Search Results

Search found 29222 results on 1169 pages for 'network security'.

Page 161/1169 | < Previous Page | 157 158 159 160 161 162 163 164 165 166 167 168  | Next Page >

• Automatically locking screen without shutting it off

  - by milkandtang

  Hey everyone— I have a home theater PC running Ubuntu 11.10, outputting over HDMI (for audio and video). I'm having an issue: I'd like the screen to lock automatically (when video is not playing, of course) but do not want the screen to turn off automatically, because that kills audio. I can manually lock the screen, of course, but it appears that if you set the "Turn off screen" setting to "never", the screen will never lock, no matter what the "lock screen" timeout is set to. Is there a way to do what I'm asking, or will I have to install xscreensaver?

  Read the article

• Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

  - by Phil

  I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows: I would like to learn more about: User registration User Log-ins User Log-outs User auto-logins I have successfully handled items 1 and 3 due to their simple nature. However, I am confused with item 2 (log-ins) and item 4 (auto-logins). When a user enters username and password, and after hashing with salts and matching it in the DB; What information should I store in the cookies in order to keep the user logged in during the session? Do I keep username+password but encrypt them? Both or just password? Do I keep username and a generated key matching their password? If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies? I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is. I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process. Some information: I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

  Read the article

• Site overthrown by Turkish hackers...

  - by Jackson Gariety

  Go ahead, laugh. I forgot to remove the default admin/admin account on my blog. SOmebody got in and has replaced my homepage with some internet graffiti. I've used .htaccess to replace the page with a 403 error, but no matter what I do, my wordpress homepage is this hacker thing. How can I setup my server so that ONLY MYSELF can view it while I'm fixing this via .htaccess? What steps should I take to eradicate them from my server? If I delete the ENTIRE website and change all the passwords, is he completely gone? Thanks.

  Read the article

• How would I know if my OS is compromised?

  - by itsols

  I had opened a php folder from a friend's web host. I run it on mine to fix some bugs. Then I tried attaching the code to be emailed and GMAIL stated that the attachment was infected by a virus. Now I'm afraid if my Apache or OS (12.04) is infected. I checked the php files and found a base64 encoded set of code being 'eval'd at the top of each and every php file. Just reversing it (echo with htmlspecialchars) showed some clue that there were sockets in use and something to do with permissions. And also there were two websites referred having .ru extensions. Now I'm afraid if my Ubuntu system is affected or compromised. Any advice please! Here's my second run of rkhunter with the options: sudo rkhunter --check --rwo Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text Warning: Hidden directory found: /dev/.udev Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

  Read the article

• How to protect Ubuntu from fork bomb

  - by dblang

  I heard someone talking about a fork bomb, I did some research and found some dreadful information about some strange looking characters people can have you type at the command line and as a result do bad things on the computer. I certainly would not issue commands I do not understand but one never knows what can happen. I heard that some OS allows the administrator to place some limit on user processes to mitigate the effects of fork bombs, is this protection in Ubuntu by default or would a person with sudo privilege have to set this? If so, how?

  Read the article

• Do logins by the gdm (or lightdm) user in auth.log mean my system is breached?

  - by Pramanshu

  Please look at this auth.log (from Ubuntu 14.04) I have provided and tell me who this gdm user is and why there are all these unauthenticated logins? I am freaked out; please help! Here's the /var/log/auth.log file: http://paste.ubuntu.com/8120231/ Update: I know now that "gdm" is gnome desktop manager and it's there because of root. But please look at the log there is more and tell me if my system is breached.

  Read the article

• How can I protect my save data from casual hacking?

  - by Danran

  What options are there for saving game data in a secure manner? I'm interested in solutions specifically tailored for C++. I'm looking for something that is fast and easy to use. I'm only concerned about storing simple information such as Which levels are and are not unlocked The user's score for each level I'm curious again to know what's out there to use, any good libraries to use that give me nice, secure game data files that the average player can't mess with. I just found this here which looks very nice, but it would be great to get some opinions on potential other libraries/options out there.

  Read the article

• Is it reasonable to require passwords when users sign into my application through social media accounts?

  - by BrMcMullin

  I've built an application that requires users to authenticate with one or more social media accounts from either Facebook, Twitter, or LinkedIn. Edit Once the user has signed in, an 'identity' for them is maintained in the system, to which all content they create is associated. A user can associate one account from each of the supported providers with this identity. I'm concerned about how to protect potential users from connecting the wrong account to their identity in our application. /Edit There are two main scenarios that could happen: User has multiple accounts on one of the three providers, and is not logged into the one s/he desires. User comes to a public or shared computer, in which the previous user left themselves logged into one of the three providers. While I haven't encountered many examples of this myself, I'm considering requiring users to password authenticate with Facebook, Twitter, and LinkedIn whenever they are signing into our application. Is that a reasonable approach, or are there reasons why many other sites and applications don't challenge users to provide a user name and password when authorizing applications to access their social media accounts? Thanks in advance! Edit A clarification, I'm not intending to store anyone's user name and password. Rather, when a user clicks the button to sign in, with Facebook as an example, I'm considering showing an "Is this you?" type window. The idea is that a user would respond to the challenge by either signing into Facebook on the account fetched from the oauth hash, or would sign into the correct account and the oauth callback would run with the new oauth hash data.

  Read the article

• Avoiding "double" subscriptions

  - by john smith

  I am working on a website that requires a bit of marketing; let me explain. This website is offering a single, say, iTunes 50$ voucher to a lucky winner. To be entered in the draw, you need to invite (and has to join) at least one friend to the website. Pretty straightforward. Now, of course it would be easy for anyone to just create a fake account and invite that account so, I was thinking of some other way to somehow find out of possible cheating. I was thinking of an IP check on the newly subscribed (invited) user, and if there is the same IP logged in the last 24 hours, and if that's the case, investigate more about it. But I was thinking that maybe there is a more clever way around this issue. Has anyone ever though about this? What other solutions did you try? Thanks in advance.

  Read the article

• Design practice for securing data inside Azure SQL

  - by Sid

  Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

  Read the article

• Password protected website

  - by danie7L T

  I need to add a user authentication page before the actual homepage of the website. In Joomla! I just set the website offline and the offline page loads in place of the homepage but then it's automatically throwing a "503 Service Temporarily Unavailable" error which I would like to avoid. That's why I would like to know the other ways to load an authentication page before the homepage. NB: I'm using Apache servers if that's relevant Thank you

  Read the article

• How to refuse to give an access to passwords to a customer without being unprofessional or rude?

  - by MainMa

  Let's say you're creating a website for a customer. This website has its own registration (either combined with OpenID or not). The customer asks you to be able to see the passwords the users are choosing, given that the users will probably be using the same password on every website. In general, I say: either that it is impossible to retrieve the passwords, since they are not stored in plain text, but hashed, or that I have no right to do that or that administrators must not be able to see the passwords of users, without giving any additional details. The first one is false: even if the passwords are hashed, it is still possible to catch and store them on each logon (for example doing a strange sort of audit which will remember not only which user succeeded or failed to logon, but also with which password). The second one is rude. How to refuse this request, without being either unprofessional or rude?

  Read the article

• Is there an industry standard for systems registered user permissions in terms of database model?

  - by EASI

  I developed many applications with registered user access for my enterprise clients. In many years I have changed my way of doing it, specially because I used many programming languages and database types along time. Some of them not very simple as view, create and/or edit permissions for each module in the application, or light as access or can't access certain module. But now that I am developing a very extensive application with many modules and many kinds of users to access them, I was wondering if there is an standard model for doing it, because I already see that's the simple or the light way won't be enough.

  Read the article

• Is there an application or method to log of data transfers?

  - by Gaurav_Java

  My friend asked me for some files that I let him take from my system. I did not see he doing that. Then I was left with a doubt: what extra files or data did he take from my system? I was thinking is here any application or method which shows what data is copied to which USB (if name available then shows name or otherwise device id) and what data is being copied to Ubuntu machine . It is some like history of USB and System data. I think this feature exists in KDE This will really useful in may ways. It provides real time and monitoring utility to monitor USB mass storage devices activities on any machine.

  Read the article

• Website address hacked, emails created but not showing in manage your account

  - by ProfMJMcG

  I have a website, thebleudoor.com. It is hosted by yahoo. It gets 2000-3000 hits a day and has been for at least 5 years. A few months ago, as admin of the website, I started getting bounced back emails from newly created emails like [email protected]. Yahoo only shows 2 emails for my account. They said they can't do anything about it. Now, my "spam hacked email accounts" are getting spam. They haven't altered or used my website or email or bank info, just the good name of my website. Is there anything I can do? Do I need to be concerned? Changing my provider won't really help will it? Thank you.

  Read the article

• Facebook - Isn't this a big vulnerability risk for users? (After Password Change)

  - by Trufa

  I would like to know you opinions as programmers / developers. When I changed my Facebook password yesterday, by mistake I entered the old one and got this: Am I missing something here or this is a big potencial risk for users. In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!! All kidding aside: Isn't this useful information for an attacker? It reveals private information about the user! It could help the attacker gain access to another site in which the user used the same password Granted, you should't use use the same password twice (but remember: 76.3%!!!) Doesn't this simply increase the surface area for attackers? It increases the chances of getting useful information at least. In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed? Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post? Thanks in advance!! BTW if you want to try it out, a dummy account: user: [email protected] (old) password: hunter2

  Read the article

• How to Detect and Fix an Infected PC

  You may have noticed that your PC is not acting the way it used to when you first purchased it. If so, malware may be the culprit. Here are some ways to detect if your PC has been infected, as well as methods to correct any such problems to get things back to normal, as suggested by researcher Tim Armstrong of Kaspersky Lab. Malware Detection Irritating Popups Irritating popup windows are one of the telltale signs that your PC is infected with malware. One of the most common classes of malware driven popup windows comes in the form of scareware, or fake antivirus warnings. These popups tel...

  Read the article

• Package denyhosts in Ubuntu Trusty Tahr is deleted: temporary or forever?

  - by Kees van Dieren

  While doing a test-upgrade of our Ubuntu server to 14.04, I found that the package DenyHosts is no longer available. Installing it gives following error: apt-get install denyhosts Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package denyhosts Apparently it has been deleted, according to launchpad. Will Denyhosts be available in the final release of Ubuntu 14.04?

  Read the article

• GPG Workflow in 11.04

  - by Ross Bearman

  At work we handle the transfer of small bits of sensitive data with GPG, usually posted on a secure internal website. Until Firefox 4 was released, we used FireGPG for inline decryption; however the IPC libraries that it relied upon were no longer present in FF4, making it unusable and it will no longer install in FF5. Currently I'm manually pasting the GPG blocks into a text file, then using the Nautilus context-menu plugin or the command line to decrypt the contents of the file. When we're handling large amount of these small files throughout the day this starts to become a real chore. I've looked around but can't seem to find much information on useful GPG clients in Ubuntu. A client that allowed me to paste in a GPG block and instantly decrypt it, and also paste in plaintext and easily encrypt it for multiple recipients would be ideal. So my question is does this exist? I can't seem to find anything about this with obvious searches on Google, so hopefully someone here can help, or offer an alternative workflow.

  Read the article

• Creating deterministic key pairs in javascript for use in encrypting/decrypting/signing messages

  - by SlickTheNick

  So I have been searching everywhere and havn't been able to find anything with the sufficient information I need.. so Im a bit stumped on this one at the moment What I am trying to do is create a public/private key pair (like PGP) upon a users account creation, based on their passphrase and a random seed. The public key would be saved on the server, and ideally the private key would never be seen by the server whatsoever. The user could then sign in, and send a message to another user. Before the message is sent, the senders key pair would be re-generated on the fly based on their credentials (and maybe a password prompt) and used to encrypt the message. The receiver would then use their own re-generated private key to decrypt said message. The server itself should never see any plaintext passwords, private keys or readable messages. Bit unsure how on how I could go about implementing this. Iv been looking into PGP, specifically openPGP.js. The main trouble I am having is being able to regenerate the key-pair based off a specific seed. PGP seems to have a random output even if the inputs are the same. Storing the private key in a cookie or in HTML5 storage or something also isnt really an option, too unreliable. Can anyone point me in the right direction?

  Read the article

• How to hide process arguments from other users?

  - by poolie

  A while ago, I used to use the grsecurity kernel patches, which had an option to hide process arguments from other non-root users. Basically this just made /proc/*/cmdline be mode 0600, and ps handles that properly by showing that the process exists but not its arguments. This is kind of nice if someone on a multiuser machine is running say vi christmas-presents.txt, to use the canonical example. Is there any supported way to do this in Ubuntu, other than by installing a new kernel? (I'm familiar with the technique that lets individual programs alter their argv, but most programs don't do that and anyhow it is racy. This stackoverflow user seems to be asking the same question, but actually just seems very confused.)

  Read the article

• Microsoft Releasing Windows 8 in Late October

  The one thing Microsoft did not give was the exact date in October that this latest operating system would become available. But that may be difficult to predict. Brandon LeBlanc, Microsoft communications manager, stated only that Windows 8 is on track for a release to manufacturers (RTM) in August. The company, on average, produces a new version of Windows every three years; the last one to come out was Windows 7, back in October of 2009. The operating system will enjoy a widespread release, coming out in 109 languages across 231 markets throughout the world. It will be used not only in PCs...

  Read the article

• Is using dirname(__FILE__) a good practice?

  - by webose

  Looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with dirname(__FILE__). Is this a possible risk for the site? If a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site? If yes, is it convenient to use this function?

  Read the article

• Moving between sites using SAML

  - by System Down

  I'm tasked with developing an SSO system, and was guided towards using the SAML spec. After some research I think understand the interaction between a Service Provider and an ID Provider and how a user's identity is confirmed. But what happens when I redirect the user to another Service Provider? How do I ascertain the user's identity there? Do I send his SAML assertion tokens along with the redirect request? Or does the second Service Provider need to contact the ID Provider all over again?

  Read the article

• How to hide process arguments from other users?

  - by poolie

  A while ago, I used to use the grsecurity kernel patches, which had an option to hide process arguments from other non-root users. Basically this just made /proc/*/cmdline be mode 0600, and ps handles that properly by showing that the process exists but not its arguments. This is kind of nice if someone on a multiuser machine is running say vi christmas-presents.txt, to use the canonical example. Is there any supported way to do this in Ubuntu, other than by installing a new kernel? (I'm familiar with the technique that lets individual programs alter their argv, but most programs don't do that and anyhow it is racy. This stackoverflow user seems to be asking the same question, but actually just seems very confused.)

  Read the article

< Previous Page | 157 158 159 160 161 162 163 164 165 166 167 168  | Next Page >