Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 188/1233 | < Previous Page | 184 185 186 187 188 189 190 191 192 193 194 195  | Next Page >

• Setting to protect gnome-terminal from key logging

  - by yanychar

  Looks like it is easy to log keystrokes of all processes of the same user. A basic keylogger is 'xinput'. xinput test-xi2 The command generates log of all key-presses. Unfortunately, this includes passwords in gnome-terminal. Googling suggested that grabbing keyboard may prevent other windows from capturing key strokes. Is there a way to prevent XI2 logging in gnome-terminal? Or is there an X terminal that has this feature?

  Read the article

• How do I scan my windows partition for viruses from Ubuntu?

  - by Alvar

  I think I might have a virus on my windows partition and I want to scan it Ubuntu. Is this possible? I would like a program that is free. clamAV I tried clamAV but I couldn't find a setting for scaning my other partition that I have windows on, it scaned my Ubuntu disk and that was fine. Antivirus Within Windows I can't use my Windows partition since the virus make my laptop freeze every time I log in. And I don't want it to spread or make more damage than it might have done already.

  Read the article

• Significant number of non-HTTP requests hitting my site

  - by Mark Westling

  I'm seeing a significant number of non-HTTP requests hitting a site I just launched. They show up in the server (nginx) logs as non-ASCII and get rejected (correctly) with a 400 status. Here are some lines from the log: 95.132.198.189 - - [09/Jan/2011:13:53:30 -0500] "œ$A\x10õœ²É9J" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:57:42 -0500] "#§i²¸oYi á¹„\x13VJ—x·—œ\x04N \x1DÔvbÛè½\x10§¬\x1E0œ_^¼+\x09ÜÅ\x08DÌÃiJeT€¿æ]œr\x1EëîyIÐ/ßýúê5Ǹ" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:58:33 -0500] "¯Ú%ø=Œ›D@\x12¼\x1C†ÄÀe\x015mˆàd˜Û%pÛÿ" 400 173 "-" "-" What should I make of this? Is this some sort of scripted attack? Or could these be correct requests that have somehow been garbled? They're not affecting the performance of the site and I'm not seeing any other signs of attacks (e.g., no strange POSTs) so at this point I'm more curious than afraid.

  Read the article

• How can i install .deb files from terminal , i tried different ways in askubuntu

  - by krishnamraju

  i am trying to install teamviewer and i am getting the following error and the entire process is as follows kittu@kittu-355V4C-356V4C-3445VC-3545VC:~$ sudo dpkg -i teamviewer_linux_x64.debdpkg: error processing archive teamviewer_linux_x64.deb (--install): cannot access archive: No such file or directory Errors were encountered while processing: teamviewer_linux_x64.deb the file is in home/downloads/teamviewer_linux_x64.deb

  Read the article

• My self-generated CA is nearing it's end-of-life; what are the best practices for CA-rollover?

  - by Alphager

  Some buddies and me banded together to rent a small server to use for email, web-hosting and jabber. Early on we decided to generate our own Certificate Authority(CA) and sign all our certificates with that CA. It worked great! However, the original CA-cert is nearing it's end-of-life (it expires in five months). Obviously, we will have to generate a new cert and install it on all our computers. Are there any best practices we should follow? We have to re-generate all certs and sign them with the new CA, right?

  Read the article

• Automatically locking screen without shutting it off

  - by milkandtang

  Hey everyone— I have a home theater PC running Ubuntu 11.10, outputting over HDMI (for audio and video). I'm having an issue: I'd like the screen to lock automatically (when video is not playing, of course) but do not want the screen to turn off automatically, because that kills audio. I can manually lock the screen, of course, but it appears that if you set the "Turn off screen" setting to "never", the screen will never lock, no matter what the "lock screen" timeout is set to. Is there a way to do what I'm asking, or will I have to install xscreensaver?

  Read the article

• How can I protect my save data from casual hacking?

  - by Danran

  What options are there for saving game data in a secure manner? I'm interested in solutions specifically tailored for C++. I'm looking for something that is fast and easy to use. I'm only concerned about storing simple information such as Which levels are and are not unlocked The user's score for each level I'm curious again to know what's out there to use, any good libraries to use that give me nice, secure game data files that the average player can't mess with. I just found this here which looks very nice, but it would be great to get some opinions on potential other libraries/options out there.

  Read the article

• What are the pros and cons of non-unique display names?

  - by Davy8

  I know of at least big title game (Starcraft II) that doesn't require unique display names, so it would seem like it can work in at least some circumstance. Under what situations does allowing non-unique display names work well? When does it not work well? Does it come down to whether or not impersonation of someone else is a problem? The reasons I believe it works for Starcraft II is that there isn't any kind of in-game trading of virtual goods and other than "for kicks" there isn't much incentive to impersonate someone else in the game. There's also ladder rankings so even trying to impersonate a pro is easily detectable unless you're on a similar skill level. What are some other cases where it makes sense to specifically allow or disallow duplicate display names?

  Read the article

• Best Method/Library For Remote Authentication

  - by Mike

  I have a web app that has a REST API interface: http://api.example.com/core that uses API Keys and domain specific keys (key has to be used on the specified domain). I then will have several client sites with ajax forms where we will require users to sign in before being able to submit the form. This form will add data to a table, and submit an email to several recipients along with checking credentials. This form will use an ajax submit to our REST API. All Communication to/from the API is over SSL Ideal Flow: Visitor Fills Form Out -> Enters User/pass -> Submits Form -> ajax request to REST API -> API Verifies credentials -> does CRUD -> sends emails -> returns 200/403 -> perform DOM manipulation based on return code in ajax call Are there any libraries in PHP that currently do something to this similarly? Would OAuth be a good use for this scenario? Languages used are: js/html/css/php/MySQL

  Read the article

• Avoiding "double" subscriptions

  - by john smith

  I am working on a website that requires a bit of marketing; let me explain. This website is offering a single, say, iTunes 50$ voucher to a lucky winner. To be entered in the draw, you need to invite (and has to join) at least one friend to the website. Pretty straightforward. Now, of course it would be easy for anyone to just create a fake account and invite that account so, I was thinking of some other way to somehow find out of possible cheating. I was thinking of an IP check on the newly subscribed (invited) user, and if there is the same IP logged in the last 24 hours, and if that's the case, investigate more about it. But I was thinking that maybe there is a more clever way around this issue. Has anyone ever though about this? What other solutions did you try? Thanks in advance.

  Read the article

• Steps after SQL Injection detected

  - by Zukas

  I've come across SQL injection vulnerabilities on my companies ecommerce page. It was fairly poorly put together. I believe I have prevented future attempts however we are getting calls about fraudulent credit card charges on our site and others. This leads me to believe that someone was able to get a list of our credit card numbers. What doesn't make sense is that we don't store that information and we use Authorize.net for the transaction. If someone was able to get the CC#s, what should I do next? Inform ALL of our customers that someone broken into our system and stole their information? I have a feeling that will be bad for business.

  Read the article

• Assign programs permanently to different sound-outputs in Pulseaudio?

  - by Mood

  I want to assign Skype input and output to my USB-headset while the rest of my laptop uses the internal sound-card. This is an easy task with PulseAudio Volume control (pavucontrol). The only problem I have is every time a call is made I manually have to set the output and input for Skype to my USB-device . When I hang up, Skype disappears from Volume Control. It reappears again with the next call only this time the default sound-card is selected again. It shouldn’t be hard to let PulseAudio look or the USB-headset is connected when Skype audio comes is before selecting the default. The way to do it is obvious not through Volume Control.

  Read the article

• Making Agile and DevOps methodology compatible with PCI requirements

  - by kenchew

  Would like to hear from those working in a PCI compliance environment and is practicing agile development and devops methodology, how you maintain compliance with PCI requirements. Specifically, what do you do to address: separation of duties between development/test and production alignment of continuous integration / deployment and change control alignment of agile stories to requirement documentation

  Read the article

• How do you balance the speed of Sprints with the customer's conservative adoption schedule?

  - by Cheeso

  I'd prefer to have sprints that last 3-4 weeks, but customers don't want to adopt new feature/function every 3-4 weeks. Existing customers are conservative and, once we meet their minimum bar for features and capabilities, they like to remain on a stable release for much longer than 4 weeks. Even a 3-month cycle would be pushing it for them. On the other hand, newer customers tend to have more feature requests, and are willing to follow sprints. But this willingness dissipates after we've met their bar. How do you balance the need for rapid sprints with the customer's conservative view of application change? I'm particularly interested in SaaS scenarios.

  Read the article

• How to protect Ubuntu from fork bomb

  - by dblang

  I heard someone talking about a fork bomb, I did some research and found some dreadful information about some strange looking characters people can have you type at the command line and as a result do bad things on the computer. I certainly would not issue commands I do not understand but one never knows what can happen. I heard that some OS allows the administrator to place some limit on user processes to mitigate the effects of fork bombs, is this protection in Ubuntu by default or would a person with sudo privilege have to set this? If so, how?

  Read the article

• What Application Indicators are available?

  - by user8592

  I installed Ubuntu 11.04 on one of my systems and I am using the Unity interface. Unity is working quite well so far but I really miss panel applets for net speed, cpu temp, and system monitor. These applets are useful for viewing quick info. Unlike 10.10, there is no other way to get this info onto the panel or unity launcher. There are solutions like screenlets and conky but they don't feel appropriate for a clean desktop look. If you know one then please list out any third party indicators with links so that they can be found.

  Read the article

• apt-get not recognizing downloaded archives

  - by meteors

  I installed Ubuntu Gnome 13.10. I previously had Ubuntu Gnome 13.04 and had all the archives in the /var/cache/apt/archives/ stored to a removable disk. After installing 13.10 I copied all my archives to the above mentioned path. When I run apt-get install it tries to fetch the archives although I have the archives. Also if instead of apt-get install if I try to install individual .deb files using dpkg -i everything runs fine. These are the permissions of files: How do I fix this. Previously copying archives like this worked fine and downloading duplicates the files.

  Read the article

• Disadvantages of a fake phpMyAdmin honeypot that causes ip blacklisting and robots.txt disallow/exclusion of the honeypot?

  - by Tchalvak

  I'm trying to figure out whether I should set up a honeypot system with a fake phpMyAdmin (site gets hits all the time with people spidering for insecurities with that app). My thought was to create a honeypot php script that would mimic a phpMyAdmin login, and then blacklist ips that hit that url (and aren't already whitelisted). I would then add the appropriate urls to the robots.txt so that spiders that actually respect my robots.txt wouldn't be caught by the blacklist. Are there disadvantages to this approach, do legit robots sometimes not respect robots.txt in certain circumstances, are there any problems with this that I should consider in advance?

  Read the article

• Password protected website

  - by danie7L T

  I need to add a user authentication page before the actual homepage of the website. In Joomla! I just set the website offline and the offline page loads in place of the homepage but then it's automatically throwing a "503 Service Temporarily Unavailable" error which I would like to avoid. That's why I would like to know the other ways to load an authentication page before the homepage. NB: I'm using Apache servers if that's relevant Thank you

  Read the article

• How would I know if my OS is compromised?

  - by itsols

  I had opened a php folder from a friend's web host. I run it on mine to fix some bugs. Then I tried attaching the code to be emailed and GMAIL stated that the attachment was infected by a virus. Now I'm afraid if my Apache or OS (12.04) is infected. I checked the php files and found a base64 encoded set of code being 'eval'd at the top of each and every php file. Just reversing it (echo with htmlspecialchars) showed some clue that there were sockets in use and something to do with permissions. And also there were two websites referred having .ru extensions. Now I'm afraid if my Ubuntu system is affected or compromised. Any advice please! Here's my second run of rkhunter with the options: sudo rkhunter --check --rwo Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text Warning: Hidden directory found: /dev/.udev Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

  Read the article

• Telecommuting with a foreign employer as a permanent job

  - by grabah

  Does anyone have any experience in telecommuting (working at home) for a company based in some foreign country? By this I don't mean working on some contracted job, but more or less permanent job. Is this even possible, what are options for payment, and can you expect to be paid by usual rates for that country or significantly less? Is there any working hours control, or as long as you deliver on time it's all good.

  Read the article

• Application for taking pretty screenshots (like OS X does)

  - by Oli

  I've been building a website for a guy who uses Mac OS X and occasionally he sends me screenshots of bugs. They come out looking like this: This is fairly typical of Mac screenshots. You get the window decorations, the shadow from the window and a white or transparent background (not the desktop wallpaper -- I've checked). Compare this to an Ubuntu window-shot (Alt+Print screen): It's impossible to keep a straight face and say the Ubuntu one anywhere near as elegant. My question is: Is there an application that can do this in Ubuntu? Edit: Follow up: Is there an application that can do this in one move? Shutter is pretty good but running the plugin for every screenshot is pretty tiresome as it doesn't seem to remember my preference (I want south-shadow and that requires selecting south, then clicking refresh, then save) and it's more clicks than I'd like. Is there a simple way of telling shutter I want south-shadow for all screenshots (except entire desktop and area-selection)?

  Read the article

• MCrypt Module, Rijndael-256

  - by WernerCD

  An outside company is redoing our company Intranet. During some basic usage I disovered that the "User Edit" screens, with the "Password: *" boxes have the password in plain text, with the text box "type=password" to "hide" the password. The passwords are not store in the database as plain text, they are stored encrypted using "rijndael-256" cypher using the mcrypt module. I know that if I encrypt a password with SHA*, the password is "Unrecoverable" via one-way encryption. Is the same of MCrypt Rijndael-256 encryption? Shouldn't an encrypted password be un-recoverable? Are they blowing smoke up my rear or just using the wrong technology?

  Read the article

• libgtk2.0-common fails to build with Gdk-2.0.gir error, Type reference 'GdkPixbuf' not found

  - by Stefano Palazzo

  I'm trying to build gtk, but it fails. Here's what I'm doing: sudo apt-get build-dep libgtk2.0-common sudo apt-get source libgtk2.0-common cd gtk+2.0-2.22.0/ sudo gedit gtk/gtktreeview.c & #...editing a few files (or not, it's the same error) sudo ./configure --prefix=/usr sudo make The compilation runs for a while and then quits: Gdk-2.0.gir: error: Type reference 'GdkPixbuf' not found ... make: *** [all] Error 2 What am I doing wrong?

  Read the article

• Facebook - Isn't this a big vulnerability risk for users? (After Password Change)

  - by Trufa

  I would like to know you opinions as programmers / developers. When I changed my Facebook password yesterday, by mistake I entered the old one and got this: Am I missing something here or this is a big potencial risk for users. In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!! All kidding aside: Isn't this useful information for an attacker? It reveals private information about the user! It could help the attacker gain access to another site in which the user used the same password Granted, you should't use use the same password twice (but remember: 76.3%!!!) Doesn't this simply increase the surface area for attackers? It increases the chances of getting useful information at least. In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed? Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post? Thanks in advance!! BTW if you want to try it out, a dummy account: user: [email protected] (old) password: hunter2

  Read the article

< Previous Page | 184 185 186 187 188 189 190 191 192 193 194 195  | Next Page >