Search Results

Search found 21071 results on 843 pages for 'account security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 13/843 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Use SECEDIT to export "Security Options" from one computer and import on another

    - by Andy Arismendi
    Can I use secedit.exe to export out the "Security Options" from the local security policy and then import them on another machine? I'm trying to do this on Windows Server 2008. Update I just tried with: secedit /export /db C:\andy.db /cfg C:\andy.inf /areas SECURITYPOLICY /log C:\andy.log But it didn't work with error: Warning 2: The system cannot find the file specified. Error opening C:\andy.db. Where do I get the DB file from?

    Read the article

  • Microsoft Security Essentials Not Monitoring

    - by nateify
    When I boot into Windows Vista, Microsoft Security Essentials is set to run when the system starts. When I open the program, it says Microsoft Security Essentials isn't monitoring your computer because the program's service stopped. It tells me that it can't update definitions or enable real time protection unless I do it manually (every time I boot). Is there a way I can fix this so I always have real time protection and updating?

    Read the article

  • Downloading Microsoft Security Essentials via https

    - by Marcel
    I want to download Microsoft Security Essentials on my brand new Windows 7 home PC. The official site presented to me is http://windows.microsoft.com/de-CH/windows/products/security-essentials, as I am located in Switzerland. The link to the actual package then is http://go.microsoft.com/fwlink/?LinkID=231276 Obviously, the download is not secured with https. Why? Would this not be the first thing Microsoft should do? They could deliver the certificate already with the OS to make it really secure...

    Read the article

  • Is free security software as good as paid security software?

    - by Tester101
    I mostly use free security solutions to protect my home PC, but I wonder if I would get better protection from a paid solution. I prefer the free software, since I can have multiple applications protecting against different threats. With paid software I feel like I have to choose just one, and hope it can protect against everything. Is it worth it to pay for security when there are free options?

    Read the article

  • Creating limited user account on Windows 7

    - by serena
    I'm sharing my PC (Win 7 x64 Home Premium) with a friend, and I wanna create a guest user for her. I don't want her to reach my files, Windows settings, program adjustments etc. She should just surf the net, create/edit her own Word, Excel documents, and simple things like these. How can I create this user account and make the necessary arrangements for limitations?

    Read the article

  • Security Newsletter November Edition is Out

    - by Tanu Sood
    The November edition of the Security Inside Out Newsletter is now out. This month’s newsletter captures the highlights from Oracle OpenWorld. The conference registration broken all the past records and so did all Security related events and activities at OpenWorld. From Security keynotes, conference sessions, hands-on-labs, product demonstrations to the very successful Executive Edge @ Openworld: Chief Security Officer Summit. The main feature discuses the key topics and trends compiled from across all the Security related sessions. The newsletter also features an interview with Amit Jasuja, Senior Vice President, Security and Identity Management at Oracle. Amit discusses the key trends in the industry and how these have helped shape innovation in the latest release of Oracle Identity Management solution set. If you are looking at cloud, social and mobile and are concerned about security, you don’t want to miss this feature. As always, the newsletter captures both recent and upcoming Security and Identity Management events, conferences, training, news and more. So, if you haven’t done so, we recommend you subscribe to the Security Inside Out Newsletter today. We’d love to hear from you. Let us know some topics you’d like to see covered in the upcoming editions. Or just let us know how we are doing. We look forward to hearing from you.

    Read the article

  • Another Security Exception on GoDaddy after Login attempt

    - by Brian Boatright
    Host: GoDaddy Shared Hosting Trust Level: Medium The following happens after I submit a valid user/pass. The database has read/write permissions and when I remove the login requirement on an admin page that updates the database work as expected. Has anyone else had this issue or know what the problem is? Anyone? Server Error in '/' Application. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +59 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) +684 System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +114 System.Configuration.Internal.InternalConfigHost.StaticOpenStreamForRead(String streamName) +80 System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String streamName, Boolean assertPermissions) +115 System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.OpenStreamForRead(String streamName) +7 System.Configuration.Internal.DelegatingConfigHost.OpenStreamForRead(String streamName) +10 System.Configuration.UpdateConfigHost.OpenStreamForRead(String streamName) +42 System.Configuration.BaseConfigurationRecord.InitConfigFromFile() +437 Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

    Read the article

  • Spring Security: Multiple Logins to the same resources: Form Login + Facebook Connect (uid, sessionK

    - by Daxon
    To begin I know about http://blog.kadirpekel.com/2009/11/09/facebook-connect-integration-with-spring-security/ The only problem is that it completely replaces the Form Login with Facebook Connect. I have the native form login in place, I also have Facebook Connect in place, Upon gathering user information I link it to a native account but without a password. At that point I would like to call a link or method to start process of going into the Spring Security Filter Chain. Here is the source code that works, but am trying to modify. It contains all the files I'm taking about. Now from what I understand I need to add a custom FacebookAuthenticationProvider so that my AuthenticationManager knows about it. <bean id="facebookAuthenticationProvider" class="org.springframework.security.facebook.FacebookAuthenticationProvider"> </bean> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="facebookAuthenticationProvider" /> </security:authentication-manager> Then within the FacebookAuthenticationProvider I would have to call an FacebookAuthenticationToken that would take my the current facebook Uid and SessionKey of the user. Then try authenticate this Token. So where does the FacebookAuthenticationFilter come into it? I'm just trying to understand the order at which these 3 files are called. As if you were trying to implement any other custom authentication. FacebookAuthenticationFilter.java FacebookAuthenticationProvider.java FacebookAuthenticationToken.java I have also posted this on the Spring Security Forum

    Read the article

  • Java: What are the various available security settings for applets

    - by bguiz
    I have an applet that throws this exception when trying to communicate with the server (running on localhost). This problem is limited to Applets only - a POJO client is able to communicate with the exact same server without any problem. Exception in thread "AWT-EventQueue-1" java.security.AccessControlException: access denied (java.net .SocketPermission 127.0.0.1:9999 connect,resolve) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) My applet.policy file's contents is: grant { permission java.security.AllPermission; }; My question is what are the other places where I need to modify my security settings to grant an Applet more security settings? Thank you. EDIT: Further investigation has lead me to find that this problem only occurs on some machines - but not others. So it could be a machine level (global) setting that is causing this, rather than a application-specific setting such as the one in the applet.policy file. EDIT: Another SO question: Socket connection to originating server of an unsigned Java applet This seems to describe the exact same problem, and Tom Hawtin - tackline 's answer provides the reason why (a security patch released that disallows applets from connecting to localhost). Bearing this in mind, how do I grant the applet the security settings such that in can indeed run on my machine. Also why does it run as-is on other machines but not mine?

    Read the article

  • Rendering a control generates security exception in .Net 4

    - by Jason Short
    I am having a problem with code that worked fine in .Net 2 giving this error under .Net 4. Build (web): Inheritance security rules violated while overriding member: 'Controls.RelatedPosts.RenderControl(System.Web.UI.HtmlTextWriter)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden. This is in DotNetBlogEngine. There were several other security demands in the code that .Net 4 didn't seem to like. I followed some of the advice I found on blogs (and here) and got rid of all the other errors. But this one still eludes me. The Main blogengine core dll is not set for security demands anylonger and is compiled for .Net 4 as well. This error is in the website side attempting to use the dll. There are controls that call a RenderControl method taking an HtmlTextWriter. Apparently the text writer now has some soft of security attributes set on it. Each of the controls implements a custom interface ( public interface ICustomFilter ), there are no security permissions present or demands. The site is running full trust on my local dev machine.

    Read the article

  • Remote server security: handling compiler tools

    - by Gonzolas
    Hello! I was wondering wether to remove compiler tools (gcc, make, ...) from a remote production server, mainly for security purposes. Background: The server runs a web application on Linux. Consider Apache jailed. Otherwise, only OpenSSHd faces the public network. Of course there is no compiler stuff within the jail, so this is about the actual OS outside of any jails. Here's my personal PRO/CON list (regarding removal) so far: PRO: I had been reading some suggestions to remove compiler tools in order inhibit custom building of trojans etc. from within the host if an attacker attains unpriviliged user permissions. CON: I can't live without Perl/Python and a trojan/whatever could be written in a scripting language like that, anyway, so why bother about removing gcc et al. at all. There is a need to build new Linux kernels as well as some security tools from source directly on the server, because the server runs in 64-bits mode and (to my understanding) I can't (cross-)compile locally/elsewhere due to lack of another 64-bits hardware system. OK, so here are my questions for you: (a) Is my PRO/CON assessment correct? (b) Do you know of other PROs / CONs to removing all compiler tools? Do they weigh in more? (c) Which binaries should I consider dangerous if the given PRO statement holds? Only gcc, or also make, or what else? Should I remove the enitre software packages them come with? (d) Is it OK to just move those binaries to a root-only accessible directory when they are not needed? Or is there a gain in security if I "scp them in" every time? Thank you!

    Read the article

  • How to prevent getting infected by rogue security applications

    - by Ieyasu Sawada
    My computer never got infected with a virus before, because I'm using Web of Trust browser plugin, sandboxie and Avast Free antivirus. But today, it got infected with a rogue security application called antivirus.net. I have already removed it using MBAM, SAS, and Kaspersky Virus Removal Tool. And by the way, I was using MSE when my laptop got infected. Seems like the rogue application just killed off the MSE process. And I never even got a warning. I was using the wi-fi from our school, which I think is the cause since most of the computers in our laboratory has rogue applications on it. My question is, how do I prevent this from happening again? It took me about 6 hours to disinfect my computer and I don't want it to happen again. Please enlighten me if these rogue applications really just pop out of nowhere. Note I'm not dumb enough to agree with installing rogue security applications. It just came out of nowhere. I'm happy with MSE, well not after it let antivirus.net penetrate my computer. I've done a little bit of research and it says that it needs the permission of the user to actually install it in the computer: http://www.net-security.org/malware_news.php?id=1245 http://en.wikipedia.org/wiki/Rogue_security_software Is it possible that other computers in our school network have agreed to install those? Or maybe the network admin?

    Read the article

  • Google chrome not accepting any security certificates

    - by Jerry
    I've recently developed a problem with Google Chrome that's really annoying. I'm using Firefox at the moment with no problems whatsoever and it's the same with IE, so it's safe to say this problem is specific to Chrome. The problem is that it's not accepting security certificates from certain sites. I suppose the best place to start would be google itself. I can't search. The google search page will load but when I type some search term into the search box and hit 'search' I get the message: "You attempted to reach www.google.com, but the server presented an invalid certificate. You cannot proceed because the website operator has requested heightened security for this domain." No matter what the search term is, this is the result. Also when I try to log in to facebook - same message. Youtube works and many other sites that I know present security certs so I'm baffled. I've searched and there are other people who have had similar issues but I can't find a solution anywhere. The most common answer I'm picking up for this is to "check your system time" but I can safely say that it's not my system time. If anyone knows what is going on, I'd very much appreciate being informed. It's not super urgent as I can use Firefox to access those places Chrome won't, but it IS super annoying because I can usually sort out issues like this in no time.

    Read the article

  • least privilege account for WinRM remote calls on Windows 2008 Server

    - by aldrin
    ServerFault Windows experts: please consider the following use case: I have 2 Windows 2008 Server SP2 boxes let’s call them – SOURCE, CLIENT. On SOURCE: I create a new user called 'normal'. Just a plain user - no special privileges. On CLIENT: I run the following from a command prompt winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:normal -p:NormalPassword I get an output containing WSManFault: Message = Access is denied. On CLIENT: I repeat step 3 with the administrator identity, i.e. winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:Administrator -p:AdminPassword I get the current UTC time at SOURCE. The question is, what are the least privileges I need to assign to the user 'normal' to ensure that Step 3 behaves like Step 5. In other words, what's the least privilege to enable WinRM access for a non-Admin account?

    Read the article

  • How to setup a user account for a web application

    - by ximus
    Hi, What are the main guidelines to setting up a user account on a Linux machine for a web app? In my case it is a Rails application that does file management. First thing I can think of is to limit access rights to only the directories it needs. But how exactly should I go about this? Setup rights through a user group or a through the user's ownership of those directories. I have very little experience in user rights management. What else do I need to consider? I've heard of ACL's and SELinux, do I need to look into any of these to guaranty decent security for my simple web app? Any advice about this and anything not mentioned welcomed, Thanks, Max. I will be using Ubuntu.

    Read the article

  • SQL Server NETWORK SERVICE account permissions

    - by RemotecUk
    My SQL Server Windows service is set to use the NETWORK SERVICE account. The server is installed to C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL. However looking at the permissions on that folder, NETWORK SERVICE does not have any permissions. The groups which are allowed access to that folder are... CREATOR OWNER - who is this? SYSTEM - sounds fine - so that Windows can access the folder I presume? SQLServerMSSQLUser$Computer_Name$MSSQLSERVER - this is the interesting one - what is this? Administrators Users If NETWORK SERVICE is a user with minimal permissions on the system and looks to the O/S as someone connecting from a network how does it have permissions to access any files in the SQL Server install folder? Thanks.

    Read the article

  • Help with setting up AIM account

    - by Aaron
    Can anyone help me configure my AIM account? I have Oneiric and I want to set up my AIM account with what I believe is a chat client (the envelope icon on the top right). It is called Empathy. \n I tried to do this using Broadcast Account. It let me choose what account (Jabber, Pidgin, Aim, etc...). Once I entered my password for my AIM account, I got a pop-up asking for the master password for my Keyring. I didn't know what that was at the time so I closed that window after trying to enter my account password. Keyring apparently asks for a master password and it holds any keys you want to remember in the future. It gave me an error so I couldn't set up my AIM account completely. Now I'm trying to get back to that screen but I can only set up a Twitter or Facebook. Thanks, Aaron P.S. Can anyone tell me how to break the message up so it doesn't appear all on one line? I tried 'coding' a \n...seemed to work.

    Read the article

  • .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

    - by rally25rs
    I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to execute a method by marking a method like this: [PrincipalPermission(SecurityAction.Demand, Role = "CanEdit")] public void Save() { ... } I am working with an existing security model that already has a "ReadOnly" role defined, so I need to do exactly the opposite of above... block the Save() method if a user is in the "ReadOnly" role. No problem, right? just flip the SecurityAction to .Deny: [PrincipalPermission(SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } Well, it turns out that this does nothing at all. The method still runs fine. It seems that the PrincipalPermissionAttribute defines: public override IPermission CreatePermission() But when the attribute is set to SecurityAction.Deny, this method is never called, so no IPermission object is ever created. Does anyone know of a way to get .Deny to work? I've been trying to make a custom secutiry attribute, but even that doesn't work. I tried to get tricky and do: public class MyPermissionAttribute : CodeAccessSecurityAttribute { private SecurityAction securityAction; public MyPermissionAttribute(SecurityAction action) : base(SecurityAction.Demand) { if (action != SecurityAction.Demand && action != SecurityAction.Deny) throw new ArgumentException("Unsupported SecurityAction. Only Demand and Deny are supported."); this.securityAction = action; } public override IPermission CreatePermission() { // do something based on the SecurityAction... } } Notice my attribute constructor always passes SecurityAction.Demand, which is the one action that would work previously. However, even in this case, the CreatePermission() method is still only called when the attribute is set to .Demand, and not .Deny! Maybe the runtime is actually checking the attribute instead of the SecurityAction passed to the CodeAccessSecurityAttribute constructor? I'm not sure what else to try here... anyone have any ideas? You wouldn't think it would be that hard to deny method access based on a role, instead of only demanding it. It really disturbed me that the default PrincipalPermission appears from within an IDE like it would be just fine doing a .Deny, and there is like a 1-liner in the MSDN docs that hint that it won't work. You would think the PrincipalPermissionAttribute constructor would throw an exception immediately if anything other that .Demand is specified, since that could create a big security hole! I never would have realized that .Deny does nothing at all if I hadn't been unit testing! Again, all this stems from having to deal with an existing security model that has a "ReadOnly" role that needs to be denied access, instead of doing it the other way around, where I cna just grant access to a role. Thanks for any help! Quick followup: I can actually make my custom attribute work by doing this: public class MyPermissionAttribute : CodeAccessSecurityAttribute { public SecurityAction SecurityAction { get; set; } public MyPermissionAttribute(SecurityAction action) : base(action) { } public override IPermission CreatePermission() { switch(this.SecurityAction) { ... } // check Demand or Deny } } And decorating the method: [MyPermission(SecurityAction.Demand, SecurityAction = SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } But that is terribly ugly, since I'm specifying both Demand and Deny in the same attribute. But it does work... Another interesting note: My custom class extends CodeAccessSecurityAttribute, which in turn only extends SecurityAttribute. If I cnage my custom class to directly extend SecurityAttribute, then nothing at all works. So it seems the runtime is definately looking for only CodeAccessSecurityAttribute instances in the metadata, and does something funny with the SecurityAction specified, even if a custom constructor overrides it.

    Read the article

  • Spring Security - Persistent Remember Me Issue

    - by Taylor L
    I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires authentication I am not redirected back to the login page. However, the logs appear to be saying the login credentials are invalid. I'm using Spring 3.0.1, Spring Security 3.0.1, and Google App Engine 1.3.1. Any ideas as to what is going on? Mar 16, 2010 10:05:56 AM org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices onLoginSuccess FINE: Creating new persistent login for user [email protected] Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices loginFail FINE: Interactive login attempt was unsuccessful. Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices cancelCookie FINE: Cancelling cookie Below is the relevant portion of the applicationContext-security.xml. <http auto-config="false"> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/img/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/app/admin/**" filters="none" /> <intercept-url pattern="/app/login/**" filters="none" /> <intercept-url pattern="/app/register/**" filters="none" /> <intercept-url pattern="/app/error/**" filters="none" /> <intercept-url pattern="/" filters="none" /> <intercept-url pattern="/**" access="ROLE_USER" /> <logout logout-success-url="/" /> <form-login login-page="/app/login" default-target-url="/" authentication-failure-url="/app/login?login_error=1" /> <session-management invalid-session-url="/app/login" /> <remember-me services-ref="rememberMeServices" key="myKey" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="sha-256" base64="true"> <salt-source user-property="username" /> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="userDetailsService" class="com.my.service.auth.UserDetailsServiceImpl" /> <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="tokenRepository" ref="persistentTokenRepository" /> <beans:property name="key" value="myKey" /> </beans:bean> <beans:bean id="persistentTokenRepository" class="com.my.service.auth.PersistentTokenRepositoryImpl" />

    Read the article

  • Restart Server from ASP.NET application when AppPool is ran under LocalSystem or LocalService account

    - by kape123
    Is it possible to restart server from ASP.NET application that is hosted by LocalSystem or LocalService account. This is working when I create custom administrative account and put AppPool to run under that account: Process.Start("shutdown", "/r /d 4:1 /t 10"); However, I don't want to have custom accounts (because of password expiry and need to update all AppPools when User passwords are changed). So, is this possible?

    Read the article

  • Accepting bank account information in a form

    - by jeffthink
    What security concerns are there when accepting a user's bank account information (account number and routing number) via a form on a page that is using SSL, and posting it back to the server where I then curl off a HTTPS request to send that information to an ACH service like First ACH or ACH Direct via their API? We wouldn't be saving the bank account information in our database. I know another option is to use Paypal's Mass Pay API, but they think it's unprofessional (at least for their business) to require customers to have a paypal account to get paid. Thoughts?

    Read the article

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >