Search Results

Search found 13059 results on 523 pages for 'security hole'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 200/523 | < Previous Page | 196 197 198 199 200 201 202 203 204 205 206 207  | Next Page >

  • C# Preprocessor Directives

    - by MarkPearl
    Going back to my old c++ days at university where we had all our code littered with preprocessor directives - I thought it made the code ugly and could never understand why it was useful. Today though I found a use in my C# application. The scenario – I had made various security levels in my application and tied my XAML to the levels by set by static accessors in code. An example of my XAML code for a Combobox to be enabled would be as follows… <ComboBox IsEnabled="{x:Static security:Security.SecurityCanEditDebtor}" />   And then I would have a static method like this… public static bool SecurityCanEditDebtorPostalAddress { get { if (SecurityCanEditDebtorPostalAddress) { return true; } else { return false; } } } My only problem was that my XAML did not like the if statement – which meant that while my code worked during runtime, during design time in VS2010 it gave some horrible error like… NullReferenceException was thrown on “StatiucExtension”: Exception has been thrown by the target of an invocation… If however my C# method was changed to something like this… public static bool SecurityCanEditDebtorPostalAddress { get { return true; } }   My XAML viewer would be happy. But of course this would bypass my security… <Drum Roll> Welcome preprocessor directives… what I wanted was during my design experience to totally remove the “if” code so that my accessor would return true and not have any if statements, but when I release my project to the big open world, I want the code to have the is statement. With a bit of searching I found the relevant MSDN sample and my code now looks like this… public static bool SecurityCanEditDebtorPostalAddress { get { #if DEBUG return true; #else if (Settings.GetInstance().CurrentUser.SecurityCanEditDebtorPostalAddress) { return true; } else { return false; } #endif } }   Not the prettiest beast, but it works. Basically what is being said here is that during my debug mode compile my code with just the code between the #if … #else block, but what I can now do is if I want to universally switch everything to the “if else” statement, I just go to my project properties –> Build and change the “Debug” flag as illustrated in the picture below. Also note that you can define your own conditional compilation symbols, and if you even wanted to you could skip the whole properties page and define them in code using the #define & #undef directives. So while I don’t like the way the code works and would like to look more into AOP and compare it to this method, it works for now.

    Read the article

  • Bust Out these 13 Spooky Games for Halloween

    - by Jason Fitzpatrick
    Looking for a suitably spooky board game for Halloween? This roundup includes everything from the light-hearted to the dark and challenging. Over at GeekDad they’ve rounded up 13 horror/Halloween themed board games to help you fill your holiday board gaming quota. The list includes classics like the in-depth and atmospheric Arkham Horror to more recent and kid-friendly GeistesBlitz. Although we think their list is rock solid and includes some great titles, we’re disappointed to see that Witch of Salem, a great lighter-weight alternative to Arkham Horror for those nights you want some cooperative H.P. Lovecraft inspired play without the massive setup and game length, didn’t make the list. To check out the full GeekDad list hit up the link below, for more boardgame-centric reading we highly recommend the excellent board gaming site BoardgameGeek. 13 Spooky Board Games for Your Halloween Game Night [GeekDad] What Is the Purpose of the “Do Not Cover This Hole” Hole on Hard Drives? How To Log Into The Desktop, Add a Start Menu, and Disable Hot Corners in Windows 8 HTG Explains: Why You Shouldn’t Use a Task Killer On Android

    Read the article

  • One user sometimes gets an unknown certificate error opening Outlook

    - by Chris
    Let me clarify a little. This isn't an unknown certificate error it's an unknown certificate error in so much as I can't figure out where the certificate comes from. This happens on a Win 7 Enterprise machine connecting to Exchange 2010 with Outlook 2010. The error he gets is that the root is not trusted because it's a self-signed cert. Take a look at this screenshot because even if I had generated this myself I wouldn't have put "SomeOrganizationalUnit" or "SomeCity" or "SomeState", etc. (Red block covers our domain name.) I'm a little concerned this is a symptom of a security breach. Exchange 2010 has three certificates installed but none of them are this certificate. They all have different expiration dates (one is expired) and different meta-data. edit: There are two scenarios that I see the certificate warning and one of them I can reliably repeat. When the user leaves his computer on over night Outlook pops the Security Warning window. I don't know what time this happens. Using Outlook Anywhere if I connect to Exchange externally via a cellular USB modem the Security Warning window will appear every time I close and reopen Outlook. Whether I say Yes or No does not make a difference on whether or not I can connect to Exchange and send/receive email. In other words, I can always connect to Exchange. I've checked my two Exchange servers and my Cisco router for a certificate that matches this one and I can't find it. edit 2: Here is a screenshot of the Security Alert window. (I've been calling it Security Warning... My mistake.) edit 3: I stopped seeing this error several weeks ago but I can't tie it to any single event (because I just sort of realized that warning had stopped showing up) but I think I found the source of the certificate. Last week I found out that the certificate on our website DomainA.com was invalid. I knew that our web admin had installed a valid certificate so when I look into the problem I found out I was being presented with the invalid certificate that this posting is in regards to. The Exchange server's domain is mail.DomainA.com so I can only guess that Outlook was passing this invalid certificate through as it did some kind of check on DomainA.com. This issue is still a mystery because the certificate warning stopped appearing several weeks ago whereas the invalid certificate issue on the website was only fixed last week. It ended up being a problem with the website control panel. The valid certificate was installed but not being served for some reason and instead the self-signed cert was being served.

    Read the article

  • What You Said: How You Set Up a Novice-Proof Computer

    - by Jason Fitzpatrick
    Earlier this week we asked you to share your tips and tricks for setting up a novice-proof computer; read on to see how your fellow readers ensure friends and relatives have a well protected computer. Image available as wallpaper here. If you only listen to a single bit of advice from your fellow readers, let that advice be the importance of separate and non-administrative user accounts. Grant writes: I have two boys, now 8 and 10, who have been using the computer since age 2. I set them up on Linux (Debian first, now Ubuntu) with a limited rights account. They can only make a mess of their own area. Worst case, empty their home directory and let them start over. I have to install software for them, but they can’t break the machine without causing physical damage (hammers, water, etc.) My wife was on Windows, and I was on Debian, and before they had their own, they knew they could only use my computer, and only logged in as themselves. All accounts were password protected, so that was easy to enforce. What Is the Purpose of the “Do Not Cover This Hole” Hole on Hard Drives? How To Log Into The Desktop, Add a Start Menu, and Disable Hot Corners in Windows 8 HTG Explains: Why You Shouldn’t Use a Task Killer On Android

    Read the article

  • Multiple Tomcat vulnerabilities in Oracle Health Sciences LabPas

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2733 Improper Input Validation vulnerability 5.0 Apache Tomcat Oracle Health Sciences LabPas upgrade to Apache Tomcat v6.0.36 CVE-2012-3439 DIGEST authentication implementation issues 5.0 CVE-2012-3546 Security constraints bypass vulnerability 5.5 CVE-2012-4431 CSRF prevention filter bypass vulnerability 4.3 CVE-2012-4534 Denial of Service (DoS) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • problems in fetching upgrades

    - by andre
    presently using ubuntu 10.04 and I would like to upgrade to the latest ubuntu release but while trying to ugrade I have this errors . Can anybody help me how to solve this and proceed..just a beginner in using ubuntu. thanks W: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-image-generic_2.6.32.38.44_i386.deb 404 Not Found [IP: 91.189.92.166 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-generic_2.6.32.38.44_i386.deb 404 Not Found [IP: 91.189.92.166 80]

    Read the article

  • Use a SQL Database for a Desktop Game

    - by sharethis
    Developing a Game Engine I am planning a computer game and its engine. There will be a 3 dimensional world with first person view and it will be single player for now. The programming language is C++ and it uses OpenGL. Data Centered Design Decision My design decision is to use a data centered architecture where there is a global event manager and a global data manager. There are many components like physics, input, sound, renderer, ai, ... Each component can trigger and listen to events. Moreover, each component can read, edit, create and remove data. The question is about the data manager. Whether to Use a Relational Database Should I use a SQL Database, e.g. SQLite or MySQL, to store the game data? This contains virtually all game content like items, characters, inventories, ... Except of meshes and textures which are even more performance related, so I will keep them in memory. Is a SQL database fast enough to use it for realtime reading and writing game informations, like the position of a moving character? I also need to care about cross-platform compatibility. Aside from keeping everything in memory, what alternatives do I have? Advantages Would Be The advantages of using a relational database like MySQL would be the data orientated structure which allows fast computation. I would not need objects for representing entities. I could easily query data of objects near the player needed for rendering. And I don't have to take care about data of objects far away. Moreover there would be no need for savegames since the hole game state is saved in the database. Last but not least, expanding the game to an online game would be relative easy because there already is a place where the hole game state is stored.

    Read the article

  • EZ Systems publie trois patchs de sécurité, qui concernent des failles sur les versions 4.1 et 4.2 d

    EZ System, éditeur du gestionnaire de contenu EZ Publish vient de publier une série de trois patchs de sécurité. [IMG]http://djug.developpez.com/rsc/Ez-publish-Logo_medium.gif[/IMG] ces patchs concernent des failles affectant les versions 4.1 et 4.2 du CMS, il est vivement recommandé d'appliquer ce patch. -> Les patchs se trouvent ici http://ez.no/developer/security/secu...y_in_ez_search -> Communiqué officiel http://share.ez.no/blogs/ez/security...lish-instances...

    Read the article

  • ISP Privacy Proposal Draws Fire

    <b>Krebs on Security:</b> "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software."

    Read the article

  • Patch Tuesday Again!

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/06/10/patch-tuesday-again.aspxThe second Tuesday of the month is “Patch Tuesday” when Microsoft issues the security and other important fixes for the month. This month there are two critical and five important patches. So watch out for these patches and apply them to your Windows PCs as soon as you can. For more details see http://www.itpro.co.uk/desktop-software/22421/microsoft-to-roll-out-two-critical-security-bug-fixes.

    Read the article

  • A Dozen USB Chargers Analyzed; Or: Beware the Knockoffs

    - by Jason Fitzpatrick
    When it comes to buying a USB charger one is just as good as another so you might as well buy the cheapest one, right? This interesting and detailed analysis of name brand, off-brand, and counterfeit chargers will have you rethinking that stance. Ken Shirriff gathered up a dozen USB chargers including official Apple chargers, counterfeit Apple chargers, as well as offerings from Monoprice, Belkin, Motorola, and other companies. After putting them all through a battery of tests he gave them overall rankings based on nine different categories including power stability, power quality, and efficiency. The take away from his research? Quality varied widely between brands but when sticking with big companies like Apple or HP the chargers were all safe. The counterfeit chargers (like the $2 Apple iPad charger knock-off he tested) proved to be outright dangerous–several actually melted or caught fire in the course of the project. Hit up the link below for his detailed analysis including power output readings for the dozen chargers. A Dozen USB Chargers in the Lab [via O'Reilly Radar] 6 Start Menu Replacements for Windows 8 What Is the Purpose of the “Do Not Cover This Hole” Hole on Hard Drives? How To Log Into The Desktop, Add a Start Menu, and Disable Hot Corners in Windows 8

    Read the article

  • New SQL Monitor Metric: Principals with Sysadmin Login

    This metric counts the number of principals who are members of the sysadmin fixed server role. SQL Server relies on role-based security to manage permissions. If multiple IT system administrators have permissions to set up new SQL Server logins, they might be inclined to do so as part of the sysadmin role. Adding a normal user to the sysadmin role could pose a security risk and is not recommended unless the principal is highly trusted.

    Read the article

  • Are SSL Certificates Really Secure

    The biggest challenge for internet these days is in the form of fraud or hacking. Security of any transaction on the WWW is very crucial and therefore, several security tools are developed for the sa... [Author: Jack Melde - Computers and Internet - May 01, 2010]

    Read the article

  • Logging out

    - by chandan
    After twelve years at Sun and Oracle, and running this blog for eight years, about two hundred postings, one domain name change and getting thousands of security vulnerabilities fixed I am signing off from Oracle's product security desk today. Working for Sun and Oracle was an incredible experience! I am very fortunate to have had the opportunity to know and learn from so many extraordinary people. See chandanlog.wordpress.com for future postings. I can also be found on Linkedin

    Read the article

  • SQL Server Integration Services package to delete files from a Network or Local path based on date

    We have a requirement to delete a group of files that are older than the specified number of days from the company file share. Due to the complex folder hierarchy and delicate nature of the data stored in these files, this task has to be originated from SQL Server. However, due to company security policy, and based on SQL Server security best practices, we blocked access to OLE Automation stored procedures, CLR features, and xp_cmdshell. Is there any way to accomplish this task without using these features?

    Read the article

  • 4?????????????

    - by ???02
    4?????????????Oracle Database ???????????????????????????????????????????????????????????????Oracle Database Security???????????????????????????????????????????????????4???????????? ?????????4????????????Oracle Advanced Security??Oracle Database?????????????????????????????????????????????????????????????????????????????Oracle Database Vault????????????DBA????????????????????DBA???????????????????????????????????????????????????????????????????????????·??Oracle Audit Vault??Oracle Database?SQL Server??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oracle Data Masking??????????????????????????????????????????????????????????????????????????? ??????·??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????? Oracle Direct

    Read the article

  • ???????/?????????????????????????????????

    - by Yusuke.Yamamoto
    ????? ??:2011/05/11 ??:??????/?? ????????????????????????????????????????????????????????????????????????????????????????????????????????????Oracle Advanced Security ????????????? Oracle Data Masking ????????????????????????????? Oracle Data Masking ????????????Oracle Advance Security ?????? ????????? ????????????????? http://otndnld.oracle.co.jp/ondemand/otn-seminar/movie/Masking05111500.wmv http://www.oracle.com/technetwork/jp/ondemand/db-technique/0511-1500-encry-masking-400262-ja.pdf

    Read the article

  • WebSphere Plugin Keystore Unreadable by IHS - GSK_ERROR_BAD_KEYFILE_PASSWORD

    - by Seer
    Running WAS 6.1.xx in a network deployment. The IBM provided plugin keystore's "plugin-key.kdb" password expires on april 26th along with the personal cert inside it. So no problem right? Create new cert and set new password on the kdb, restash the password and off we go! Well no! On restart of IBM HTTP Server we see [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: lib_security: logSSLError: str_security (gsk error 408): GSK_ERROR_BAD_KEYFILE_PASSWORD [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: lib_security: initializeSecurity: Failed to initialize GSK environment [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_transport: transportInitializeSecurity: Failed to initialize security [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_server: serverAddTransport: Failed to initialize security [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: lib_security: logSSLError: str_security (gsk error 408): GSK_ERROR_BAD_KEYFILE_PASSWORD [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: lib_security: initializeSecurity: Failed to initialize GSK environment [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_transport: transportInitializeSecurity: Failed to initialize security [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_server: serverAddTransport: Failed to initialize security [Tue Apr 24 14:11:22 2012] 00b00004 00000001 - ERROR: ws_server: serverAddTransport: HTTPS Transport is skipped Here is the thing ... I can open the keystore using the new password with ikeyman and keytool. Using some "slightly dodgy" script, I can reverse the stash file and see that indeed the new password is set. Then, even if I restore the old keystore files (plugin-key.kdb,plugin-key.crl,plugin-key.sth,plugin-key.rdb) they no longer work either! So it must be permissions right? Well the permissions are the same as before, if I switch to apache user I can browse right through to the files and read them. I have even chown'ed them to apache:apache and/or chmod 777 and still its the same error! Does anyone have a clue what is going on here? Its pretty urgent as our site will be without HTTPS in a couple of days if this isn't resolved - thats bad for a retail web site :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 196 197 198 199 200 201 202 203 204 205 206 207  | Next Page >