Tax Time Brings Out New Phishing Scams
Network security software vendor SonicWall is warning Internet users that it's seeing a dramatic increase in new phishing scams related to the upcoming IRS tax filing deadline.
Search Results
Search found 14878 results on 596 pages for 'mod security'.
Page 320/596 | < Previous Page | 316 317 318 319 320 321 322 323 324 325 326 327 | Next Page >
-
-
Oracle E-Business Suite: Great for Small and Medium Size Organizations
RedDOT is a 100% employee owned business with sales revenues in the 100 million dollar range. They use Oracle E-Business Suite to manage their Financials, Purchasing, Manufacturing, Sales and Suppliers. One of the interesting things about this company is that they run their entire I.T. operation with a staff of four, which not only includes Oracle, but the corporate desktop (Microsoft Enterprise User), Parametric Technology Pro Engineer Suite, web services and security, e-business web site and telephones. They not only support Seattle, but operations in Memphis, TN, Ipswich, UK, and Shanghai.Read the article
-
Include requested hostname in access_log
- by Aaron J Spetner
I would like my access_log to list the host name that the client is requesting (e.g. when requesting http://www.example.com/test I should see "www.example.com" in the log). The only thing I have found so far is to use %v in the LogFormat directive, but this only gives "the canonical ServerName of the server serving the request" (as described by Apache at http://httpd.apache.org/docs/2.0/mod/mod_log_config.html#formats). This does not help me for requests that use a hostname that is not specified in a ServerName directive. Is there any way to log the requested hostname? ThanksRead the article
-
The specified module (mod_h264_streaming) could not be found (Apache2)?
- by rphello101
I'm trying to get the mod_h264_streaming to work with my Apache2 server. I downloaded a precompiled version of the mod from here. I read here that all I have to do is extract the file to my modules folder, which I did, and add LoadModule h264_streaming_module modules/mod_h264_streaming.so AddHandler h264-streaming.extensions .mp4 to the httpd.conf, which I also did. However, I get this error when I restart Apache: Syntax error on line 173 of C:/Program Files (x86)/Apache Group/Apache2/conf/httpd.conf: Cannot load C:/Program Files (x86)/Apache Group/Apache2/modules/mod_h264_streaming.so into server: The specified module could not be found. Note the errors or messages above, and press the <ESC> key to exit. 26... Even though the file exists right here: C:\Program Files (x86)\Apache Group\Apache2\modules\mod_h264_streaming.so Can anyone tell me what I'm doing wrong?Read the article
-
Is it possible to determine whether my web site is being accessed as a trusted site?
- by Sameer
I am working on site which have a lot of configuration and security settings and I have to check either clients browser is on trusted zone or not using JavaScript. Is it possible to determine whether my web site is being accessed as a trusted site? The reason I'd like to do this is that some functions won't work unless the site is being accessed as a trusted site, and I'd like to be able to warn users. Is there any solution ?Read the article
-
WIF, ADFS 2 and WCF–Part 2: The Service
- by Your DisplayName here!
OK – so let’s first start with a simple WCF service and connect that to ADFS 2 for authentication. The service itself simply echoes back the user’s claims – just so we can make sure it actually works and to see how the ADFS 2 issuance rules emit claims for the service: [ServiceContract(Namespace = "urn:leastprivilege:samples")] public interface IService { [OperationContract] List<ViewClaim> GetClaims(); } public class Service : IService { public List<ViewClaim> GetClaims() { var id = Thread.CurrentPrincipal.Identity as IClaimsIdentity; return (from c in id.Claims select new ViewClaim { ClaimType = c.ClaimType, Value = c.Value, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer }).ToList(); } } The ViewClaim data contract is simply a DTO that holds the claim information. Next is the WCF configuration – let’s have a look step by step. First I mapped all my http based services to the federation binding. This is achieved by using .NET 4.0’s protocol mapping feature (this can be also done the 3.x way – but in that scenario all services will be federated): <protocolMapping> <add scheme="http" binding="ws2007FederationHttpBinding" /> </protocolMapping> Next, I provide a standard configuration for the federation binding: <bindings> <ws2007FederationHttpBinding> <binding> <security mode="TransportWithMessageCredential"> <message establishSecurityContext="false"> <issuerMetadata address="https://server/adfs/services/trust/mex" /> </message> </security> </binding> </ws2007FederationHttpBinding> </bindings> This binding points to our ADFS 2 installation metadata endpoint. This is all that is needed for svcutil (aka “Add Service Reference”) to generate the required client configuration. I also chose mixed mode security (SSL + basic message credential) for best performance. This binding also disables session – you can control that via the establishSecurityContext setting on the binding. This has its pros and cons. Something for a separate blog post, I guess. Next, the behavior section adds support for metadata and WIF: <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpsGetEnabled="true" /> <federatedServiceHostConfiguration /> </behavior> </serviceBehaviors> </behaviors> The next step is to add the WIF specific configuration (in <microsoft.identityModel />). First we need to specify the key material that we will use to decrypt the incoming tokens. This is optional for web applications but for web services you need to protect the proof key – so this is mandatory (at least for symmetric proof keys, which is the default): <serviceCertificate> <certificateReference storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=Service" /> </serviceCertificate> You also have to specify which incoming tokens you trust. This is accomplished by registering the thumbprint of the signing keys you want to accept. You get this information from the signing certificate configured in ADFS 2: <issuerNameRegistry type="...ConfigurationBasedIssuerNameRegistry"> <trustedIssuers> <add thumbprint="d1 … db" name="ADFS" /> </trustedIssuers> </issuerNameRegistry> The last step (promised) is to add the allowed audience URIs to the configuration – WCF clients use (by default – and we’ll come back to this) the endpoint address of the service: <audienceUris> <add value="https://machine/soapadfs/service.svc" /> </audienceUris> OK – that’s it – now we have a basic WCF service that uses ADFS 2 for authentication. The next step will be to set-up ADFS to issue tokens for this service. Afterwards we can explore various options on how to use this service from a client. Stay tuned… (if you want to have a look at the full source code or peek at the upcoming parts – you can download the complete solution here)Read the article
-
Plug a Hole in Cisco's NetFlow Coverage
Netflow has changed since Cisco first introduced it. To get the maximum security benefit from this useful protocol, make sure collectors operating on your network are able to collect, analyze and store Flexible NetFlow templates and data.Read the article
-
OpenVPN Is Too Slow? Time to Consider IPSEC
For smaller setups and times when you don't need server-to-server tunnels, OpenVPN may do the trick. But where do you turn when you need cross-platform security without any performance compromises?Read the article
-
CVE-2012-0444 Memory corruption vulnerability in Ogg Vorbis
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0444 Memory corruption vulnerability 10.0 libvorbis Solaris 11 11/11 SRU 8.5 Solaris 10 SPARC: 148006-01 X86: 148007-01 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
CVE-2012-6329 Code Injection vulnerability in Perl
- by Ritwik Ghoshal
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.12 Solaris 11.1 11.1.7.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
CVE-2012-6329 Code Injection vulnerability in Perl 5.8
- by RitwikGhoshal
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.8 Solaris 11.1 11.1.7.5.0 Solaris 10 Patches planned but not yet available This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
Windows 7 IIS 7 unable to receive incoming HTTP traffic
- by gregarobinson
I was trying to load a test html page from a LAN server that is running Windows 7. I could load the page from the server, but not from machines within the LAN. It took a while to figure out, but it turned ot to be the firewall in Windows 7. Here is what I had to do: Windows Firewall with Advanced Security ---> Inbound Rules ---> Enable World Wide receive incoming HTTP trafficWeb Services (HTTP Traffic-In)Read the article
-
CVE-2009-5022 Buffer Overflow vulnerability in LibTIFF
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2009-5022 Buffer Overflow vulnerability 6.8 LibTIFF Solaris 8 SPARC: 139093-03 X86: 139094-03 Solaris 9 SPARC: 125673-05 X86: 125674-05 Solaris 10 SPARC: 119900-13 X86: 119901-12 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
Is there an open source clone of a game in the Total War Series?
- by sinekonata
I loved Shogun:Total War gameplay and then later on spent weeks re-enacting historical wars and battles with Europa Barbarorum. It's a mod for Rome:TW that focuses on historical accuracy in the peoples, units, sounds, visuals, everything from macro mechanics to actual battles (e.g. a lot more missiles). Since that time I kind of turned my back on Windows cause it sucks and use Linux cause Mac sucks even worse. So as I miss that game (Eur. Barb.) and consider it the most realistic RTS to date, I'd like to know if there are any free and open source alternatives to it because ever since I'm under linux, I became addicted to FOSS so I also turned my back on paying (even kickstarters) for closed source, pay to play games. I have found a clone/alternative for everyone of the best games like Minecraft, CSS, Natural Selection, TA/SupCom etc... It's kind of the last one I need. The Spring engine is amazing for example, is there another open source project of the source in current development? Or would Spring itself be enough (it certainly looks capable) to make it? Thanks in advance guys...Read the article
-
Website: Requested filename being rewritten
- by horatio
I have been unable to find an answer via search. I have a website (I do not administer the servers) where the server will serve a different file than the one requested. I first noticed this when using a filename of the following form: _foo.php (single underscore) If I request foo.php (does not exist), the server returns _foo.php. By "returns" I mean that the server decides I meant _foo.php, processes the php file, and serves the output. If I request afoo.php, zfoo.php, or even __foo.php (two underscores) (these files do not exist) the server returns _foo.php. If I request aafoo.php, the server returns 404. To sum up: the server seems to be doing a partial filename match. My question is: what is happening and is this accepted behavior for a web server (or standard behavior of a common mod/package/etc)?Read the article
-
Importing tab delimited file into array in Visual Basic 2013 [migrated]
- by JaceG
I am needing to import a tab delimited text file that has 11 columns and an unknown number of rows (always minimum 3 rows). I would like to import this text file as an array and be able to call data from it as needed, throughout my project. And then, to make things more difficult, I need to replace items in the array, and even add more rows to it as the project goes on (all at runtime). Hopefully someone can suggest code corrections or useful methods. I'm hoping to use something like the array style sMyStrings(3,2), which I believe would be the easiest way to control my data. Any help is gladly appreciated, and worthy of a slab of beer. Here's the coding I have so far: Imports System.IO Imports Microsoft.VisualBasic.FileIO Public Class Main Dim strReadLine As String Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Dim sReader As IO.StreamReader = Nothing Dim sRawString As String = Nothing Dim sMyStrings() As String = Nothing Dim intCount As Integer = -1 Dim intFullLoop As Integer = 0 If IO.File.Exists("C:\MyProject\Hardware.txt") Then ' Make sure the file exists sReader = New IO.StreamReader("C:\MyProject\Hardware.txt") Else MsgBox("File doesn't exist.", MsgBoxStyle.Critical, "Error") End End If Do While sReader.Peek >= 0 ' Make sure you can read beyond the current position sRawString = sReader.ReadLine() ' Read the current line sMyStrings = sRawString.Split(New Char() {Chr(9)}) ' Separate values and store in a string array For Each s As String In sMyStrings ' Loop through the string array intCount = intCount + 1 ' Increment If TextBox1.Text <> "" Then TextBox1.Text = TextBox1.Text & vbCrLf ' Add line feed TextBox1.Text = TextBox1.Text & s ' Add line to debug textbox If intFullLoop > 14 And intCount > -1 And CBool((intCount - 0) / 11 Mod 0) Then cmbSelectHinge.Items.Add(sMyStrings(intCount)) End If Next intCount = -1 intFullLoop = intFullLoop + 1 Loop End SubRead the article
-
The Best Articles for Using and Customizing Windows 8
- by Lori Kaufman
Now that Windows 8 Enterprise is available to the public as a 90-day evaluation and Windows 8 Pro is available for Microsoft TechNet subscribers, we decided to collect links to the Windows 8 articles we’ve published since the release of the Developer Preview. How To Switch Webmail Providers Without Losing All Your Email How To Force Windows Applications to Use a Specific CPU HTG Explains: Is UPnP a Security Risk?Read the article
-
Desktop Fun: Doorways Wallpaper Collection Series 1
- by Asian Angel
Doorways can lead to many places such as homes, gardens, outdoors, and magical realms of the imagination just to name a few. See where these doorways will lead you on your desktop with the first in our series of Doorways Wallpaper collections. HTG Explains: Is UPnP a Security Risk? How to Monitor and Control Your Children’s Computer Usage on Windows 8 What Happened to Solitaire and Minesweeper in Windows 8?Read the article
-
U of T sleuths track Internet espionage ring to China
<b>The Star:</b> "A massive cyber espionage network has infiltrated the Indian government and also hacked into a year's worth of the Dalai Lama's emails, according to a team of computer security experts co-led by University of Toronto researchers."Read the article
-
Blue Coat Backing Armored Browser
Networking and security firm offers commercial support for Quaresso, a startup offering a new spin on the armored browser with remote support to shore up the last mile.Read the article
-
Multiple Resource Management Error vulnerabilities in libexpat
- by chandan
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-0876 Resource Management Errors vulnerability 4.3 libexpat Solaris 10 SPARC: 137147-07 X86: 137148-07 Solaris 11 11/11 SRU 11.4 CVE-2012-1148 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.Read the article
-
Fixing a NoClassDefFoundError
- by Chris Okyen
I have some code: package ftc; import java.util.Scanner; public class Fer_To_Cel { public static void main(String[] argv) { // Scanner object to get the temp in degrees Farenheit Scanner keyboard = new Scanner(System.in); boolean isInt = true; // temporarily put as true in case the user enters a valid int the first time int degreesF = 0; // initialy set to 0 do { try { // Input the temperature text. System.out.print("\nPlease enter a temperature (integer number, no fractional part) in degrees Farenheit: "); degreesF = Integer.parseInt(keyboard.next()); // Get user input and Assign the far. temperature variable, which is casted from String to int. } // Let the user know in a user friendly notice that the value entered wasnt an int ( give int value range ) , and then give error log catch(java.lang.Exception e) { System.out.println("Sorry but you entered a non-int value ( needs to be between ( including ) -2,147,483,648 and 2,147,483,647 ).. \n"); e.printStackTrace(); isInt = false; } } while(!isInt); System.out.println(""); // print a new line. final int degreesC = (5*(degreesF-32)/9); // convert the degrees from F to C and store the resulting expression in degreesC // Print out a newline, then print what X degrees F is in Celcius. System.out.println("\n" + degreesF + " degrees Farenheit is " + degreesC + " degrees Celcius"); } } And The following error: C:\Program Files\Java\jdk1.7.0_06\bin>java Fer_To_Cel Exception in thread "main" java.lang.NoClassDefFoundError: Fer_To_Cel (wrong name: ftc/Fer_To_Cel) at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:791) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:14 at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) at java.net.URLClassLoader.access$100(URLClassLoader.java:71) at java.net.URLClassLoader$1.run(URLClassLoader.java:361) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:423) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:356) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:480) The code compiled without compile errors, but presented errors during execution. Which leads me to two questions. I know Errors can be termed Compiler, Runtime and Logic Errors, but the NoClassDefFoundError inherits java.lang.LinkageError. Does that make it a Linker error, being niether of the three types of errors I listed, If I am right this is the answer. For someone else who obtains the singular .java file and compiles it, would this be the only way to solve this problem? Or can I (should I ) do/have done something to fix this problem? Basically, based on a basis of programming, is this a fault of me as the writer? Could this be done once on, my half and be distributed and not needed be done again?Read the article
-
java webservice requires usernametoken over basichttpbinding (3 replies)
I need to call a Java webservice. I can add a service reference without problems, and I get Intellisense in Visual Studio. However, when I try to call a service method I get an error message saying "Missing (user) Security Information". I n my code I try to set usercredentials: testWS.WarrantyClaimServiceClient svc new TestClient.testWS.WarrantyClaimServiceClient(); svc.ClientCredentials.UserName....Read the article
-
How to restart colord
- by Blair Zajac
A tiff security update came out today for 12.04 and colord is still running with the older shared library # lsof -n | grep DEL | grep /lib colord 3454 colord DEL REG 252,1 3673529 /usr/lib/x86_64-linux-gnu/libtiff.so.4.3.4 Besides restarting the whole system, given there's no /etc/init.d/colord, how do I restart it so it picks up the new libtiff.so.Read the article
-
Managing accounts on a private website for a real-life community
- by Smudge
Hey Pro Webmasters, I'm looking at setting-up a walled-in website for a real-life community of people, and I was wondering if anyone has any experience with managing member accounts for this kind of thing. Some conditions that must be met: This community has a set list of real-life members, each of whom would be eligible for one account on the website. We don't expect or require that they all sign-up. It is purely opt-in, but we anticipate that many of them would be interested in the services we are setting up. Some of the community members emails are known, but some of them have fallen off the grid over the years, so ideally there would be a way for them to get back in touch with us through the public-facing side of the site. (And we'd want to manually verify the identity of anyone who does so). Their names are known, and for similar projects in the past we have assigned usernames derived from their real-life names. This time, however, we are open to other approaches, such as letting them specify their own username or getting rid of usernames entirely. The specific web technology we will use (e.g. Drupal, Joomla, etc) is not really our concern right now -- I am more interested in how this can be approached in the abstract. Our database already includes the full member roster, so we can email many of them generated links to a page where they can create an account. (And internally we can require that these accounts be paired with a known member). Should we have them specify their own usernames, or are we fine letting them use their registered email address to log-in? Are there any paradigms for walled-in community portals that help address security issues if, for example, one of their email accounts is compromised? We don't anticipate attempted break-ins being much of a threat, because nothing about this community is high-profile, but we do want to address security concerns. In addition, we want to make the sign-up process as painless for the members as possible, especially given the fact that we can't just make sign-ups open to anyone. I'm interested to hear your thoughts and suggestions! Thanks!Read the article
