Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 201/886 | < Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208 | Next Page >

Limiting access in Silverlight\Pivotviewer

- by sparaflAsh

I'm going to deploy a pivotviewer application. As some of you might know this silverlight application load a .cxml index file for a group of images. My need is to make .cxml file and image files not accessible for the user. Now, if I don't have a need I usually code like this in C# and the file is hosted in the documentroot: _cxml = new CxmlCollectionSource(new Uri("http://www.myurl.it/Collection.cxml", UriKind.Absolute)); This means that my cxml and then the images are available by http for everyone who knows the URI. I'm a newbie to server configuration, so any help/hint would be deeply appreciated. Someone suggested me to take the files out of the root, but it seems like I can't go to pick them up if they are not a URL in Silverlight. At least I didn't managed to understand how. Someone else suggested me to play with web.config file to hide URLs, but I don't really know where to start. My question is, what's the best practice to hide my stuff? Obviously I can edit the question if you need more details.

Read the article
How Ubuntu cloud version enforces the "no root login" over ssh ?

- by Maxim Veksler

Hello, I'm looking to tweak ubuntu cloud version default setup where is denies root login. Attempting to connect to such machine yields: maxim@maxim-desktop:~/workspace/integration/deployengine$ ssh [email protected] The authenticity of host 'ec2-204-236-252-95.compute-1.amazonaws.com (204.236.252.95)' can't be established. RSA key fingerprint is 3f:96:f4:b3:b9:4b:4f:21:5f:00:38:2a:bb:41:19:1a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-204-236-252-95.compute-1.amazonaws.com' (RSA) to the list of known hosts. Please login as the ubuntu user rather than root user. Connection to ec2-204-236-252-95.compute-1.amazonaws.com closed. I would like to know where this is setup and how I can change the printed message? Thank you, Maxim.

Read the article
Can admins monitor my activity locally even when I use a VPN?

- by Arjun Create

My school has one of those super overreacting web blockers (specifically Fortisnet) that blocks things that should be accessible by a high-school senior trying to research projects. Despite many students' complaints the administration's hands are tied due to parents' complaints. I have setup a VPN account from http://www.vpnreactor.com. With this I am able to bypass the blocker. I know this service hides my IP from websites and servers on the web. I also know that the school pays an IT guy just to monitor sites and network traffic that the students are using. Basically, will he be able to see my network traffic? More importantly, will he be able to trace it to my computer or its MAC address? I am connecting over Wi-Fi, not ethernet.

Read the article
Why do browsers have so many possible exploits?

- by Beau Martínez

When browsing I am ocassionally given warnings about pages that host malware "that could damage my computer". I am seriously perplexed as to why, in 2010, browsers still have possible exploits and can be cracked. My question is "Why?". I'm assuming it's because of the quick development that occured in the browser wars which were unsufficiently tested, but I'm unsure. Surely WebKit would have patched all the issues in KHTML, or Gecko sorted out the flaws in Netscape's engine, and the IE coders sorted through their codebase to eliminate possible flaws? (Somewhat related: http://superuser.com/questions/117770/which-browser-is-the-most-secure-research-and-practically-based.)

Read the article
Firefox's master password does not protect my web accounts

- by Mehper C. Palavuzlar

I've set up a master password in Firefox 3.6 but it's not working as I expected. I always save my passwords within Firefox for frequently visited sites like Facebook, Yahoo! mail, Gmail, Twitter etc. and this way I don't have to type in my password every time I open that site. When I open Firefox, it asks for the master password but when I click Cancel, it opens normally, and lets me directly in my Facebook page, or Yahoo! Mail page. Why doesn't it protect my accounts? This way, anyone using my computer can see my accounts and it's totally pointless for me to use this master password. How can I protect my accounts with saved passwords in Firefox?

Read the article
Trouble getting FTP login to work in IIS6

- by Frank Rosario

Hello all, I'm trying to setup an FTP site for one of my clients to pickup files from us using IIS6. I've created the FTP site, have set to not isolate users (not necessary as FTP will be read only with authentication). Here's the problem. The FTP is to be password protected, so I turned of anonymous access on the FTP site. I then created a ftpuser account on the machine, and gave it read and browse directory permissions on the ftp's root directory. However, when I go to test the ftpuser login, I get a 530 "ftpuser cannot login" error. However, if I browse to same directory over HTTP (anonymous access turned off as well) and enter the ftpuser login info, I can download files and browse directories successfully. Why is the ftpuser working over HTTP but not FTP? Shouldn't I be able to login over FTP with the ftpuser login information I just created? Thanks in advance, - Frank

Read the article
IT Audit checklist

- by PHLiGHT

I recently have taken on the position of a one man show for a company that is going to have an audit. The network isn't anywhere close to prepared and I have been looking for a general audit checklist since one hasn't been provided by the auditors and haven't found much good information out there. Does anyone have a nice template that will give me a good starting point. I know that this will be highly customized to the company but a starting point will be helpful to outline to management just how much work is needed. Thanks,

Read the article
Securing bash scripts

- by minnur

Hi There, Does anybody know what is the best way to secure bash scripts. I have a script which creates database and source code backup and ftp it to other server. And login/password for destination ftp are plain text. I need somehow encrypt it or hide it in case of website hacking. Or should i create script written on C to create bash file then run it and delete ? Thanks. Thanks for the answers and I am sorry, i wasn't clear enough. I would like to clarify my question in the following items. We are storing the data in Rackspace Cloud files. We can't pull as Cloud files doesn't allow you run a script. We can write the script to run on Server A and pull FTP and MySQL data on servers B, C, D, etc. And we want to protect the passwords on A from the situation where A is hacked. Can we compile our script file to hide them? Thanks

Read the article
Using a SD card as a smart card for two-step verification for Mac logon

- by Greg Brown

What I am trying to do is create two-step verification to logon to my mac, one being that you would need to input a SD card (formated with special format or something) and then also have a password. Is there any software out there that could do this or any way of programming it so that once it reads the SD Card it makes the password bar visible for logon. Would it be easier to do it with Linux since it is open source? Any help in the right direction is appreciated. Thanks

Read the article
MSE updating fails, no warning or error message.

- by WebDevHobo

I'm running Windows 7 Ultimate, 32-bit. For the last couple of days, MSE doesn't fails to update, remaining stuck at version 1.75.119 I presume that an error log is created somewhere, or an event log, but I don't know where to find those. It just says "connection failed". Tried it at home, at work and friends places, but never works. Restarted computer a lot of times now, checked for Microsoft Updates in general, but nothing shows up. EDIT: I've opened a bounty for this, because I really don't know what to do anymore. The oldest answer(the long post) here did not work. Besides this problem, I'm having trouble using MSI installers too. I've had to add the SYSTEM group to a lot of maps and give them full control, but shouldn't the SYSTEM already be there? Also, I had to remove the "read-only" attribute from the ProgramData and Users folders, add the SYSTEM group there too and give them full control. Only then will the MSI install work and even then, it says I doesn't have the rights to create a shortcut on the desktop. Don't know what I need to modify and where for that. I'm saying this because I don't know how MSE updates, but if they use MSI files to do that, that might explain things. The SYSTEM group remains added, but every time I take away the read only attribute, click OK and check the settings again, read-only is still active... That's all I know. Screenshot, all those updates were manual:

Read the article
Securely executing system commands as sudo from PHP

- by Aydin Hassan

Is it possible? I have written a command line tool in PHP for creating new environments for our company. It creates system users, directories, databases, VHosts and restarts apache, amongst other things. These commands require sudo privileges. I thought it might be a nice idea to have a web-interface for it, to make it easier for other non-developers to use. The web app would be behind authentication. When running from the command line I just run sudo tool.php, obviously I can't do this from a web app. How could I do this securely? Giving the apache user sudo access seems silly, as this would means all sites hosted on the box (eg all our environments) would have sudo access. Is it possible to make this tool run under a different user? this user could have sudo privileges for only the commands I need? How do things like plesk and cPanel do this? Any thoughts?

Read the article
Start multiple instances of Firefox; Xephyr rootless mode

- by Vi

How can I have multiple independent instances of Mozilla Firefox 3.5 on the same X server, but started from different user accounts (consequently, different profiles)? Limited success was only with Xephyr :1, DISPLAY=:1 /usr/local/bin/firefox, but Xephyr has no Cygwin/X's "rootless" mode so it's not comfortable. The idea is to have one Firefox instance for various "Serious Business" things and the other for regular browsing with dozens of add-ons securely isolated.

Read the article
Password protect with apache2.conf works on files, but not on ports

- by Camran

I have changed the apache2.conf so that my website requires authentication. This works fine when typing the adress like this: www.domain.com or my_ip/ Problem is, I have Solr, which admin interface is on port 8983, so this: www.domain.com:8983/ does not require authorization. How can I add this port to also be authorized? Thanks

Read the article
How safe is locking the screen?

- by D Connors

So, both windows and linux have a pretty useful feature that allows you to leave everything running on the PC while also keeping invaders away by locking the screen. My question is: Say I leave my laptop with the screen locked while I go get a donnut, and then it gets stolen. Assuming the thief has access to whatever software he needs, how easy/hard would it be for him to access my (currently logged-in) account? Now let me be clear. I'm not asking if he can access the data on the harddrive. I know he can, and that issue would go under data encryption, which is not my question here. I'm focusing on how hard would it be to get around the "Insert Password" screen, and have full access to my account. I'm looking for answers regarding both OS's; but, if needed, assume Ubuntu. Thank you.

Read the article
How to detect/list rogue computers connected to a WIFI network without access to the Wifi Router interface?

- by JJarava

This is what I believe to be an interesting challenge :) A relative (that leaves a bit too far to go there in person) is complaining that their WIFI/Internet network performance has gone down abysmally lately. She'd like to know if some of the neighbors are using her wifi network to access the internet but she's not too technically savvy. I know that the best way to prevent issues would be to change the Router password, but it's a bit of a PITA having to re-configure all wifi devices... and if the uninvited guest broke the password once, they can do it again... Her wifi router/internet connection is provided by the telco, and remotely managed so she can log-on to their telco account's page and remotely change the router's Wifi password, but doesn't have access to the router status page/config/etc unless she opts out of the telco's remote support and mainteinance service... So, how could she check if there are guests in the wifi with this restrictions and in the most "point and click way"? In this case I'd probably use nmap to look for other devices in the network, but I'm not sure if that's the easiest way to do it. I'm not a wifi expert, so I don't know if there are any wifi-scanning utils that can tell us who's talking to the router... Lastly, she's a Windows user as I guess that'll influence the choice of tools available Any suggestions more than welcome Regards!

Read the article
tacacs+ integrated with LDAP or database. Which is better?

- by chingupt

We are setting up TACACS+ in our network which is a mix of Cisco AP's and other brands. However we have a centralized managemnet system which allows our customers to configure services. Hence we would like to setup a tacacs+ server integrated with some central system. We have two options: Integrate with a central Database server which stores the user configuration. OR Integrate with a LDAP Server. Which is a better solution? Can you please suggest the pros and cons of using LDAP or Database? TIA Sachin

Read the article
this operation has been canceled due to restrictions in effect on this computer

- by Dan

I have this HUGELY irritating problem on Windows 7 (x64). Whenever I click on ANY link (that exists on a Word document, excel or Outlook), I get an alert box with the message: "This operation has been canceled due to restrictions in effect on this computer" I have been scouring my settings and the internet for a solution, but to no avail. Has anybody else encounted this problem? It even happens when I click anchors in word documents i.e. I can't even click on an entry in a Table of Contents to go to the appropriate page - I get this same error then. Is this a Windows 7 thing? Anyway to turn this off?

Read the article
Access denied even though I'm an Administrator?

- by Borek

My user account on Win7 is part of the Administrators group which has a full control permissions on C:\inetpub\wwwroot: http://twio.cz/ac7p However, when I try to create a folder in it, I get the "access denied" error. This is fixed by adding my specific user account to the list but that shouldn't be necessary should it?

Read the article
Access denied even though I'm an Administrator?

- by Borek

My user account on Win7 is part of the Administrators group which has a full control permissions on C:\inetpub\wwwroot: http://twio.cz/ac7p However, when I try to create a folder in it, I get the "access denied" error. This is fixed by adding my specific user account to the list but that shouldn't be necessary should it?

Read the article
Pros/cons to turning off cable modem

- by Jay

A little off the wall perhaps, but ... I have a cable modem and a router for a wireless home network. Is it a good or a bad idea to turn it off at night and during the day when we're all at work or school? Or should I leave it on 24/7. I was thinking that leaving it on constantly makes me more vulnerable to hackers, not to mention wasting electricity. (Though I'd guess the amount of electricity used by a cable modem and a router is probably pretty trivial. Still, every little bit helps.) When I have turned it off and turned it on again, it takes several minutes for it to go through its little dialog with the cable company and get me connected to the Internet again, which is annoying but not a big deal. Anyone know any good reasons one way or the other?

Read the article
Network tools not working with a 3G connection

- by gAMBOOKa

Some of my network tools stopped working after I switched to a 3G connection from a DSL one. Cain and Abel's sniffer, Metasploit, even the NMAP scanner. I'm using Windows 7. The 3G device in question is the Huawei E180. Here's the error I get when running NMAP WARNING: Using raw sockets because ppp2 is not an ethernet device. This probably won't work on Windows. pcap_open_live(ppp2, 100, 0, 2) FAILED. Reported error: Error opening adapter: The system cannot find the device specified. (20). Will wait 5 seconds then retry. pcap_open_live(ppp2, 100, 0, 2) FAILED. Reported error: Error opening adapter: The system cannot find the device specified. (20). Will wait 25 seconds then retry. Call to pcap_open_live(ppp2, 100, 0, 2) failed three times. Reported error: Error opening adapter: The system cannot find the device specified. (20) Metasploit's refused connection to my websites too.

Read the article
Accessing my Rails webrick behind proxy?

- by Eki Eqbal

In my mackbook, when I try to connect to my rails application in office I can't , in the office there are some http proxy , and when I run my rails like this : sudo rails s -p8080 => Booting WEBrick => Rails 3.0.5 application starting in development on http://0.0.0.0:8080 => Call with -d to detach => Ctrl-C to shutdown server [2012-03-20 12:49:34] INFO WEBrick 1.3.1 [2012-03-20 12:49:34] INFO ruby 1.8.7 (2010-01-10) [universal-darwin11.0] [2012-03-20 12:49:34] INFO WEBrick::HTTPServer#start: pid=17439 port=8080 The local IP is : en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether f8:1e:df:d8:8c:25 inet6 fe80::fa1e:dfff:fed8:8c25%en1 prefixlen 64 scopeid 0x5 inet 10.21.21.240 netmask 0xffffff00 broadcast 10.21.21.255 media: autoselect status: active so when I try in the browser to trigger localhost:8080 or 10.21.21.240:8080 , it seems that I can't trigger my application as for the proxy check out the following : Any Ideas ?

Read the article
How do I protect my company from my IT guy?

- by Jesse

I'm going to hire an IT guy to help manage my office's computers and network. We're a small shop, so he'll be the only one doing IT. Of course, I'll interview carefully, check references, and run a background check. But you never know how things will work out. How do I limit my company's exposure if the guy I hire turns out to be evil? How do I avoid making him the single most powerful person in the organization?

Read the article
public key infrastructure - distribute bad root certificates

- by iamrohitbanga

Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Can this be used to authenticate some websites. How? Many existing linux distros are mirrored by people. They can easily package software containing certificates that can lead to such attacks. Is the above possible? Has such an attack taken place before?

Read the article
linux/unix filesystem permissions hack/feature

- by selden

Can linux or other unix create a file that no user, including root, can modify unless they have the secret key? By "have the secret key" I mean they are using some crypto scheme. Here's a scenario if you aren't already downvoting: Bob encrypts something about file /foo (maybe inode?) using secret key K Alice tries "sudo rm /foo" and gets permission denied, so she decrypts something about file /foo using secret key K and then "sudo rm /foo" succeeds.

Read the article

< Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208 | Next Page >