Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 358/523 | < Previous Page | 354 355 356 357 358 359 360 361 362 363 364 365 | Next Page >

How does the "Full Control" permission differ from manually giving all other permissions?

- by Lord Torgamus

On Windows Server 2003, and some other versions of Windows, the Properties > Security tab of a folder's or file's context menu provides "Allow" and "Deny" options for "Full Control," "Modify," "Read" and other permissions (graphic provided). After clicking "Full Control," all boxes in the column — except for "Special Permissions" — get automatically checked. What's the difference between checking "Full Control" and just checking all the other boxes individually? Are there hidden/advanced permissions toggled by "Full Control" that aren't listed in the main permissions window? Is "Full Control" just a convenience shortcut?

Read the article
Browser keeps being really rude to me today

- by j-t-s

Hi All I've had this problem only once before, years ago. I bought a new computer the other day and last night I visited a website which Google Chrome suspected was an insecure site. So I proceeded to view the page anyway (Stupid, I know... But I was curious), and all of a sudden the window closed and ever since, every few minutes either Google chrome or Internet Explorer keeps popping up with random websites, most of which are porn-related sites. I have downloaded ZoneAlarm, IOBit 360, Eset Smart Security and none of them reported any problems. I still have the rube browser problem. Can somebody please suggest any software/ways to fix this? (Other than to reformat please :)) Thank you :)

Read the article
Help with Corrupt version of IE8 on WinXPsp3

- by Anon

I've upgrade from IE6 to 7 to 8 and back down and back up, but still have critical issues in IE such as * cannot see any version info in "about internet explorer" * cannot run windows update * cannot load SharePoint pages (and other pages using ActiveX or IE-specific dhtml) I've also re-installed sp3, but still no luck. Also, also - I've changed security settings to be most permissive. Next step is blowing it all away and starting with windows7. Short of that, any suggestions are welcome. Thanks in advance.

Read the article
Images not accessible in localhost using wamp in windows 7 [closed]

- by Am poru

I Installed wamp in windows 7 pro, and copied a joomla live site. Everything seems working well except that it doesn't load the images on the page. Even when I try to access in directly: localhost/logo.png Im getting an 403 Forbidden: Forbidden You don't have permission to access /logo.png on this server. Solutions I have tried are: 1. Using icacls to grant priviledge 2. manually set the permission by right clicking the image and editing the security. php, html and other files are loading in the browser, but not images. Please help.

Read the article
"Access is denied" when copying text file to printer UNC path

- by Patrick

We have a new server running Server 2008 R2. We also have a "DOS-based" program that prints directly to the UNC path of a print share. With the new server, we are unable to print from this program. According to support, the program's printing works in the same way as if we were to do a "copy mytextfile.txt \\myserver\myprinter". When we try to run this command in DOS, we get "Access is denied". Support is saying that this is why the DOS program is not able to print. I have tried granting all permissions on the printer to the appropriate users (under Security of the printer properties) but that did not work. Is there a policy setting that would cause this to be denied?

Read the article
Is looking for Wi-Fi access points purely passive?

- by Aric TenEyck

Say I carry a Wi-Fi enabled phone or laptop through an area where there are WAPs. Assuming that I don't actively try to connect to them or otherwise interact with them, is it possible for the owner of that WAP to know that I was there? I'm asking this in the context of my earlier question: Looking for MACs on the network I was talking with a friend about my newfound ability to detect phones (and other devices with MAC addresses) on the network, and he pointed out that it might be useful to detect unknown phones on the network; I could use that data to track down anyone who was in my house and brought a Wi-Fi phone with them. So, if I set up a logging fake WAP with no security or encryption, can I glean any useful information about the devices that come into the house? Assuming that the thief doesn't actively try to connect...

Read the article
Using Dropbox API instead of a FTP server.

- by Somebody still uses you MS-DOS

This is a small aplication scenario. Usually, when you have to do some backups of source code/database on your server, you use a second ftp server, a cronjob to tar.gz your db dumps and source files, and send this file to your ftp server from your application server. Dropbox created an API to use it's infrastrucutre. Since they provide 2gb for free accounts, I thought about being able to upload to it instead of a ftp server. So, if you do some freelance work, you can create a free account for each client and use this approach, maybe encrypting the files you send. You even gain a revision for each sent file, like a revison control system, for free, from the last 30 days. What do you think of this approach? Is it possible? And, more importantly: what are the security risks involved? (That's why I'm asking this on serverfault, since this POV from sysadmins will be more accurate). Thanks!

Read the article
Solution to: Hotmail Senders receiving NDR : “550-Please turn on SMTP Authentication in your mail client…”

- by Tony Yustein

Original question is here original question I can not answer to that question because the system requires me to have 10 credits, very nice.... This error is based mostly on mobile devices, mostly on iPhones and mostly on mobile networks. This is how much I have narrowed it to. I believe: Hotmail checks where your are connecting from If it is a mobile network it requires additional security for sending messages but the default iPhone config does not have this option for hotmail if the user creates the hotmail account on the iPhone with SMTP AUTH enabled manually it might solve the situation Cheers, Tony

Read the article
Cent OS upgrade PHP

- by greggory.hz

I'm in the midst of resolving a bunch of security issues on a clients server to get them compliant with credit card laws and such. The first order of business is getting php from 5.2.14 to 5.2.16. When I run yum update php, this is the output I get: Excluding Packages from CentOS-5 - Addons Finished Excluding Packages from CentOS-5 - Base Finished Excluding Packages from CentOS-5 - Extras Finished Excluding Packages from CentOS-5 - Updates Finished Setting up Update Process No Packages marked for Update I'm fairly new to CentOS, but with Debian/Ubuntu, you can add PPAs to allow new software packages. Is there something similar for CentOS? This output makes it look like it's ignoring all the main package repos as well.

Read the article
Users own mapped network drives disappear when I set a GPP mapped drive

- by Kim

All the clients use Windows 7 SP1 x64 Enterprise. The domain controllers are Windows Server 2008 R2. I have configured the GPP to map "\server\data" to first available drive letter starting with I:. The action is replace and I have set the Hide/Show this drive and Hide/Show all drives to "Show". I have set targeting to a specified security group. This works as expected and the drive is mapped to the correct users. The problem is that if the user has created their own mapped drives these mappings will disappear when the GPP mapping is applied. Only the mapped drives from the GPP is shown in Explorer. I have not found any other mention of this particular problem when I search the Internet and on TechNet there is no mention of what happens to drives already mapped.

Read the article
Cannot login SQL Server after changing machine name

- by Ucodia

After installing and setting up new machines in a domain, we decided to rename one of them which had a SQL Server instance installed. So I changed the hostname, everything went fine regarding the domain but now, the server is logging a approximatively 2 SQL Server errors every 5 minutes and I cannot connect to the instance localy or from anywhere within the domain. Here is the error from the event log: SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed [CLIENT: x.x.x.x] Concerning the instance, everything is started and restarted without any extra error.

Read the article
SFTP not working, but SSH is

- by Dan

I've had a server running CentOS for a few months now. A few days ago, I stopped being able to connect to it over SFTP. I've tried from multiple computers, OSes, clients, and internet connections. I can SSH in just fine, though. For example, Nautilus gives me this: Error: DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Please select another viewer and try again. I was under the impression that SFTP was just pure SSH, and if one worked, the other would, and vice-versa. Clearly that's not the case, though. What could I have done wrong?

Read the article
How do I make stunnel verify a clients certificate?

- by unixman83

NOTE: The title is misleading. Please correct it if you know a better title. What I want to know is how do I create the SSL keys / certificates needed for this. Hi. I am using stunnel to authenticate RDP (Remote Desktop) and I need to verify that a client possesses the proper credentials. So people cannot brute force into the machine. I am also using a bad (outdated) version of RDP that has security vulnerabilities, so stunnel is a must. I will preshare the necessary .pem's between machines. What are the openssl commands I need to create the right .pem files on both the client and on the server? What files need to be shared?

Read the article
Deny IIS6 web request based on URL parameters?

- by user21146

I've got a legacy app running a third-party ecommerce system under IIS6. Some spammers recently discovered a bad security vulnerability in one of the store's forms, which are allowing them to send arbitrary emails from our system. Unfortunately, this store "feature" is built into the default.aspx page's code-behind and I have no way to disable it without shutting down the store. How can I filter out URL request with a given querystring parameter? ie, I want to filter out requests to: http://www.mysite.com/store/?id=SendSpam based on the "SendSpam" string.

Read the article
Is there a Google Authenticator desktop client?

- by cwd

I am using Google Authenticator for 2-step authentication. I like how I can use a code and verify my account using my phone: I realize that the app was designed to run on a device other than a computer to increase security for the computer (in case that it is lost or stolen), but I would like to know if there is a way I can run Google Authenticator on my Macbook. Now, per the Google Authenticator Page it will not run on a desktop: What devices does Google Authenticator work on? Android version 2.1 or later BlackBerry OS 4.5 - 6.0 iPhone iOS 3.1.3 or later However there are several emulators for developers and so I wonder if it is possible to run one of these emulators and then run Google Authenticator with that. I do realize this is not a best practice - but I'm less worried about my laptop getting stolen and more worried about someone just hacking the account. So my question is this: Is it possible to run it on the desktop, even though it is not meant to be / not recommended?

Read the article
Passwordless ssh on multiple machines

- by Phil

Hi all, I'm quite confused with all the ssh security stuff. I am trying to reconfigure a system that is currently broken for reasons unknown. Machine A is your personal computer that you use whenever you're at home. Machine B is the head node of an HPC cluster and all the other machines C are all identically configured machines which share the home directories of machine B. This is an HPC cluster if you haven't guessed. How would I configure passwordless ssh between any nodes B or C. A can only get to C through sshing into B

Read the article
Putting two physical hard drives in a single 2.5" bay?

- by dgw

My crazy brain came up with this ridiculous idea. "Why can't I have a single 2.5" drive device that actually contains two independent hard drives? I want RAID 1 data mirroring and the security of having redundant drives. This is a thing that must exist!" To be clear, I am not asking if I can somehow shoehorn two 2.5" drives into a single bay, replace an optical drive with an additional HDD, or anything like that. What I have in mind is a single 2.5"-form-factor device that houses two independent hard drives, with separate housings (likely) and distinct controllers. Probably all they'd need to share is the power & SATA connections. Probably no such thing exists, but because I know there exist hard drives the physical size of a stack of postage stamps (roughly), I have to ask.

Read the article
Automatic Server Management

- by Radoslav

I try to find any kind of automatic management services. What I mean: I purchase dedicated server. Login SSH and install any kind of Daemon. Control security, tune LAMP stack, monitoring etc. from dashboard. Never touch SSH and login in to the server. Pay every month for this service. I already find few providers, but they support only EC2 cloud servers. If you can suggest me anything for dedicated machines? If not- I need to hire anyone for 5h Administrator and 715h "Box-Watcher" every month :|

Read the article
Is it safe/wise to run Drupal alongside bespoke business web apps in production?

- by Vaze

I'm interested to know the general community feeling about the safety of running Drupal alongside bespoke, business critial ASP.NET MVC apps on a production server. Previously my employer's Drupal based 'visitor website' was hosted as a managed service with a 3rd party. While the LoB sites were hosted in-house. That 3rd party is no longer available so I'm considering my options: Bring Drupal in-house Find another 3rd party My concern is that I have little experience with Drupal administration (and no experience securing it) and that the addition of PHP to my IIS server poses a security risk. Is there a best practice that I can follow in this situation?

Read the article
Tomcat Failed to start

- by user71538

I have installed Tomcat on windows XP through the Tomcat installer. I have installed JDK 1.6. But when I start Tomacat from services.msi on XP, I get the following error: java.lang.ClassNotFoundException: org.apache.catalina.core.AprLifecycleListener at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at sun.misc.Launcher$ExtClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at org.apache.commons.digester.ObjectCreateRule.begin(ObjectCreateRule.java:204) at org.apache.commons.digester.Rule.begin(Rule.java:152) at org.apache.commons.digester.Digester.startElement(Digester.java:1286) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(Unknown Source) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)

Read the article
Sticking with Ubuntu 12.04 while heavily using PPA for newest software updates (Apache 2.4, PHP 5.5)

- by MechaStorm

I was wondering whether is it worthwhile to stick with Ubuntu 12.04 LTS until 14.04 comes or should I be switching to just the latest Ubuntu server version 13.10. My server needs are not enterprise heavy and previous thought to keep with LTS was simply to gain the security updates without having to upgrade the servers every couple months. But as we are moving forward with our software development, I have found that alot of the default version of software with 12.04 is way out of the date forcing me to up date via PPA or from source instead of from default apt-get. ie PHP 5.3 is on 12.04, and I'd like to get it to 5.5. Is it worthwhile to simply move to 13.10 in that situation? With the idea to move to 14.04 when it comes?

Read the article
If a SQL Server Replication Distributor and Subscriber are on the same server, should a PUSH or PULL subsciption be used?

- by userx

Thanks in advance for any help. I'm setting up a new Microsoft SQL Server replication and I have the Distributor and Subscriber running on the same server. The Publisher is on a remote server (as it is a production database and MS recommends that for high volumes, the Distributor should be remote). I don't know much about the inner workings of PUSH vs PULL subscriptions, but my gut tells me that a PUSH subscription would be less resource intensive because (1) the Distributor is already remote, so this shouldn't negatively effect the Publisher and (2) pushing the transactions from the Distributor to the Subscriber is more efficient than the Subscriber polling the Distribution database. Does any one have any resources or insight into PUSH vs PULL which would recommend one over the other? Is there really going to be that big of a difference in performance / reliability / security?

Read the article
TYPO3 unable to log in

- by Agata

Hi, My company prepared a new website based on typo3 (don't know the version but they started to prepare it in October 2011 so it's probably from that time. A couple of days ago I got my user name and password but I'm unable to log in (Itried withIE, Firefox and Chrome). Each time I try typo3 behaves like I'd be entering wrong user name orpassword (for sure I'm entering the right one, I also tried other user's data it ended up the same way). I use Windows 7 and Kaspersky Internet Security 9.0.0.736 - might their settings block typo3? I really don't know what to do and can't obtain help from the IT department (in head office in another country)... Thank you for any suggestions in advance.

Read the article
Provide credentials to process in a safe manner

- by Erik Aigner

On system startup I need to launch a process which requires credentials for other services (database etc.) to interact. I obviously don't want to store those on disk for security reasons. I'm trying to think of a way to provide those credentials to the process on launch - and on launch only. After that they should be only available to the process. Is this possible somehow? The bottom line is to make it as hard as possible for an intruder to get to those credentials.

Read the article
Linux (Ubuntu) USB Auth

- by themicahmachine

I want to be able to authenticate with PAM using a USB drive with a file on it. I've read about how to do this with a PAM module that reads the specific USB hardware ID of a device, but if the device malfunctions or is lost, there would be no way to authenticate. I would prefer to use the method BitLocker uses, requiring a particular file to be found on the drive in order to authenticate. That way I can keep another drive in a secure location as a backup. Any other suggestions are welcome. I just want to require a higher level of security that just a password.

Read the article

< Previous Page | 354 355 356 357 358 359 360 361 362 363 364 365 | Next Page >