Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

Page 147/763 | < Previous Page | 143 144 145 146 147 148 149 150 151 152 153 154  | Next Page >

• Does the Adblock Plus extension prevent malicious code from downloading/executing? [closed]

  - by nctrnl

  Firefox and Chrome are my favourite browsers. The main reason is an extension called Adblock Plus. Basically, it blocks all the ad networks if you subscribe to one of the lists, like EasyList. Does it also protect against malicious ads on completely legitimate websites? For instance, several news websites use ad services that may allow a malicious user to insert "evil code". This makes the web very unsafe, especially for those who lack a serious antivirus product.

  Read the article

• Are two database trips reasonable for a login system?

  - by Randolph Potter

  I am designing a login system for a project, and have an issue about it requiring two trips to the database when a user logs in. User types in username and password Database is polled and password hash is retrieved for comparative purposes (first trip) Code tests hash against entered password (and salt), and if verified, resets the session ID New session ID and username are sent back to the database to write a row to the login table, and generate a login ID for that session. EDIT: I am using a random salt. Does this design make sense? Am I missing something? Is my concern about two trips unfounded? Comments and suggestions are welcome.

  Read the article

• "Reverse" encryption? - EncFS the other way around?

  - by stwissel

  Currently I'm using EncFS to encrypt my directory "confidential" to ".encconfidential" and sync that encrypted directory using an online service (e.g. Dropbox, UbuntuOne etc). However my entire disk is already LUKS encrypted, so the double encryption takes a toll on performance. I wonder is there an "inverted" EncFS option? An unencrypted directory gets mounted and in the mounted directory you only see encrypted files. So I could work with the unencrypted documents while the sync tool sees and read/writes the encrypted files only.

  Read the article

• Get phone number of (via mobile networks) browsing mobile device

  - by TrialUser

  I recently figured out, that the web site of my phone provider (mobile) mysteriously identifies me and automatically logs me into my account when I'm accessing with my android phone, as if it knew my phone number. (I used several browsers. When I'm using the phone as WLAN hotspot and access the same site from another device that doesn't happen.) How does my phone provider do that? On the one hand, as a programmer, I'd like to be able to do that too, but on the other hand, as a user, I'm kind of scared. What information do they have, such that they (believe they) are able to identify me just by my device? I hope this question isn't completely inappropriate for this site; feel free to add better tags — it's hard to find the right ones without knowing the Webmasters site at all.

  Read the article

• Drop in service for account management, authentication, identity?

  - by Mike Repass

  I'm building an Android app and associated set of web services for uploading/downloading data. I need a basic (no frills) solution for account management (register, login, logout, verify credentials/token). What open source / third party solutions exist for this scenario? I need: create a new account db based on a salt simple web service to create a new account simple web service to authenticate supplied credentials and return some sort of token That's it, I can get by without 'fancy' email activation or password reset for the time being. Are there off-the-shelf components for this? Should I just use a 'blank' django or rails app to get this done? Seems crazy for everyone to be doing CREATE TABLE user_accounts ... Thoughts? Thank you.

  Read the article

• Need suggestions on how to create a website with an encrypted database.

  - by SFx

  Hi guys, I want to create a website where a user enters content (say a couple of sentences) which eventually gets stored in a backend database (maybe MySQL). But before the content leaves the client side, I want it to get encrypted using something on client like maybe javascript. The data will travel over the web encrypted, but more importantly, will also be permanently stored in the backend database encrypted. Is JavaScript appropriate to use for this? Would 256 bit encryption take too long? Also, how do you query an encrypted database later on if you want to pull down the content that a user may have submitted over the past 2 months? I'm looking for tips, suggestions and any pointers you guys may have in how to go about learning about and accomplishing this. Thanks!

  Read the article

• Situations that require protecting files against tampering when stored on a users computer

  - by Joel

  I'm making a 'Pokémon Storage System' with a Client/Server model and as part of that I was thinking of storing an inventory file on the users computer which I do not wish to be edited except by my program. An alternative to this would be to instead to store the inventory file on the server and control it's editing by sending commands to the server but I was wondering if there are any situations which require files to be stored on a users computer where editing would be undesirable and if so how do you protect the files? I was thinking AES with some sort of checksum?

  Read the article

• How do PGP and PEM differ?

  - by Dummy Derp

  Email messages are sent in plain text which means that the messages I send to Derpina are visible to anyone who somehow gets access to them while they are in transit. To overcome this, various encryption mechanisms were developed. PEM and PGP are two of them. PEM - canonically converts-adds digital signature-encrypts and sends PGP does exactly the same. So where do they differ? Or is it that PGP (being a program) is used to generate a PEM message?

  Read the article

• Seeking for a better solution to restrict access in GRUB2 menu

  - by LiveWireBT

  I just read that in certain situations you should also protect access to your GRUB2 menu by setting a password and may be refining acces by adding --unrestricted or --users as arguments to menuentries und submenus. I read the corresponding pages in the Ubuntu Community Documentation and the Arch Wiki. So, I created /etc/grub.d/01_security, stored usernames and passwords in there, made the file executable and ran update-grub. This is working as intended, every action in the menu prompts for username and password, but I also want to modify the automatically generated entries to either restrict them to certain users (via --users) or make them available for everyone, but not editable by everyone (via --unrestricted). I was able to find the proper lines in 10_linux and edit them accordingly, however I'd love to see an easier solution. Perhaps an option like GRUB_DISABLE_RECOVERY="true" or GRUB_DISABLE_OS_PROBER=true in /etc/default/grub for easy (re)configuration (for linux and os-prober generated entries). Here's a diff from my 13.10 installation: $ diff /etc/grub.d/10_linux /etc/grub.d/10_linux_bak 123c123 < echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} --unrestriced \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^$ --- > echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_inde$ 125c125 < echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} --unrestricted \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_$ --- > echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 323c323 < echo "submenu --unrestricted '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_$ --- > echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" tl;dr: I'd love the see a simple solution for GRUB2 entries that cannot be modified without a password or are limited to certain users. (Yes, GRUB_DISABLE_RECOVERY="true" is active.)

  Read the article

• Avoid SQL Injection with Parameters

  - by simonsabin

  The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

  Read the article

• How to create a restricted SSH user for port forwarding?

  - by Lekensteyn

  ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs to be able to forward his port through the server (the server acts as proxy). How do I create a restricted user that can do nothing more than the above described? The new user must not be able to: execute shell commands access files or upload files to the server use the server as proxy (e.g. webproxy) access local services which were otherwise not publicly accessible due to a firewall kill the server Summarized, how do I create a restricted SSH user which is only able to connect to the SSH server without privileges, so I can connect through that connection with his computer?

  Read the article

• Solera Networks Threat Predictions for 2012, Solutions

  Legitimate sites are often trusted by their visitors, which makes them a perfect target for cybercriminals. Solera lists attacks on legitimate, yet compromised sites as a growing trend for 2012 due to the increased amount of such sites containing unpatched vulnerabilities. Once compromised, hackers can use the legitimate sites to redirect unsuspecting visitors and put them in harm's way. According to Solera, malicious spam is another undesirable item that should increase in 2012. Various methods, such as email, instant messaging, attachments, malicious links, and social networks will cont...

  Read the article

• Microsoft Unveils New Logo

  Indeed, with those four familiar colored squares - set in a bigger square rather than standing on a point in a diamond - Microsoft's new corporate logo seems almost inevitable. As you'd expect, the company's name makes up part of the logo, but instead of the thick italic letters it has used for the past two and a half decades, it's in a more standard, lighter font. Jeff Hansen, Microsoft's general manager of brand strategy, notes that the point of the new logo is to signal the heritage but also signal the future - a newness and a freshness. It's very fitting when you consider just how many...

  Read the article

• Some hint to program a webservice "by subscription"

  - by Eagle

  I have some web sites programmed, I know to do it with python and PHP basically. Normally they are simple web sites, but now I want to provide REST web services but only for allowed users (allowed by me). I saw that a lot of services uses the "KEY" and "SECRET_KEY" concepts, which seems to be what I need (if I understand it right). My suppositions are: If I only do a GET service to retrieve, e.g., all my clients, without anymore, anyone can retrieve my clients without limitations. I will need some KEY generator to provide keys for my allowed users, so they can use my webservices. Only with a KEY is not enough: someone can steal a KEY and supplant my user (and this is the reason because exists a SECRET_KEY, right?). If all this is right, how can I make/use a system like that in my web services? Some open source example? Or maybe there are another easy solutions I'm not considering? My objective is to allow some users to use my web services.

  Read the article

• Le logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé

  La version bêta du logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé Un petit rien peu parfois se transformer en quelque chose de gigantesque, avec un effet boule de neige. C'est ce qu'est en train de constater actuellement F-Secure. La firme spécialisée dans la sécurité informatique a rencontré un bogue sur son programme anti-virus qui provoque l'indignation d'un grand nombre d'internautes. En effet, le logiciel, qui est actuellement en version bêta pour Mac OS X a de "sérieux problèmes de fausse alarme". Sur les Macs sur lesquels il est installé, il a par accident supprimé des fichiers sains en les prenant pour des malwares. Des erreurs de ...

  Read the article

• How to backup encrypted home in encrypted form only?

  - by Eric

  I want to backup the encrypted home of a user who might be logged in at backup time. Which directories should I backup if I want to ensure that absolutely no plaintext data can be leaked? Are the following folders always encrypted? /home/user/.Private /home/user/.ecryptfs Just want to make sure that no data leaks, as the backup destination is untrustworthy. Edit: Yes, as Lord of Time has suggested, I'd like to know which folders and/or files I need to backup if I need to store only encrypted content in a way that allows me to recover it later with the right passphrase.

  Read the article

• Basic Ubuntu FTP Server

  - by JPrescottSanders

  I would like to setup a basic FTP server on my Ubuntu Server install. I have been playing with VSFTPD, but am having issues getting the server to allow me to create directories and copy files. I have set the system to allow local users, but it appears that doesn't mean I get access to create directories. This may be an instance where I need to be better grounded in Unbuntu server setup in order to configure this FTP server adequately. The end goal is to be able to move files from my local dev folder into my www folder for deployment. Directories need to be able to move as well. Any help would be greatly appreciated.

  Read the article

• Disadvantages of a fake phpMyAdmin honeypot that causes ip blacklisting and robots.txt disallow/exclusion of the honeypot?

  - by Tchalvak

  I'm trying to figure out whether I should set up a honeypot system with a fake phpMyAdmin (site gets hits all the time with people spidering for insecurities with that app). My thought was to create a honeypot php script that would mimic a phpMyAdmin login, and then blacklist ips that hit that url (and aren't already whitelisted). I would then add the appropriate urls to the robots.txt so that spiders that actually respect my robots.txt wouldn't be caught by the blacklist. Are there disadvantages to this approach, do legit robots sometimes not respect robots.txt in certain circumstances, are there any problems with this that I should consider in advance?

  Read the article

• Deny access to a folder on hosting server but serve the pages

  - by Sourav

  My hosting server allows to host multiple websites. The directory structure is like this root |_ www.a.com |_ www.b.com |_ www.c.com |_ www.d.com I want to put some PHP files on the www.d.com folder so if some one browse the site from web-browser can get it, but no one can get it's source code [even by loggin in to the root folder]. Is there any way to doing so ? There is a feature called Password protect folder or so, can in help in this case ?

  Read the article

• How to deal with malicious domain redirections?

  - by user359650

  It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation. For instance someone could buy the domain child-pornography.com and point it to the address 64.34.119.12 which is the address behind stackoverflow.com and people navigating to the domain in question would end up visualizing content from StackExchange which would be detrimental to StackExchange's image. To illustrate this, I added the entry 64.34.119.12 child-pornography.com to my /etc/hosts file and tested. Here is what I obtained: I personally found this user experience terrible as someone could think that Stack Exchange are in favor of child pornography and awaiting support from the community to create a Q&A site about it. I tested with other websites and experienced other behaviors that I would categorize as follows: 1 - Useful 404 page (happens with stackoverflow.com): For me the worst way of handling this as the image of the targeted website is directly associated with the offending domain. The more useful the 404 page, the bigger the impression that the targeted website would be willing to help with child pornography. 2 - Redirection (happens with microsoft.com): For instance when accessing child-pornography.com you get redirected to www.microsoft.com. It isn't as bad as above as the offending domain name never appears alongside the targeted website's content, but still bad in my opinion as it gives the impression the targeted website bought the offending domain and redirected it to their website to get more traffic. 3 - Server error (happens with lemonde.fr): You get an error from the webserver which page doesn't contain any content that can be associated with the targeted website (e.g. default Apache 404 page, completely blank page). I believe that is good as the identify of the targeted website isn't revealed. Above are the various behaviors I experienced, but I also thought about a fourth way of dealing with this which is described below. 4 - Disclaimer page (haven't found any website implementing that technique): Display a message such as : "You ended here because someone bought and linked the child-pornography.com domain to our website. We do not own this domain and do not associate ourselves with it. This request has been logged by our servers and we will raise this issue with the competent authorities to have this domain taken down. If you want to access our website, please click here." The good thing about this method is that it can be implemented at application layer (good if you don't have control over web server which happens with some hosting solutions), allows you to protect yourself from any liability, and offer the visitor to be redirected to your own website. Which of the above options would you implement to deal with malicious domain linking (IMO only options 3 and 4 are worth considering) ?

  Read the article

• How to do a login page for third party service without letting them sign on?

  - by AAA

  We have a unique situation (at least for me, first time seeing this). We have a web form where accountants can fill in requests and that part is taken care of. But after their login we redirect them to a third-party website where we need more information from them. The process is crazy right now since we have to give our account login info to all people filing with us. So is there a way in PHP or any other solution where we can after that form on our website auto login with our information to that third party website in a way that our credentials are not visible to the users using the service?

  Read the article

• How to Configure Windows Defender

  The existence of spyware and other unwanted irritations on the Web is so widespread that keeping your PC protected is an absolute must. Microsoft responded to this need with the inclusion of its Windows Defender program with Windows 7. Windows Defender does exactly what its name suggests, which is to defend your PC from spyware and other malicious programs. It does this first with real-time protection that notifies you if any spyware tries to run on your computer or if a program tries to change any vital settings in Windows. Windows Defender also helps to keep your computer protected thro...

  Read the article

• How to protect own software from copying [closed]

  - by Zzz

  Possible Duplicate: How do you prevent the piracy of your software? Is possible to protect some file from copying if you are administrator of machine? I heard some story about some behavior: one software developer sells his software in some way. He is installing it on every client's computer and this software does not work on other computers or cannot be copied physically. How to implement the first and second protection. Is it effectively protection if software costs about $100 for all copies across client's company?

  Read the article

• Did Microsoft Add Wiretapping Capability to Skype?

  Ryan Gallagher, writing for Slate, put two and two together from a lot of no comments. He noted that back in 2007, German police forces said that they couldn't tap into Skype calls because of of its strong encryption and complicated peer-to-peer network connections; in fact, Skype bluntly stated at the time that, due to its encryption and architecture techniques, it couldn't conduct wiretaps. But that may have changed. Gallagher cited a Forbes article that claims the hacker community is talking about recent changes to Skype's architecture and whether they will allow users to be wiretapped. ...

  Read the article

• How do I safely use a virus infected USB drive in Ubuntu?

  - by suhridk

  I have an USB drive which I know is virus infected (an anti-virus on my friend's machine detected it). Unfortunately neither of us know the virus name and I don't want to take the risk of plugging it to my Windows box again. Of course, in all probability the virus affects only Windows. (But I'm not sure) I want to know if I can safely plug the USB into my Ubuntu Lucid laptop and copy the stuff I need from the drive. If there are some precautions I need to follow what would they be?

  Read the article

< Previous Page | 143 144 145 146 147 148 149 150 151 152 153 154  | Next Page >