Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 308/523 | < Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315 | Next Page >

What does private cloud Daas or DBaaS really mean ?

- by llaszews

Just had meeting with Fortune 1000 company regarding their private DBaaS or DaaS offering. Interesting to see what DBaaS really means to them: 1. Automated Database provisioning - Being able to 'one button' provision databases and database objects. This includings creating the database instance, creating database objects, network configuration and security provisioning. It is estimated that just being able to provision a new DB table in automated fashion will reduce time required to create a new DB table from 60 hours down to 8 hours. 2. Virtualization and blades - DBaaS infrastructure is all based upon VMs and blades. 3. Consolidation of database vendors - Moving from over ten database vendors down to three.

Read the article
How to connect Empathy to facebook

- by Simanta Das

I am a new user of Ubuntu and I want to connect empathy internet messaging with Facebook. So when I select Facebook from the list given in Online Accounts a window opens up for me to authorize access and a url opens saying: Success SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone. Although after this nothing happens... When I open the messenger nothing comes up and in Online Accounts it still asks: Please authorize Ubuntu to access your Facebook account... but I have already given permission... Please help me out. Thanks in advance.

Read the article
HTG Explains: What is DNS?

- by Chris Hoffman

Did you know you could be connected to facebook.com – and see facebook.com in your web browser’s address bar – while not actually being connected to Facebook’s real website? To understand why, you’ll need to know a bit about DNS. DNS underpins the world wide web we use every day. It works transparently in the background, converting human-readable website names into computer-readable numerical IP addresses. Image Credit: Jemimus on Flickr How To Switch Webmail Providers Without Losing All Your Email How To Force Windows Applications to Use a Specific CPU HTG Explains: Is UPnP a Security Risk?

Read the article
Crisis : le premier malware à cibler les machines virtuelles sous Windows

Crisis : le premier malware à cibler les machines virtuelles Sous Windows Préalablement connu sous le nom Morcut, "Crisis" est un rootkit malicieux qui infecte les systèmes d'exploitation Windows et Mac OS X. Il y arrive par l'utilisation d'un faux installeur d'Adobe Flash Player dissimulé dans une archive JAR numériquement signé par VeriSign. Cette dernière contient deux exécutables, un pour Mac OS X et un autre pour Windows. Selon le dernier rapport de Symantec Security, le logiciel malveillant se propage dans l'environnement Windows par l'utilisation du mécanisme d'autorun des disques durs amovibles, et les composants d'installation dans les dispositifs Windows Mobile. Entr...

Read the article
How to get KeePass to properly work with Chromium?

- by Tom

The two-channel auto-type obfuscation feature of KeePass doesn't work for me with Chromium (on Ubuntu 12.04 64 bits). However, it works just fine with Firefox. Dows anyone know how to fix this? Textboxes in web forms in Chromium seems to have something special that causes this feature to fail. Only some of the username/password characters are being auto-typed. This might be related to this: if I select an entry in KeePass and click "Copy User Name", I can paste it fine with Ctrl+V in any textbox in Firefox, but I can't on Chromium. However, text copied using Ctrl+C from a regular text file (say, from gedit), can be pasted fine on both browsers. What may be wrong? I wouldn't like to deactive this feature for all the entries in my keepass files as I use them on Windows too and they work just fine there (even on Google Chrome for Windows). This feature gives an appreciated extra security measure against spyware/keyloggers.

Read the article
Problems with Developer [closed]

- by Concerned Client

I engaged a developer who is developing a website for me. I am not happy with him and would like that once the website is ready, I transfer the duties of further development, seo and web admin to another developer. What do I need to be aware of? and what information do i need in terms of passwords etc? The website has been developed in word press and I have access to the CMS but I am not technical so i am not sure if there are security levels for the more technical people. thanks

Read the article
Why are UUID / GUID's in the format they are?

- by Xeoncross

Globally Unique Identifiers (GUID) are a grouped string with a specific format which I assume has a security reason. A GUID is most commonly written in text as a sequence of hexadecimal digits separated into five groups, such as: 3F2504E0-4F89-11D3-9A0C-0305E82C3301 Why aren't GUID/UUID strings just random bytes encoded using hexadecimal of X length? This text notation contains the following fields, separated by hyphens: | Hex digits | Description |------------------------- | 8 | Data1 | 4 | Data2 | 4 | Data3 | 4 | Initial two bytes from Data4 | 12 | Remaining six bytes from Data4 There are also several versions of the UUID standards. Version 4 UUIDs are generally internally stored as a raw array of 128 bits, and typically displayed in a format something like: uuid:xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx

Read the article
Best strategy for supporting multiple server communication from iPhone/android app?

- by tipycalFlow

I'm making an app that will be used in multiple hospitals in the US. As per HIPAA compliance requirement, every hospital will have its own server that complies with these requirements of ensuring patient data security, etc. Now the task is that the app should communicate with a particular server based on the login info. An additional requirement is that new hospitals(servers) are likely to be added along the way, even after the app is available on the market. So basically, according to some login credentials, the app should communicate with the server of the hospital assigned to that person. One pretty crude way is to set up our own server which links the hospitals with the login info and accordingly, provides a base-url for data exchange. Is there a more efficient way to handle this?

Read the article
Unity session goes to lock on app launch, and won't unlock with password

- by really

Has been happening on every Ubuntu machine I've used to date, which is a total of 4. Started in 12.10 as far as I know, but it might have happened with 12.04, 12.10, 13.04, 13.10 and now 14.04. It doesn't seem to matter what I'm doing, but what always seems to trigger it is opening a web browser or some other application first from the sidebar. Firefox was was the most recent trigger. Instead of opening my browser, which it acts like it's going to do... the session locks, goes to the login screen, and won't unlock with the correct password. By 'won't unlock' I mean it unlocks then immediately locks again without first restoring unity, it does not produce 'incorrect password' I suspect this is a virus or password snooping software because of the fact it won't unlock with correct password information and I think if this IS a security issue, it should be fixed asap considering it's widespread throughout multiple versions. It's probably not a virus, but it is certainly suspicious behaviour to see your pc do that... wouldn't you think?

Read the article
IntelliTrace collector error Some or all identity references could not be translated

- by Tarun Arora

If you are running the IntelliTrace stand alone collector to collect the trace against an Application Pool which is running under the identity “.\<username>” then you are likely to run into the following exception, Start-IntelliTraceCollection : Some or all identity references could not be translated. At line:1 char:29 + Start-IntelliTraceCollection <<<< "FabrikamFiber.Web" C:\IntelliTraceCTP\collection_plan.ASP.NET.trace.xml C:\Intell iTraceLogs + CategoryInfo : NotSpecified: (:) [Start-IntelliTraceCollection], IdentityNotMappedException + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,Microsoft.VisualStudio.IntelliTrace .PowerShell.StartIntelliTraceCollectionCommand Steps to reproduce the issue The application pool “FabrikamFiber.Web” is using the identity “.\Admin” Workaround Change the identity of the application pool to <MachineName|Domain>\<UserName>. So, in the above work around if I change the identity to “Production\Admin” then the IntelliTrace does not throw an exception. This error has been reported to Microsoft and it is expected that it will be fixed in one of the future releases. Enjoy!

Read the article
Mozilla Firefox 23 Will Block Mixed SSL Content

- by Anirudha

Originally posted on: http://geekswithblogs.net/anirugu/archive/2013/07/03/mozilla-firefox-23-will-block-mixed-ssl-content.aspxIf you have a site which is running on SSL and used content that make non-https request then you need to a bit worried. The default setting of Firefox 23 will block the content that called on non-https address and page is based on SSL. for example script using https://code.jquery.com/jquery-1.10.2.min.js will not work because code.jquery.com can not be reach on https. the cdn ajax.googleapis.com support SSL so you can try it. if you want to disable this settings you can modify it on about:config security.mixed_content.block_active_content change the value true to false and it will be disable (it’s just for example)

Read the article
Multiple vulnerabilities in ImageMagick

- by chandan

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-0981 Buffer overflow vulnerability 10.0 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 CVE-2005-0397 Format string vulnerability 7.5 CVE-2005-0759 Denial of service (DoS) vulnerability 5.0 CVE-2005-0760 Denial of service (DoS) vulnerability 5.0 CVE-2005-0761 Denial of service (DoS) vulnerability 5.0 CVE-2005-0762 Buffer overflow vulnerability 7.5 CVE-2005-1739 Denial of service (DoS) vulnerability 5.0 CVE-2007-4985 Denial of service (DoS) vulnerability 4.3 CVE-2007-4986 Numeric Errors vulnerability 6.8 CVE-2007-4987 Numeric Errors vulnerability 9.3 CVE-2007-4988 Numeric Errors vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Read the article
Multiple vulnerabilities in Firefox web browser

- by chandan

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3062 Numeric Errors vulnerability 6.8 Firefox web browser Solaris 11 11/11 SRU 9.5 Solaris 10 SPARC: 145080-11 X86: 145081-10 CVE-2012-0467 Denial of service (DoS) vulnerability 10.0 CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0469 Resource Management Errors vulnerability 10.0 CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0473 Numeric Errors vulnerability 5.0 CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-0479 Identity spoofing vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Read the article
Is there a media player that works on HTTPS sites?

- by Iain Hallam

I'm currently using Yahoo! Media Player for a site that needs to play MP3 files that are stored on our server. In total, there's quite a bit more than the free limits at Soundcloud, but each file is only a few minutes long. YMP is pretty good, but causes security warnings on HTTPS pages, because it can only be served via HTTP. Is there an equivalent free player I can embed for the HTTPS pages? EDIT: Just to clarify, I'm initially looking for something that will scan the page and turn media links playable.

Read the article
SQL Server 2008 R2: StreamInsight changes at RTM: Event Flow Debugger and Management Interface Secur

- by Greg Low

In CTP3, I found setting up the StreamInsight Event Flow Debugger fairly easy. For RTM, a number of security changes were made. First config: To be able to connect to the management interface, your user must be added to the Performance Log Users group. After you make this change, you must log off and log back on as the token is only added to your login token when you log on. I forgot this and spent ages trying to work out why I couldn't connect. Second config: You need to reserve the URL that the...(read more)

Read the article
How to switch from Apache 2.0 Handler to FastCGI on Ubuntu Zend Server?

- by amoooc

I can't deploy/manage my Joomla websites On Ubuntu 12.04 Zend Server PHP 5.3.14 due to permissions during Joomla installation/J! extensions installation. All files are unwriteable. Only CHMOD 777 will help but of course it's not resolving the problem due to security issues. I think it's because cgi-fcgi is not shipped with Zend Server (only with Zend Server for Windows) Or maybe there is different solution how to make it work? PHP info on Ubuntu Zend Server Server API: Apache 2.0 Handler PHP Version 5.3.14 Zend Server Community Edition 5.6.0 Server Software Apache/2.2.22 (Ubuntu) Zend Framework 1.12.0 I'm already asked similar question here, but unfortunately without solution yet so Ubuntu Community please advice. I would be grateful for any help. Cheers

Read the article
How do I turn off all the password prompts?

- by Barkerto

I've been using Ubuntu 12.04 LTS since release and am trying to figure out a couple things about all of these passwords and key-ring prompts that I've just been living with for a while. Ever since install it seems that every time I boot up my computer and want to do anything (ie. use the internet, use a internet browser, install something, delete something, pick my nose) I'm always prompted for either a normal password entry or a key-ring password entry. Is there anyway to turn off all of this "security" and tell my Ubuntu that it can trust what I'm doing and go take a shower? Thank You in advance, barkerto

Read the article
What You Said: How Do You Set Reminders?

- by Jason Fitzpatrick

Earlier this week we asked you to share your favorite tricks for staying on top of your tasks with timely reminders. Now we’re back to highlight some great reader tips (including a bit of software older than some of our readers). Most of us have to-do lists longer than we can do in a given day (or week!) and a constantly changing set of demands and next-actions. Having a timely and effective reminder system is the difference between dropping the ball and getting things done; how exactly that reminder system plays out, however, varied greatly from reader to reader. OJMDC sticks with analog reminders: Sticky notes in the middle of my monitor and in my wallet. I’ve tried my phone apps but I typically disregard them. HTG Explains: Is UPnP a Security Risk? How to Monitor and Control Your Children’s Computer Usage on Windows 8 What Happened to Solitaire and Minesweeper in Windows 8?

Read the article
Do you use to third party companies to review your company's code?

- by CodeToGlory

I am looking to get the following - Basic code review to make sure they follow the guidelines imposed. Security code analysis to make sure there are no loopholes. No performance bottlenecks by doing a load test etc. We have lot of code coming in from third parties and is becoming laborious to manage code reviews and hence looking to see if others employ such practices. I understand that it may be a concern for some and would raise the question "Well, who is going to make sure the agency is doing their job right?" But basically I am just looking for a third party who can hold all vendor code to the same standards.

Read the article
Why does my Ubuntu Software Center not work? [closed]

- by Alex Mundy

Possible Duplicate: How do I fix a “Problem with MergeList” error when trying to do an update? I've been having trouble with my Software Center. Whenever I try to open it, or even do an apt-get in the terminal I get this message: Reading package lists... Error! E: Encountered a section with no Package: header E: Problem with MergeList /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_precise-security_restricted_binary-i386_Packages E: The package lists or status file could not be parsed or opened. How do I fix it? Note: I'm new to Ubuntu. I need simple instructions for the moment.

Read the article
deny-uncovered-http-methods in Servlet 3.1

- by reza_rahman

Servlet 3.1 is a relatively minor release included in Java EE 7. However, the Java EE foundational API still contains some very important changes. One such set of features are the security enhancements done in Servlet 3.1 such as the new deny-uncovered-http-methods option. Servlet 3.1 co-spec lead Shing Wai Chan outlines the use case for the feature and shows you how to use it in a recent code example driven post. You can also check out the official specification yourself or try things out with the newly released Java EE 7 SDK.

Read the article
Regulating outgoing traffic on ubuntu VM

- by DazSlayer

I am making a virtual network setup for my high school cybersecurity team to practice. I am connecting all the VMs together through a VPN and then people who are practicing will VPN in and ssh/remote desktop into the different VMs. The problem is that for practicing, they will need root access into the VMs and because the VMs are connecting to my personal network, the VMs pose a security risk to my personal network. Is there any way in either VMWare or VirtualBox or even making an unchangeable iptable (I can make all the windows VMs go thru a linux VM) to prevent people from connecting to my local network via the VM?

Read the article
Develop JavaScript API to expose web services [closed]

- by Apps

We are planning to develop a JavaScript API to expose some of our J2EE based services. We are doing this keeping Google Maps API in mind. Can someone please suggested where we should start and the approaches that we need to follow to create a useful and extensible JavaScript API? These are the things that we are considering to achieve. It should be very simple for others to use our API. We feel Google Maps API is like that. We should be able to release the updates of the APIs without affecting the existing implementations. We should have enough security measures so that not all can use these services. Please suggest us if there are any books that can guide us through. Any suggestion will be greatly helpful for us. Please let me know if my question is not clear or you need any further information.

Read the article
Package version updates policy

- by Sandman4

Not sure if here it's the right place to ask, if not - please point me to the right direction. Let's say there's a package, for the sake of real-world example - bind9. In Precise and in Quantal it's version 9.8.1. The original developer (ISC) currently provide versions 9.8.4 which is a bugfix release in the 9.8 line, and 9.9.2 which is a "new features" branch. It looks like when a security issue is encountered, the specific bugfix is backported into 9.8.1. Now the question: Why maintainers don't just update to the latest bugfix release ? Why to backport only certain patches ? Is it intentionally or just there's no maintaner who would take the effort to update to the latest bugfix release ?

Read the article
Ad networks that will serve via HTTPS?

- by Dogweather

I've built a website with 160K page views per month that serves every page over HTTPS. The recent FireSheep news will probably increase the adoption of "HTTPS everywhere" but it's been very hard to find ad networks and affiliates that will serve their content via HTTPS. I don't want to use these because I don't want my visitors to get "broken security" notification from their browsers (and of course, relevant ads would be a leak of private information). I'm tired of spending a ton of time signing up with ad networks and affiliates only to find out down the road that they don't support HTTPS (e.g. AdSense). Can anyone suggest any options or provide a pointer to a list of these somewhere?

Read the article

< Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315 | Next Page >