Search Results

Search found 21071 results on 843 pages for 'account security'.

Page 127/843 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >

• File/folder Write/Delete wise, is my server secure?

  - by acidzombie24

  I wanted to know if someone got access to my server by using a nonroot account, how much damage can he do? After i su someuser I used this command to find all files and folders that are writeable. find / -writable >> list.txt Here is the result. Its most /dev/something and /proc/something and these /var/lock /var/run/mysqld/mysqld.sock /var/tmp /var/lib/php5 Is my system secure? /var/tmp makes sense but i am unsure why this user has write access to those folders. Should i change them? stat /var/lib/php5 gives me 1733 which is odd. Why write access? why no read? is this some kind of weird use of a temp file?

  Read the article

• Windows Xp, Svchost.exe connecting to different ips with remote port 445

  - by Coll911

  Im using Windows Xp professional Sp2 Whenever i start my windows, svchost.exe starts connecting to all the possible ips on lan like from 192.168.1.2 to 192.168.1.200 The local port ranges from 1000-1099 and the remote port being 445. After its done with the local ips, it starts connecting to other random ips. I tried blocking connections to the port 445 using the local security polices but it didn't work Is there any possible way i could prevent svchost from connecting to these ips without involving any firewall installed ? since my pc slows down due to the load I'd be thankful for any advices

  Read the article

• Can the Windows 8 Live SDK use another Microsoft Account other than the current user?

  - by Jerry Nixon

  Using the Windows 8 Live SDK you can have a user give you permission to their Microsoft Account. With this you can get their name and photo and more. But using the Live SDK appears to require the user of the app to use the same Microsoft Account as whoever is signed into the current session of Windows 8. In some scenarios, using a different account is very legitimate. I have simple sign-in working like a charm! This uses the same account. I can't find a way to do use another. Is it possible?

  Read the article

• How to merge several detached signatures from different people into one?

  - by Petr Pudlák

  A group of people wants to publish a file and they all want to digitally sign the file as different recipients of the file will have different chains of trust. For simplicity, it's desired that there is only one detached signature file with all the signatures, so that the recipients don't need to check them one by one: foo.tar.gz foo.tar.gz.sig However, for security reasons, every person needs to perform the signing on their computer, it's not possible to create the combined signature by having multiple private keys on one computer and performing the operation with one command. Is it possible with GPG to somehow merge detached signatures of a file from multiple participants?

  Read the article

• Safety concerns on allowing connections to MySQL with no password on localhost?

  - by ÉricO

  In the case of a Linux system, is there any security concern to let MySQL users with standard privileges (that is, not the root users) connect to the database with no password from localhost? I think that enforcing a password even for localhost can add a layer of protection, since, with no password the database access would be compromised if the SSH access is itself compromised. Considering that, would it be less safe to allow no password connection to MySQL than having the same password for SSH and for MySQL? I don't know if that is to be taken into account, but we also use phpMyAdmin to let users administrate their own database. I am asking because I kinda dislike having to put our database passwords unencrypted in the source or configuration files of our applications, where they can easily be leaked unintentionally. Since our servers are configured to run our applications as the Linux user the application belongs to, I was considering allowing no password from localhost as a simple solution. So, would that be a very bad idea or not?

  Read the article

• Why does mod_auth_kerb have trouble using a machine account?

  - by joeforker

  Instructions for using mod_auth_kerb to authenticate a Linux web server against a Windows domain say it doesn't work to link a machine account with the service name HTTP\[email protected]. Why is it necessary to have a dummy user account instead of a machine account?

  Read the article

• Error connecting ESX 5.0.0 to domain

  - by Saariko

  I am trying to connect an ESX 5.0.0 to our Domain Controler, in order to give a Domain group specific roles security. But I do not see any groups after the host connects to the domain. Under Configuration - Authentication Services - I connected the host to the domain: I created the role I wanted, with the selected approved features But when I want to add a permission to a set of VM's, I can not see "my domain" on the drop down, only the: "localhost" How do I see "my domain" on the Domain drop down - so I can select the domain group to give the role to? To note: I followed the instructions to connect to the domain form VMware site.

  Read the article

• How to check the OS is running on bare metal and not in virtualized environment created by BIOS?

  - by Arkadi Shishlov

  Is there any software available as a Linux, *BSD, or Windows program or boot-image to check (or guess with good probability) the environment an operating system is loaded onto is genuine bare metal and not already virtualized? Given recent information from various sources, including supposed to be E.Snowden leaks, I'm curious about the security of my PC-s, even about those that don't have on-board BMC. How it could be possible and why? See for example Blue Pill, and a number of papers. With a little assistance from network card firmware, which is also loadable on popular card models, such hypervisor could easily spy on me resulting in PGP, Tor, etc. exercises futile.

  Read the article

• How to make a secure MongoDB server?

  - by Earlz

  Hello, I'm wanting my website to use MongoDB as it's datastore. I've used MongoDB in my development environment with no worries, but I'm worried about security with a public server. My server is a VPS running Arch Linux. The web application will also be running on it, so it only needs to accept connections from localhost. And no other users(by ssh or otherwise) will have direct access to my server. What should I do to secure my instance of MongoDB?

  Read the article

• Is it necessary to change the default users and groups in VMware esxi 4.0 in order to have a secure

  - by Teevus

  By default esxi creates a number of users and groups including: daemon nfsnobody root nobody vimuser dcui How secure is this default security setup? Besides changing the root password, is it advisable to modify the default users and groups? E.g. does esxi use default passwords for the accounts or anything else that could be exploited by malicious users? My scenario is very basic and I don't require any custom users or groups as only sysadmins will ever need to administer the virtual infrastructure, and they can do so using the root account. Thanks

  Read the article

• My Quicken 401(K) account has changed to Checking. How do I fix this?

  - by user36492

  This is actually the second time this has happened to me, but I don't remember what I did last time (nor can I find the original forum post that helped then). I'm using Quicken Mac 2007. My 401(k) account, previously properly set up, has changed, seemingly irrevocably, to a Checking account. When I click "Edit" and try to change the account type, the 401(k) option is grayed out. I've got years of data stored in this account, so I am really hoping there's a way to salvage this data file!

  Read the article

• Switch to switch encryption over a wireless bridge (TrustSec?)

  - by metatheorem

  I am planning to connect an existing Cisco 3750 switch to a 3560C switch over a wireless PTP bridge. The bridge will be WPA2 protected, but I am looking for an additional measure of security between the switches to prevent other wireless access through either switch. They do not support IPSec, only 802.1Q tunnels, and buying additional hardware is not likely an option. I am looking into using TrustSec manual mode between the switches. After some effort reading into TrustSec and MACsec, I am mostly certain this is a good choice over the wireless bridge, keeping in mind it is a shared medium. Two questions: Can I reliably prevent other wireless traffic from accessing the switches using TrustSec? Does anyone know of any better options with the 3000 series switches?

  Read the article

• How do I sort account names alphabetically in Thunderbird?

  - by Sri

  I just upgraded to Ubuntu 12.04 and Thunderbird 13.0.1. I had 2 accounts earlier in Thunderbird: [email protected] [email protected] I also had another account on SeaMonkey: [email protected] which I imported into Thunderbird. Now the account order I want is: [email protected] [email protected] [email protected] but it shows: [email protected] [email protected] [email protected] I couldn't find any option in Thunderbird to sort them as I want. I came across a 3rd party extension but I avoid using such extensions. Is there any other way this can be done?

  Read the article

• openVAS - Microsoft RDP Server Private Key Information Disclosure Vulnerability - false Alarm?

  - by huebkov

  I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack to gain access to a RDP session. Affected Software is Microsoft RDP 5.2 and below. My server uses RDP 7.1, is this alarm a false alarm? Security Advisor Pages say: Solution Status Unpatched, No remedy... References http://secunia.com/advisories/15605/ http://xforce.iss.net/xforce/xfdb/21954/ http://www.oxid.it/downloads/rdp-gbu.pdf CVE: CVE-2005-1794 BID:13818

  Read the article

• Is UEFI more or less vulnerable than Legacy BIOS?

  - by Eric

  Is UEFI more secure than BIOS on a Windows 8.1 machine? Is UEFI vulnerable to malware in ways that Legacy BIOS is not? Is it correct that UEFI can connect to the internet before the OS (or anti-virus program) has loaded? On some boards, UEFI settings can be changed in Windows. Do these things affect PC security? I have read that BIOS on an MBR disc can be vulnerable to 'rootkits' There have been reports that suggest UEFI secure boot may not be infallible. Is UEFI better at defending against malware than BIOS?

  Read the article

• Which modules can be disabled in apache2.4 on windows

  - by j0h

  I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

  Read the article

• Is disabling password login for SSH the same as deleting the password for all users?

  - by Arsham Skrenes

  I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

  Read the article

• How to secure a VM while allowing customer RDS (or equivalent) access to its desktop

  - by ChrisA

  We have a Windows Client/(SQL-)Server application which is normally installed at the customer's premises. We now need to provide a hosted solution, and browser-based isn't feasible in the short term. We're considering hosting the database ourselves, and also hosting the client in a VM. We can set all this up easily enough, so we need to: ensure that the customer can connect easily, and also ensure that we suitably restrict access to the VM (and its host, of course) We already access the host and guest machines across the internet via RDS, but we restrict access to it to only our own internal, very small, set of static IPs, and of course theres the 2 (or 3?)-user limit on RDS connections to a remote server. So I'd greatly appreciate ideas on how to manage: the security the multi-user aspect. We're hoping to be able to do this initially without a large investment in virtualisation infrastructure - it would be one customer only to start with, with perhaps two remote users. Thanks!

  Read the article

• Does Windows 8 include the Windows Help program (WinHlp32.exe)?

  - by amiregelz

  In 2011, Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks. The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design. Here's the malicious WinHelp files (Bloodhound.HLP.1 & Bloodhound.HLP.2) detection heat map: I would like to know if the Windows Help program exists on my Windows 8 machine by default, because if it does I might need to remove it for security reasons. Does Windows 8 include the Windows Help program (WinHlp32.exe)?

  Read the article

• How can I tell if a host is bridged and acting as a router

  - by makerofthings7

  I would like to scan my DMZ for hosts that are bridged between subnets and have routing enabled. Since I have everything from VMWare servers, to load balancers on the DMZ I'm unsure if every host is configured correctly. What IP, ICMP, or SNMP (etc) tricks can I use to poll the hosts and determine if the host is acting as a router? I'm assuming this test would presume I know the target IP, but in a large network with many subnets, I'd have to test many different combinations of networks and see if I get success. Here is one example (ping): For each IP in the DMZ, arp for the host MAC Send a ICMP reply message to that host directed at an online host on each subnet I think that there is a more optimal way to get the information, namely from within ICMP/IP itself, but I'm not sure what low level bits to look for. I would also be interested if it's possible to determine the "router" status without knowing the subnets that the host may be connected to. This would be useful to know when improving our security posture.

  Read the article

• How to secure a new server OS installation

  - by Pat R Ellery

  I bought (and just received) a new 1u dell poweredge 860 (got it on ebay for $35). I finished installing Ubuntu Server (Ubuntu Server 12.04.3 LTS), install apache/mariadb/memcache/php5 works great but I am scared about security. so far I am the only one using the server but eventually more people (friends, friends of friends) will use this server, use ssh etc... I want to know what can I do to secure all the information and not get hacked, both from the web or ssh or ddos and any other attack possible. Does Ubuntu Server does it for you right away? or I have to fix it my self? Thank you EDIT: I installed (so far): All dev tools ssh server LAMP I didn't install: Graphical interface

  Read the article

• How can I disable the guest account on OSX Lion?

  - by Wezly

  I have 'disabled' the guest account on my macbook pro running Lion via System Preferences Users & Groups. However the guest account still seems to appear as an option to login at start up and when switching users. I have never used the guest account for anything, and I have tried a system restore but the guest user has returned as before. How can I get rid of it? Thanks. edit: I also just enabled and disabled the account again - but the guest option still appears at startup offering a safari only restart for a guest user.

  Read the article

• Folder Permissions in Windows 7

  - by gameshints

  I'm trying to securely share a folder across two computers on a relatively public network. However, I'm a bit confused on how permissions work and was hoping for some clarification between the following so I don't accidentally make something public I don't want. When you right-click a folder and go to properties, what is the difference between Sharing Tab - 'Share...' button - List of users and permissions there Sharing Tab - 'Advanced Sharing...' button - 'Permissions' button - List of users and permissions there Security Tab - List of users and permissions there Thanks!

  Read the article

• Active Directoy GPO

  - by Phillip R.

  I am looking into some weird issues with active directory and group policy. This domain has been upgraded from windows NT and has a few different administrators over the years. I am looking through the Default Domain group policy and Default Domain Controller group policy. In the security areas and I will use the log on locally area as an example, it shows SIDes that begin with asterisks and are quite long they look sort of like the following *S-1-5-21-787626... Normally, when I see something like this I would think that the User account was no longer there and this was never cleaned up. Am I wrong in my assumption? Thanks in advance

  Read the article

• Personally identifiable information (PII) on shared web hosting

  - by S. Cobbs

  Hey folks, I am providing web hosting services (shared and dedicated) and have had one of my shared hosting clients mention needing an SSL cert for their site where they are collecting insurance quotes in a form, including names and social security numbers. My privacy sense is tingling, and I'm pretty sure it's not legal (in the US) to do this on a shared system, but can't find anything to support my thoughts outside of PCI-DSS, but the customer isn't processing payments through the site so I'm not sure if that applies. I'm reading lots of policy documents where people advise to minimize and manage the PII footprint internally, but as the host I don't want to put all of my customer's clients at possible risk. I'm not looking here for legal advice necessarily, but perhaps someone in a similar position to mine can provide some rule of thumb or point me in the right direction.

  Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >