Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 167/1021 | < Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174  | Next Page >

  • How useful is mounting /tmp noexec?

    - by Novelocrat
    Many people (including the Securing Debian Manual) recommend mounting /tmp with the noexec,nodev,nosuid set of options. This is generally presented as one element of a 'defense-in-depth' strategy, by preventing the escalation of an attack that lets someone write a file, or an attack by a user with a legitimate account but no other writable space. Over time, however, I've encountered arguments (most prominently by Debian/Ubuntu Developer Colin Watson) that noexec is a useless measure, for a couple potential reasons: The user can run /lib/ld-linux.so <binary> in an attempt to get the same effect. The user can still run system-provided interpreters on scripts that can't be run directly Given these arguments, the potential need for more configuration (e.g. debconf likes an executable temporary directory), and the potential loss of convenience, is this a worthwhile security measure? What other holes do you know of that enable circumvention?

    Read the article

  • Which modules can be disabled in apache2.4 on windows

    - by j0h
    I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

    Read the article

  • Can't remove Internet Explorer Add-On

    - by Emile
    I'm using IE8 on Windows 7. I'm trying to delete an add-on from my "Manage Add-ons" panel. But when I double click the add-on I'd like to delete, the "Remove" button is grayed out. Only the disable option is available. I've gone to the path it points to and deleted that folder. I've also searched the registry to delete keys and went to Control Panel to uninstall the related installation package. Any ideas?

    Read the article

  • Preventing - Large Number of Failed Login Attempts from IP

    - by Silver89
    I'm running a CentOS 6.3 server and currently receive emails entitled "Large Number of Failed Login Attempts from IP" from my server every 15 minutes or so. Surely with the below configured it should mean only the person using the (my static ip) should be able to even try and log in? If that's the case where are these remote unknown users trying to log into which is generating these emails? Current Security Steps: root login is only allowed without-password StrictModes yes SSH password login is disabled - PasswordAuthentication no SSH public keys are used SSH port has been changed to a number greater than 40k cPHulk is configured and running Logins limited to specific ip address cPanel and WHM limited to my static ip only hosts.allow sshd: (my static ip) vsftpd: (my static ip) whostmgrd: (my static ip) hosts.deny ALL : ALL

    Read the article

  • How can I tell if a host is bridged and acting as a router

    - by makerofthings7
    I would like to scan my DMZ for hosts that are bridged between subnets and have routing enabled. Since I have everything from VMWare servers, to load balancers on the DMZ I'm unsure if every host is configured correctly. What IP, ICMP, or SNMP (etc) tricks can I use to poll the hosts and determine if the host is acting as a router? I'm assuming this test would presume I know the target IP, but in a large network with many subnets, I'd have to test many different combinations of networks and see if I get success. Here is one example (ping): For each IP in the DMZ, arp for the host MAC Send a ICMP reply message to that host directed at an online host on each subnet I think that there is a more optimal way to get the information, namely from within ICMP/IP itself, but I'm not sure what low level bits to look for. I would also be interested if it's possible to determine the "router" status without knowing the subnets that the host may be connected to. This would be useful to know when improving our security posture.

    Read the article

  • Enabling the Power State Change Beep

    - by digitxp
    I have a Thinkpad T430s. I found on other Thinkpads there's a beep when you plug or unplug the AC cord. While I hear a lot of people say it's annoying it seems like a very useful security feature. However, when I go into the Power Manager the option to beep on plugging/unplugging ("Power State Change Beep") isn't there, even though it's in the help file already. I know it would be easy to rig a software solution to this event, but it would kind of defeat the purpose if it doesn't beep when it's in sleep. Is there a way to get this beep on my laptop?

    Read the article

  • General High-Level Assessment

    - by tcarper
    Guys and Gals, I've been tasked with a doozy of an assignment. The objective is something akin to "laying of hands" on several database servers which work in concert to provide data to various Web, Client-Server and Tablet-Sync'd distributed Client-Server programs. More specifically, I've been asked to come up with a "Maintenance Plan" which includes recommendations for future work to improve these machines' performance/reliability/security/etc. Might there be some good articles on teh interwebs ya'll could point me towards which would give me some good basis to start? Articles describing "These are the top 4 overarching categories and this is how you should proceed when drilling down on each of them" sort-of-thing would be fabulous. The Databases are all SQL 2005, however the compatibility level is 80 and they were originally created with ERwin based on SQL 6.5. The OSs are all Windows Server 2003. Thanks all! Tim

    Read the article

  • "This file came from another computer..." - how can I unblock all the files in a folder without having to unblock them individually?

    - by Schnapple
    Windows XP SP2 and Windows Vista have this deal where zone information is preserved in downloaded files to NTFS partitions, such that it blocks certain files in certain applications until you "unblock" the files. So for example if you download a zip file of source code to try something out, every file will display this in the security settings of the file properties "This file came from another computer and might be blocked to help protect this computer" Along with an "Unblock" button. Some programs don't care, but Visual Studio will refuse to load projects in solutions until they've been unblocked. While it's not terribly difficult to go to every project file and unblock it individually, it's a pain. And it does not appear you can unblock multiple selected files simultaneously. Is there any way to unblock all files in a directory without having to go to them all individually? I know you can turn this off globally for all new files but let's say I don't want to do that

    Read the article

  • Windows: make browsers do a DNS-lookup even when the Computer is offline

    - by leosok
    I use a local DNS-Server (MicroDNS) which I set via netsh to redirect any query to my own page. A little webserver running inside my software answering something like "this page is not whitelisted". It works when connected to the Internet but does not work when offline. The Browsers stop looking up the DNS. How could I make Browsers go to my page, whatever I enter in the address line, WHEN OFFLINE?

    Read the article

  • Is it secure to store the cert/key on a private AMI?

    - by Phillip Oldham
    Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

    Read the article

  • Chrome Open in New Tab/Window Menu Items

    - by Aequitarum Custos
    The problem is, both Firefox and Internet Explorer have "Open in New Tab" as the second option. This has become muscle memory for me by now, to the point that I don't use as often as I want to, solely because I can't open a page in a new tab without thinking about it. Is there a way to switch the position of "Open Link in new tab" and "Open link in new window", so that I can resume browsing as normal, or am I cursed by this user interface design nightmare by Google?

    Read the article

  • some websites not opening completely

    - by mkk
    Hi everybody, I am using bsnl broadband connection, modem: wa3002g1 os: xp(86x) / vista(64x) A few days back I have changed the modem (don't know the previous modem no) because of some issues. since then I am not able to open most of the websites in firefox, IE6/8, chrome, opera. If i connect with other network like reliance data card, those websites are opening, if i connect bsnl the problem will be same again. I called to customer care many times, but no use. Please help me to find the solution. Thank you in advance.

    Read the article

  • Why does Windows Firewall show "Unidentified network" as one of my "Active public networks"?

    - by MousePad
    I have a machine that has wifi and ethernet. I have wifi active, and am not using ethernet. My Windows firewall shows two active networks, one is the wifi network I connect to, and the other is "Unidentified network". What is this unidentified network? I can't seem to be able to get rid of it because I can't find where it is even defined. How can you detect this and know whether this is just something appropriate or possibly a security problem? I am on Windows 7 64bit.

    Read the article

  • How to Make the Kindle Fire Silk Browser *Actually* Fast!

    - by The Geek
    Not that long ago, we reviewed the Kindle Fire, and one of our biggest complaints was how lousy the browser is—but we’ve discovered the trick to making it actually fast. Here’s how to fix it. How to Make the Kindle Fire Silk Browser *Actually* Fast! Amazon’s New Kindle Fire Tablet: the How-To Geek Review HTG Explains: How Hackers Take Over Web Sites with SQL Injection / DDoS

    Read the article

  • openSuse full disk encryption

    - by djechelon
    I'm a proud Suser. I'm about to reinstall 12.2 on my ASUS N76VZ (UEFI x64 laptop). Since I'm very sensitive about laptop security against theft or unwanted inspection, I chose to use BitLocker with USB dongle in Windows 7. When installing Suse the last time I found that only the home partition (separated from root) was capable of being encrypted. Does Suse offer a full disk encryption solution like BitLocker that I haven't discovered yet? Or is encrypting home partition the only way to protect data? Encrypting only home is feasible as one stores personal data in home, but I still would like to encrypt the whole thing! Also, using a hardware token (no TPM available) for unlocking is preferred to password, if possible! Thanks

    Read the article

  • How to get full write permission on my second drive after dual boot?

    - by Shaul
    I had a WinXP installation on my hard drive. Then I bought a 2nd drive and installed Win7. Dual boot working fine. But when I'm in the Win7 environment, it appears that I don't have full admin permission on the "D" drive (that's the drive with WinXP). Even though the user I'm logged in as has admin permissions, I have to run my apps with administrator privileges in order to get write access to the D drive. This is not the case when I do stuff on the C drive. I could just get into running those apps that access the D drive in admin mode, but that seems like overkill. Is there some secret switch I can flip so that my D drive acts like my C drive, security-wise?

    Read the article

  • PHP Requests Being Blocked After Making About 25 in Ten Minutes

    - by Daniel Stern
    We have an administrative portal where we run PHP functions through a Javascript portal using ajax for administrative purposes. For example, we might have a function called updateAllDatabaseEntries() which would call AJAX functions in rapid succession, with those functions each executing numerous SQL queries. The problem is after making several successive requests from the same computer (not an excessive amount, maybe 30 in ten minutes) the system will stop responding to any PHP, HTTP requests ETC ONLY from my computer. From other computers in the office the panel can still be accessed, and access is restored to this computer after about 15 minutes. We believe this is not a glitch but some kind of security feature built into our server, possibly relating to Suhosin and likely well-intentioned but currently preventing us from running our system administration. Server Info: Linux 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 GNU/Linux Cheers - DS

    Read the article

  • Why are my Google and Bing search result pages locking up?

    - by Cyberherbalist
    I've got some really weird behavior going on. I can't do any web searching using Google or Bing because when the search result page shows up, every single link on the page is completely unresponsive. That is, every link to a search result. The links to page functions other than search results work fine. This happens in both IE9 and FF13. It doesn't happen to Yahoo! results, though. Any ideas?

    Read the article

  • How to find video in Firefox cache?

    - by Alegro
    I'm trying to find youtube video (just watched) in Firefox cache folder, but I cant find the folder. win xp sp3 Firefox 16.1 I tried C:\Documents and Settings\eDIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\xp44aixq.default\Cache Also C:\Documents and Settings\eDIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\49mvq84u.default\Cache In this folder I found the png thumbnail of visited youtube page C:\Documents and Settings\eDIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\49mvq84u.default\thumbnails But, there is no video file. I also searched all files and folders arround (Default user, All users...etc). There is only one win user.

    Read the article

  • New Secure Website with Apache Reverse Proxy

    - by jtnire
    I wish to set up a new website that will be accessed by users using HTTPS. I think it is good practise to put the "real" web server in a seperate subnet, and then install an Apache Reverse Proxy in a DMZ. My question is, where should I put the SSL cert(s)? Should I a) Use a self-signed cert on the "real" web server, and a proper cert on the reverse proxy? b) Use 2 real certs on both the "real" web server and the reverse proxy? c) Don't use any cert on the "real" web server, and use a proper cert on the reverse proxy? I'd like to use a) or c), if possible. I also don't want anyone's browser complaining of a self-signed cert. Thanks

    Read the article

  • Identifying program attempting to install certificate on windows

    - by R..
    I'm trying to help a friend using Windows (which I'm not an expert on by any means) who's experiencing malware-like behavior: a dialog box is repeatedly popping up reading: You are about to install a certificate from a certification authority (CA) claiming to represent: CE_UmbrellaCert Warning: If you install this root certificate, Windows will automatically trust any certificate issued by this CA. Installing a certificate with an unconfirmed thumbprint is a security risk. If you click "yes" you acknowledge this risk. AV and anti-malware scanners don't detect anything. My friend hasn't accepted installing the certificate, but whatever program is trying to install it keeps retrying, making the system unusable (constant interruptions). Is there any way to track down which program is making the attempt to install it so this program can be uninstalled/deleted?

    Read the article

  • Apache trailing slash added to files problem

    - by Francisc
    Hello! I am having a problem with Apache. What it does is this: Take /index.php file containing an code with src set to relative path myimg.jpg, both in the root of my server. So, www.mysite.com would show the image as would www.mysite.com/index.php. However, if I access www.mysite.com/index.php/ (with a trailing slash) it does the odd thing of executing index.php code as it would be inside an index.php folder (e.g. /index.php/index.php), thus not showing the image anymore. This is a simple example that's easy to solve with absolte addressing etc, the problem I am getting from this a security one that's not so easily fixed. So, how can I get Apache to give a 403 or 404 when files are accessed "as folders"? Thank you.

    Read the article

  • My BrowserHelperObject is detected by avg as a malware, what is going wrong.

    - by BHOdevelopper
    Hi i'm building a BrowserHelperObject in c++ for Internet Explorer 8. It is a friendly add-on that gives you fonctionalities in a sidebar. The thing is that when you download the add-on executable from the web, AVG (AntiVirusGuard) detects the executable file as a malware. I did a lot of research and i can't find a way to not being seen as a bad malware. I know that BrowserHelperObject are often seen as malware, but mine is just a good and friendly add-on. Does anyone as info on how antivirus detection works and what can i do to prevent being seen as a malware. What has to be done to the BHO to pass avg detection ? Thank you.

    Read the article

  • How to disable Utility Manager (Windows Key + U)

    - by Skizz
    How do I disable the Windows Key+U hotkey in Windows XP? Alternatively, how do I stop the utility manager from being active? The two are related. The utilty manager is currently providing a potential security hole and I need to remove it*. The system I'm developing uses a custom Gina to log in and start a custom shell. This removes most Windows Key hotkeys but the Win+U still pops up the manager app. Update: Things I've tried and don't work: NoWinKeys registry setting - this only affects explorer hotkeys; Renaming utilman.exe - program reappears next login; Third party software - not really an option, these machines are audited by the clients and additional, third party software would be unlikely to be accepted. Also, the proedure needs to be reasonably straightforward - this has to be done by field service engineers to existing machines (machines currently in Russia, Holland, France, Spain, Ireland and USA). * The hole is via the internet options in the help viewer the utility app links to.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174  | Next Page >