Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 149/706 | < Previous Page | 145 146 147 148 149 150 151 152 153 154 155 156  | Next Page >

• How do anti-viruses work?

  - by Phoshi

  So I was thinking about viruses recently, and wondering how exactly antiviruses keep up? Considering anybody who'd been coding for a few weeks could hack together something do do nasty, nasty things to somebody's PC, the quantity alone would make a simple list of hashes prohibitive, so how do antiviruses do it? Do they monitor process activity and have a 3 strikes rule for doing virus-like things? And if so, what's stopping it from triggering on perfectly harmless things (like me moving files around in \system32)? I did a bit of googling, but the regular places didn't particularly help, and I couldn't find a dupe here, so I thought it'd be good to ask :)

  Read the article

• Does anyone know how to "tcpdump" traffic decrypted by Mallory MITM? [migrated]

  - by chriv

  I'm looking for some help in capturing network traffic that I can analyze in Wireshare (or other tools). The tool I'm using is mallory. If anyone is familiar with mallory, I could use some help. I've got it configured and running correctly, but I don't know how to get the output that I want. The setup is on my private network. I have a VM (running Ubuntu 12.04 - precise) with two NICs: eth0 is on my "real" network eth1 is only on my "fake" network, and is using dnsmasq (for DNS and DHCP for other devices on the "fake" network) Effectively eth0 is the "WAN" on my VM, and eth1 is the "LAN" on my VM. I've setup mallory and iptables to intercept, decrypt, encrypt and rewrite all traffic coming in on destination port 443 on eth1. On the device I want intercepted, I have imported the ca.cer that mallory generated as a trusted root certificate. I need to analyze some strange behavior in the HTTPS stream between the client and server, so that's why mallory is setup in between for this MITM. I would like to take the decrypted HTTPS traffic and dump it to either a logfile or a socket in a format compatible with tcpdump/wireshark (so I can collect it later and analyze it). Running tcpdump on eth1 is too soon (it's encrypted), and running tcpdump on eth2 is too late (it's been re-encrypted). Is there a way to make mallory "tcpdump" the decrypted traffic (in both directions)?

  Read the article

• certutil -ping fails with 30 seconds timeout - what to do?

  - by mark

  Dear ladies and sirs. The certificate store on my Win7 box is constantly hanging. Observe: C:\1.cmd C:\certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\set PROMPT=$P($t)$G C:\(13:04:28.57)certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)set PROMPT=$P$G C:\ Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G

  Read the article

• Can remote LogMeIn Hamachi users access our local LAN?

  - by Kev

  Unknown to me, one of the kids has installed LogMeIn Hamachi on his PC so that he can access and play on his pal's Minecraft server, and vice versa. One of the things I did was disable the Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks on the Hamachi NIC in Windows 7's Network Connections. However, my lack of fu when it comes to these types of services is leaving me feeling a little uncomfortable about him using this. Is there anything I should be worried about here? For example, can his friends access our local LAN (which has a number of NAS boxes with unsecured shares) and get up to no good?

  Read the article

• Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

  - by Howiecamp

  I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

  Read the article

• Is SSL to the proxy good enough?

  - by Josh Smeaton

  We are currently trying to decide on how best to do SSL traffic in our environment. We have an externally facing Apache proxy server that is responsible for directing all traffic into our environment. It is also doing the SSL work for the majority of our servers. There are one or two IIS servers in particular that are doing their own SSL, but they are also behind the proxy. I'm wondering, is SSL to the proxy good enough? It would mean that traffic within our network is identifiable, but is that such a big deal?

  Read the article

• Encrypt shared files on AD Domain.

  - by Walter

  Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. Can be implemented this ? What technology should be used?

  Read the article

• what constitutes out-of-band access to a server?

  - by broiyan

  The first time I access my server with a new installation of Filezilla or Putty, I will get prompted that I should continue only if the RSA key shown to me is correct. The cloud provider has advice on their website that I ought to use their AJAX console to get a key out-of-band with which to compare to the one shown by Filezilla. The AJAX console is launched from a link on the cloud provider's website which requires a login. Exactly how is this AJAX console considered to be out-of-band when it obviously is not a form of physical access to the server?

  Read the article

• Locking down firmware to keep stolen laptop from being formatted?

  - by Matt Ridge

  On the Mac laptops there are ways through the terminal to lock down the computer so that if someone tries to format the computer they won't be able to do it without the password. This way locks down the firmware. Is there a universal way to do the same thing on a PC? I know there are brands out there such as Samsung, Dell, etc that utilize different fimware types, and in turn will mean that their firmware will be locked down differently. That being said is there a "command code" that will allow you to lock the firmware to keep theives from formatting the hard drive and wiping out your data? I know a person who has time, and knowledge can get any password, and hopefully the person is smart enough to use another password to lock down the firmware, but that's not what I'm asking. I'm asking if it's possible, and if so how? Does the standard PC user require a 3rd party app, or can it be done through the command line? Or Terminal if you are on Linux?

  Read the article

• Encrypt shared files on AD Domain.

  - by Walter

  Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. How can be implemented this using EFS?

  Read the article

• Can someone access my locally ran website even if I haven't specified any port forwarding?

  - by user701510

  I am using Xampp so I can test my web application directly on my own computer. I am concerned that someone can access my Xampp site since I am still connected to the internet. However, I have NOT explicitly enabled any port forwarding with respect to my Xampp site in my router firewall settings. Furthermore, I am using a dynamic ip address. Given the factors already stated, can someone from outside my local network still access my locally ran website?

  Read the article

• How do I make the Windows low memory warning less sensitive?

  - by Stephen

  I keep getting this annoying low memory warning/prompt to close games I play. It happens very often and I still have ~6 gigs of ram free. I disabled virtual memory because it was putting stuff on the pagefile when I had 10 gigs free ram so that spiked my disk usage. Is there any way to disable this warning? I have 16GB ram so it shouldn't be an issue. I would prefer to keep pagefiles off because my HD is very loud so it's nice to keep it spun down as much as possible. I don't want to disable it completely. Ideally, I would like it to go off when I have ~2GB left rather than 6, but if this isn't viable, I may just disable it completely.

  Read the article

• Setting permissions on user accounts

  - by Ron Porter

  We would like to lock a couple of accounts to prevent even domain admins from resetting the password without already knowing the current password. From what I can see in the permission sets, this looks possible. Anything I've found on the subject recommends against altering default permissions, but doesn't go into detail why. Assuming that domain admin retains the ability to reset passwords without knowing current passwords is it reasonable to prevent password resets on the domain admin account and maybe a couple of others? If not, why not?

  Read the article

• How would you change a home wireless router with a self-signed admin site certificate to be more secure?

  - by jldugger

  littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

  Read the article

• How to secure an Internet-facing Elastic Search implementation in a shared hosting environment?

  - by casperOne

  (Originally asked on StackOverflow, and recommended that I move it here) I've been going over the documentation for Elastic Search and I'm a big fan and I'd like to use it to handle the search for my ASP.NET MVC app. That introduces a few interesting twists, however. If the ASP.NET MVC application was on a dedicated machine, it would be simple to spool up an instance of Elastic Search and use the TCP Transport to connect locally. However, I'm not on a dedicated machine for the ASP.NET MVC application, nor does it look like I'll move to one anytime soon. That leaves hosting Elastic Search on another machine (in the *NIX world) and I would probably go with shared hosting there. One of the biggest things lacking from Elastic Search, however, is the fact that it doesn't support HTTPS and basic authentication out of the box. If it did, then this question wouldn't exist; I'd simply host it somewhere and make sure to have an incredibly secure password and HTTPS enabled (possibly with a self-signed certificate). But that's not the case. That given, what is a good way to expose Elastic Search over the Internet in a secure way? Note, I'm looking for something that hopefully, will not require writing code to provide shims for the methods that I want (in other words, writing forwarders).

  Read the article

• Retrieve malicious IP addresses from Apache logs and block them with iptables

  - by Gabriel Talavera

  Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

  Read the article

• How to find systems with vulnerability which may later become agent for DDoS?

  - by jyotsna2010

  How to determine the systems with vulnerability, which scanning tool is best. The system should be identified so that it can be used as agent for DDoS. In a test bed environment I want to check this. Can anyone help?

  Read the article

• How can I audit a Linux filesystem for files which have been changed or added within a specific time

  - by Bcos

  We are a website design/hosting company running several sites on a Linux server using Joomla 1.5.14 and recently someone was able exploit a vulnerability in the RW Cards component to write arbitrary files/modify existing files on our filesystem enabling them to do some nasty things to our customers sites. We have removed vulnerable modules from all sites but are still seeing some problems. We suspect that they still have some scripts installed and need a way to audit anything that has been changed or added in the last 10 days. Is there a command or script we can run to do this?

  Read the article

• Permissions required to look up a domain user's group memberships

  - by adrianbanks

  I am writing some code to look up the members of particular domain groups. Does the user that this application runs as need any particular permissions on the domain to get this information? Background: I have already determined that the application needs to be run as a domain user to be able to query information from the domain. I have a list of group names and for each group, I need to look up the members of that group on the domain and get their names/usernames.

  Read the article

• Compromised Server nginx-mongrel - rails stack

  - by chief

  It looks like someone is using my server and hosting my application on different URL. When I visit this other URL an exact working copy of my website is present, though the browser objects when I attempt to access an HTTPS page. What has this person done?

  Read the article

• Could it be that "chkrootkit" just doesn't like .hmac, .packlist, and .relocation-tag files?

  - by Danijel

  I just cleaned up my hacked CentOS server (due to not updating since versino 5.3). But still, "chkrootkit" says this: Possible t0rn v8 \(or variation\) rootkit installed /usr/lib/.libfipscheck.so.1.1.0.hmac /usr/lib/.libgcrypt.so.11.hmac /usr/lib/.libfipscheck.so.1.hmac /lib/.libcrypto.so.0.9.8e.hmac /lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac /lib/.libcrypto.so.6.hmac /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Text/Iconv/.packlist /usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML-Tree/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Font/AFM/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/MLDBM/Sync/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/MLDBM/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/FreezeThaw/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Apache/ASP/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML-Format/.packlist /usr/lib/gtk-2.0/immodules/.relocation-tag /usr/lib/python2.4/plat-linux2/.relocation-tag /usr/lib/python2.4/distutils/.relocation-tag /usr/lib/python2.4/config/.relocation-tag Could it be that "chkrootkit" just doesn't like .hmac, .packlist, and .relocation-tag files? Are these realy still infected?

  Read the article

• Is it possible to have an external server within a company's firewall?

  - by Jonathan

  Hi guys, I am sure this is server admin 101, but I am unsure of the answer and would love some help. I am a software developer I have built an application for a client and am currently hosting it successfully on SliceHost. We are now coming out of Beta and the client wants to have the application within their firewall, but they do not want to deal with headache of hosting and maintaining the server. Is there a way I can recommend that we put our server at SliceHost within their Firewall? Is that an easy thing to do? Their specific requirements are: For my application to authenticate against their Active Directory, and Only allow access to the application from within their network If that is not possible, what should I recommend to my client?

  Read the article

• Can't connect back to the wireless network after the password was changed

  - by 7777

  Family changed the network password and some other network settings after new computers were brought into the house because apparently they wouldn't work with what we had. Actually an off-site tech remotely changed it, and I have no idea what he did. My laptop detects the network (it shows up under available networks) but whenever I try to connect it says: Windows is unable to connect to the selected network. The network may no longer be in range. Please refresh the list of available networks, and try to connect again. I wish I could give more details, config settings, but frankly I have no idea what I'm looking for. This is XP (also, not a password issue, I know the password, it's just that I have no idea where to enter it, etc.)

  Read the article

• Window 2003 Server - Logon Failure error message in Event Viewer

  - by user45192

  Hi guys, I received alot of event logged in the event viewer with this message. I notice is always the same user id which encounters this error. The user id is use by an application to access the database. However, this account does not exits on this server. How do I trace the services/program use by this user id which causes these error messages? Reason=Unknown user name or bad password&&User Name=&&Domain=&&Logon Type=3&&Logon Process=NtLmSsp&&Authentication Package=NTLM&&Workstation Name=&&Caller User Name=-&&Caller Domain=-&&Caller Logon ID=-&&Caller Process ID=-&&Transited Services=-&&Source Network Address=-&&Source Port=-&&User=SYSTEM&&ComputerName=

  Read the article

• Isolating Apache virtualhosts from the rest of the system

  - by JesperB

  I am setting up a web server that will host a number of different web sites as Apache VirtualHosts, each of these will have the possibility to run scripts (primarily PHP, possiblu others). My question is how I isolate each of these VirtualHosts from eachother and from the rest of the system? I don't want e.g. website X to read the configuration of website Y or any of the server's "private" files. At the moment I have set up the VirtualHosts with FastCGI, PHP and SUExec as described here (http://x10hosting.com/forums/vps-tutorials/148894-debian-apache-2-2-fastcgi-php-5-suexec-easy-way.html), but the SUExec only prevents users from editing/executing files other than their own - the users can still read sensitive information such as config files. I have thought about removing the UNIX global read permission for all files on the server, as this would fix the above problem, but I'm not sure if I can safely do this without disrupting the server function. I also looked into using chroot, but it seems that this can only be done on a per-server basis, and not on a per-virtual-host basis. I'm looking for any suggestions that will isolate my VirtualHosts from the rest of the system. PS I'm running Ubuntu 12.04 server

  Read the article

< Previous Page | 145 146 147 148 149 150 151 152 153 154 155 156  | Next Page >