must host the credit card number and be PCI compliant Have an API that accessible via a Web Service, Post over HTTPS or SOAP Have an API that allows querying the status of subscriptions and/or the ability to query for activity since a certain date. Thanks in advance for your suggestions.

    Read the article

  • Github post commit trigger build in Hudson with security enabled

    - by Jerry Cheung
    Github has no problem with triggering a build in Hudson with security turned off because the build is a public URL. But I'd like to be able to have logins required on Hudson so that people can't arbitrarily build. I tried looking for a HTTP basic auth method so I can include the credentials in the URL itself, but couldn't find anything like that. Has anyone used Hudson with Github and run into this problem?

    Read the article

  • AutoMapper and SecurityException in IIS

    - by Felipe
    Hi everybody... I'm developing a asp.net mvc application with nhibernate and I would not like to expose my objects mappings with NHibernate, so I created DTO for each entity and I'm trying to convert my Domain objects to DTO and send it to View. So I have in my sollution: ClassLibrary with my Domain (for NHibernate) and DTO objetcs Class library to make a SessionFactory adn Factories in my Project Asp.Net MVC 2 Application So, I download AutoMapper to transform Domain objects in DTO and add a the code to do this in Application_Start of global.asax. When I run in VisualStudio (by pressing F5) it works fine and my dtos are into the view, So when I publish this in IIS, I get a security exception =( in first line of conversion: Mapper.CreateMap(); <--- this line throw exception Mapper.CreateMap(); System.Security.SecurityException: Failed request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. What can I do to resolve this to work in IIS ? When I will publish it on web server, the error will get too :( Thanks Cheers

    Read the article

  • ASN1 out of memory. during a signedCMS.decode

    - by JL
    I am having a problem using the signedCMS.decode routine. See the code below. The error seems to occur when the file size is too big in this case 11MB. private static void RemoveZfoSignature(string zfoFileName) { byte[] fileContents = File.ReadAllBytes(zfoFileName); var contentInfo = new ContentInfo(fileContents); var signedCms = new SignedCms(contentInfo); // This line throws the error 100% of the time signedCms.Decode(fileContents); signedCms.RemoveSignature(0); byte[] outfile = signedCms.ContentInfo.Content; string outFileName = zfoFileName.Replace(".zfo", "_tmp.zfo"); File.WriteAllBytes(outFileName, outfile); } Here is the exact error: "System.Security.Cryptography.CryptographicException: ASN1 out of memory. at System.Security.Cryptography.Pkcs.SignedCms.OpenToDecode(Byte[] encodedMessage, ContentInfo contentInfo, Boolean detached) at System.Security.Cryptography.Pkcs.SignedCms.Decode(Byte[] encodedMessage) at ConsoleApplication2.Program.RemoveZfoSignature(String zfoFileName) in C:\\Users\\\\Documents\\Visual Studio 2008\\Projects\\ConsoleApplication2\\ConsoleApplication2\\Program.cs:line 30" Any idea on how to fix this?

    Read the article

  • Per-User basis security with restful_authentication in Rails ?

    - by benoror
    Hi! I'm using restful_authentication plugin, but I would like to have per-user security, for example: class PostsController < ApplicationController # Login required before_filter :login_required, :except => [ :index, :show ] # Only the same user can create, edit and delete their own posts before_filter :only_by_same_user, :only => [ :create, :update, :destroy ] end Thanks!

    Read the article

  • GIgya Native Login without using Facebook and Twitter Account

    - by Wodjefer
    Following code that i am using to login but i am getting a Null response - (IBAction) signInPressed : (id)sender { [super signInPressed:sender]; NSLog(@"ACCLoginViewController_iPhone Sign-IN Pressed"); //Load the Gigya login UI component, passing this View Controller as a delegate. GSRequest *request = [GSRequest requestForMethod:@"accounts.login"]; [request.parameters setObject:self.emailField.text forKey:@"loginID"]; [request.parameters setObject:self.passwordField.text forKey:@"password"]; request.parameters[@"loginID"] = @"email"; [request sendWithResponseHandler:^(GSResponse *response, NSError *error) { if (!error) { NSLog(@"the resposne = %@",response); } else { // Check the error code according to the GSErrorCode enum, and handle it. NSLog(@"the Error = %@",error.description); } }]; // [self loadTabbar]; }

    Read the article

  • Consuming secured WCF service through basicHTTPbinding

    - by Jason M
    I am consuming an secured service hosted over basicHttpBinding I have to pass credentials to the service for authenticatioon Here’s the config setting for the client <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> While calling the service, I am getting following exception message An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. Message = "An invalid security token was provided (Bad UsernameToken Values)” I not sure how to get it working I am curious if somebody can help me out or provide me any url where I could find the solution

    Read the article

  • Questions and considerations to ask client for designing a database

    - by Julia
    Hi guys! so as title says, I would like to hear your advices what are the most important questions to consider and ask end-users before designing database for their application. We are to make database-oriented app, with special attenion to pay on db security (access control, encryption, integrity, backups)... Database will also keep some personal information about people, which is considered sensitive by law regulations, so security must be good. I worked on school projects with databases, but this is first time working "in real world", where this db security has real implications. So I found some advices and questions to ask on internet, but here I always get best ones. All help appreciated! Thank you!

    Read the article

  • one svn account for each programmer?

    - by ajsie
    i should have one svn user for each programmer in the ubuntu server? is this accomplished by using "htpasswd" 4 times for 4 programmers? how do i couple all these users to same group so that i could modify file access specific for the svn group and all its members?

    Read the article

  • Fluent NHibernate Automap does not take into account IList<T> collections as indexed

    - by Francisco Lozano
    I am using automap to map a domain model (simplified version): public class AppUser : Entity { [Required] public virtual string NickName { get; set; } [Required] [DataType(DataType.Password)] public virtual string PassKey { get; set; } [Required] [DataType(DataType.EmailAddress)] public virtual string EmailAddress { get; set; } public virtual IList<PreferencesDescription> PreferencesDescriptions { get; set; } } public class PreferencesDescription : Entity { public virtual AppUser AppUser { get; set; } public virtual string Content{ get; set; } } The PreferencesDescriptions collection is mapped as an IList, so is an indexed collection (when I require standard unindexed collections I use ICollection). The fact is that fluent nhibernate's automap facilities map my domain model as an unindexed collection (so there's no "position" property in the DDL generated by SchemaExport). ¿How can I make it without having to override this very case - I mean, how can I make Fluent nhibernate's automap make always indexed collections for IList but not for ICollection

    Read the article

  • WindowsIdentity Token in Legacy ASP

    - by Max Schmeling
    I've created a .Net library at work that is used by all of our developers. The security part of it uses Microsoft AzMan for the security backend. In order to create a security (AzMan) ClientContext I have to pass it a token value (as a uint). This is all fine an dandy until I needed to make a COM wrapper for our common library so some of our legacy pages could take advantage of it without being rewritten for now. I cannot figure out how to get the token value to pass to AzMan from legacy ASP. The COM wrapper is setup to run as a COM Server and runs as a specific user that we use here for all COM objects, therefor the common library can't just pull the identity using .Net. Any ideas?

    Read the article

  • How to force user to user Administrator account in WinForms

    - by Smejda
    I have simple WinForms application where modifying Windows Registry. The problem is that in Vista / Windows 7 I need to force user to switch to administrator. I do not want to force user to Run as Administrator form start of the application. I want him to do it when there is necessity to write to registry. Best case scenario would be to reach exacly the same message which appear in lot's of Setups, when user need to 'switch' to Administrator so there is no necessity to Run as Administrator form beginning. How I can achieve this in .Net ?

    Read the article

  • How to automatically add user account *and* password with a Bash script

    - by ModernCarpentry
    I need to have the ability to create user accounts on my Linux ( Fedora 10 ) and automatically assign a password via a bash script ( or otherwise, if need be ). It's easy to create the user via Bash eg: [whoever@server ]# /usr/sbin/useradd newuser But is it possible to assign a password in Bash, something functionally similar to this (but automated): [whoever@server ]# passwd newuser Changing password for user testpass. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [whoever@server ]#

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >