Search Results

Search found 21719 results on 869 pages for 'password security'.

Page 20/869 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

• Company Password Management

  - by Brian Wigginton

  The topic of personal password management has been covered in great detail time after time. This question is aimed at the business or organization that needs to keep track of many unique passwords for many clients. What are some strategies/tools or ideas you all have for accomplishing this task? I was at an Interactive Agency, where we needed to keep track of client DB, ftp, mail... and for different environments for the app so any one client would have up to 3-10 passwords usually. This can get crazy when there are more than 250 clients

  Read the article

• Wiping out user and/or root password in embedded linux

  - by TryTryAgain

  We have a security camera system running an embedded linux. It boots with Lilo as a bootloader and has no tty access once booted. I don't know any username either. SSH/22 is open, but I don't think brute force is an option. I have tried all the common tricks to reset a linux user password (boot from the bootloader in single user mode = doesn't happen, still prompts for user login, boot to a live cd = can't access the file system...it's all loop files and other binary, etc etc), but they are all not possible as it is an embedded linux setup the way it is. Any help/suggestions would be appreciated. Thanks

  Read the article

• openQRM nagios password reset

  - by Entity_Razer

  Right so, basically the story is that to test a XenServer environment from citrix I deployed a openQRM install from SVN to a ubuntu 10.4 install (on a ESX Environment) All went well installs, I can connect to it, but I can't seem to access the nagios plug in. Every time i wish to go to it i'm asked for a pw, and if I input the pw I wrote down yesterday it just doesn't let me in. I'm trying to reset the password on the nagios plug in now but for the life of me can't find it. Googled high and low for a defenitive working solution but so far no luck. Anyone able to lend a hand ? Cheers ! Ubuntu 10.4 Beta as openQRM openQRM installed from SVN cheers

  Read the article

• Password manager solution: Symbian based phone and a Linux machine (Windows is not important, but wo

  - by Kent

  Hi, I currently use KeePassX to manage my passwords on my Linux (Xubuntu) machine. It's nice to have all the passwords encrypted, but sometimes I'd like to be able to tell a password when I'm on the run. Therefore I'm looking for a solution which I can synchronize with my phone. I have a Nokia N82 which is a Symbian OS v9.2 based phone for the S60 3rd Edition platform with Feature Pack 1. I like an open source solution if it's possible. In case it isn't I wouldn't mind paying for a good solution. If Windows may be added to the synchronization mix it's nice, but it's absolutely not a primary requirement (I don't even have any computer running Windows).

  Read the article

• MySQL Syntax error when trying to reset Joomla password

  - by Arthur

  I'm trying to reset my Joomla admin password by executing the following code in MySQL: INSERT INTO `jos_users` (`id`,`name`, `username`, `password`, `params`) VALUES (LAST_INSERT_ID(),'Administrator2', 'admin2', 'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', ''); INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`) VALUES (LAST_INSERT_ID(),'8'); When I attempt to execute it, I get the following error: Failed to execute SQL : SQL INSERT INTO `jos_users` (`id`,`name`, `username`, `password`, `params`) VALUES (LAST_INSERT_ID(),'Administrator2', 'admin2', 'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', ''); INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`) VALUES (LAST_INSERT_ID(),'8'); failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`) VALUES (LAST_INSERT_' at line 1 Could someone tell me where my Syntax might be wrong? I'm using MySQL version 5.0.95.

  Read the article

• SSL certificates with password encrypted key at hosting provider

  - by Jurian Sluiman

  We are a software company and offer hosting to our clients. We have a VPS at a large Dutch datacenter. For some of the applications, we need an SSL certificate which we'd like to encrypt with a password protected keyfile. Our VPS reboots now and then because of updates whatsoever, but that means our apache doesn't start right away because the passwords are needed. This results in downtime and is of course a real big problem. We can give the passwords to our VPS datacenter, or create certificates based on keyfiles without passwords. Both solutions seem not the best one, because they compromise the security of our certificates. What's the best solution for this issue?

  Read the article

• How do I securely store and manage 180 passwords?

  - by Sammy

  I have about 180 passwords for different websites and web services. They are all stored in one single password protected Excel document. As the list gets longer I am more and more concerned about its security. Just how secure, or should I say insecure, is a password protected Excel document? What's the best practice for storing this many passwords in a secure and easy manageable way? I find the Excel method to be easy enough, but I am concerned about the security aspect.

  Read the article

• My gmail password hacked in Firefox?

  - by ellockie

  While writing a message using Firefox suddenly my gmail login details, including password, were pasted into the body of my message at the current cursor position and in the browser's find field (whole password and a bit of email address in the latter). I don't store my passwords in the browser nor in any of it's addons, although I keep it in one of Chrome's extensions. I don't use whole email address to login, only the user name, so it's very strange and worrying. I must admit I clicked some suspicious link the same day (by checking the root of the domain first), but I quickly closed that page and after that I haven't used that password. Both Avira and Spybot didn't detect anything. What was it and what can I do to make sure my browser is safe?

  Read the article

• Cannot to change my root password on Xenserver

  - by Michlaou

  I try to change my root password on my Xenserver 6.0. I follow these steps: enter boot: menu.c32 selecet xe-serial and press tab add "single" before the 2nd triple hyphens and i press enter. I have that: mboot.c32 /boot/xen.gz com1=115200,8n1 console=com1, vga mem=1024G dom0_max_vcpus4 dom0_mem=752M lowmem_emergency_pool=1M crashkernel=64M@32M single --- /boot/vmlinuz-2.6-xen root=LABEL=root-rodraxar ro console=tty0 xencons=hvc console=hvc0 --- /boot/initrd-2.6-xen.img I have commande on the screen and it's stop at: ext3-fs: monted filesystem with ordered data mode. Can you help me?

  Read the article

• a safer no password sudo?

  - by Stacia

  Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

  Read the article

• Is disabling password login for SSH the same as deleting the password for all users?

  - by Arsham Skrenes

  I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config file and changing PermitRootLogin yes to PermitRootLogin without-password. I was wondering if simply deleting the root password via passwd -d root would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?

  Read the article

• ssh accepts any password

  - by nodapic

  I'm recovering a server from getting hacked and there is one thing I can't fix: When I ssh (or scp) to the server, no matter what password I give, it lets me log in. I don't know much about the ssh protocol but I'm pretty sure it's not supposed to do that. I've checked in the sshd_config file and the only changes are the ones that I've made (as far as I can remember). Another thought that I had was that there might be something screwed up in the /etc/passwd file that I'm missing. Has anyone seen this?

  Read the article

• ASP.NET Membership C# - How to compare existing password/hash

  - by Steve

  I have been on this problem for a while. I need to compare a paasword that the user enters to a password that is in the membership DB. The password is hashed and has a salt. Because of the lack of documentation I do not know if the salt is append to the password and then hashed how how it is created. I am unable to get this to match. The hash returned from the function never matches the hash in the DB and I know for fact it is the same password. Microsoft seems to hash the password in a different way then I am. I hope someone has some insights please. Here is my code: protected void Button1_Click(object sender, EventArgs e) { //HERE IS THE PASSWORD I USE, SAME ONE IS HASHED IN THE DB string pwd = "Letmein44"; //HERE IS THE SALT FROM THE DB string saltVar = "SuY4cf8wJXJAVEr3xjz4Dg=="; //HERE IS THE PASSWORD THE WAY IT STORED IN THE DB AS HASH string bdPwd = "mPrDArrWt1+tybrjA0OZuEG1P5w="; // FOR COMPARISON I DISPLAY IT TextBox1.Text = bdPwd; // HERE IS WHERE I DISPLAY THE return from THE FUNCTION, IT SHOULD MATCH THE PASSWORD FROM THE DB. TextBox2.Text = getHashedPassUsingUserIdAsSalt(pwd, saltVar); } private string getHashedPassUsingUserIdAsSalt(string vPass, string vSalt) { string vSourceText = vPass + vSalt; System.Text.UnicodeEncoding vUe = new System.Text.UnicodeEncoding(); byte[] vSourceBytes = vUe.GetBytes(vSourceText); System.Security.Cryptography.SHA1CryptoServiceProvider vSHA = new System.Security.Cryptography.SHA1CryptoServiceProvider(); byte[] vHashBytes = vSHA.ComputeHash(vSourceBytes); return Convert.ToBase64String(vHashBytes); }

  Read the article

• Spring Security DB Authentication w/Hibernate and hashed passwords?

  - by Seth

  I'm trying to set up spring security 3 to authenticate users against my hibernate 3 database. I'm storing only sha1 hashes of the passwords in the database (not plaintext). I've looked at this and this, which tell me to implement my own UserDetailsService. Unfortunately, the UserDetails that loadUserByUsername spits out seem to need the plaintext password, which I don't have. How is this usually handled? Can Spring Security actually do what I need here? Am I missing something?

  Read the article

• What are some topics you'd like to see covered in an 'Introduction to Network Security' book?

  - by seth.vargo

  I'm trying to put together a list of topics in Network Security and prioritize them accordingly. A little background on the book - we are trying to gear the text towards college students, as an introduction to security, and toward IT professionals who have recently been tasked with securing a network. The idea is to create a book that covers the most vital and important parts of securing a network with no assumptions. So, if you were a novice student interested in network security OR an IT professional who needed a crash course on network security, what topics do you feel would be of the upmost importance in such a text?

  Read the article

• Security in Software

  The term security has many meanings based on the context and perspective in which it is used. Security from the perspective of software/system development is the continuous process of maintaining confidentiality, integrity, and availability of a system, sub-system, and system data. This definition at a very high level can be restated as the following: Computer security is a continuous process dealing with confidentiality, integrity, and availability on multiple layers of a system. Key Aspects of Software Security Integrity Confidentiality Availability Integrity within a system is the concept of ensuring only authorized users can only manipulate information through authorized methods and procedures. An example of this can be seen in a simple lead management application.  If the business decided to allow each sales member to only update their own leads in the system and sales managers can update all leads in the system then an integrity violation would occur if a sales member attempted to update someone else’s leads. An integrity violation occurs when a team member attempts to update someone else’s lead because it was not entered by the sales member.  This violates the business rule that leads can only be update by the originating sales member. Confidentiality within a system is the concept of preventing unauthorized access to specific information or tools.  In a perfect world the knowledge of the existence of confidential information/tools would be unknown to all those who do not have access. When this this concept is applied within the context of an application only the authorized information/tools will be available. If we look at the sales lead management system again, leads can only be updated by originating sales members. If we look at this rule then we can say that all sales leads are confidential between the system and the sales person who entered the lead in to the system. The other sales team members would not need to know about the leads let alone need to access it. Availability within a system is the concept of authorized users being able to access the system. A real world example can be seen again from the lead management system. If that system was hosted on a web server then IP restriction can be put in place to limit access to the system based on the requesting IP address. If in this example all of the sales members where accessing the system from the 192.168.1.23 IP address then removing access from all other IPs would be need to ensure that improper access to the system is prevented while approved users can access the system from an authorized location. In essence if the requesting user is not coming from an authorized IP address then the system will appear unavailable to them. This is one way of controlling where a system is accessed. Through the years several design principles have been identified as being beneficial when integrating security aspects into a system. These principles in various combinations allow for a system to achieve the previously defined aspects of security based on generic architectural models. Security Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation Privilege Least Common Mechanism Psychological Acceptability Defense in Depth Least Privilege Design PrincipleThe Least Privilege design principle requires a minimalistic approach to granting user access rights to specific information and tools. Additionally, access rights should be time based as to limit resources access bound to the time needed to complete necessary tasks. The implications of granting access beyond this scope will allow for unnecessary access and the potential for data to be updated out of the approved context. The assigning of access rights will limit system damaging attacks from users whether they are intentional or not. This principle attempts to limit data changes and prevents potential damage from occurring by accident or error by reducing the amount of potential interactions with a resource. Fail-Safe Defaults Design PrincipleThe Fail-Safe Defaults design principle pertains to allowing access to resources based on granted access over access exclusion. This principle is a methodology for allowing resources to be accessed only if explicit access is granted to a user. By default users do not have access to any resources until access has been granted. This approach prevents unauthorized users from gaining access to resource until access is given. Economy of Mechanism Design PrincipleThe Economy of mechanism design principle requires that systems should be designed as simple and small as possible. Design and implementation errors result in unauthorized access to resources that would not be noticed during normal use. Complete Mediation Design PrincipleThe Complete Mediation design principle states that every access to every resource must be validated for authorization. Open Design Design PrincipleThe Open Design Design Principle is a concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation Separation Privilege Design PrincipleThe separation privilege design principle requires that all resource approved resource access attempts be granted based on more than a single condition. For example a user should be validated for active status and has access to the specific resource. Least Common Mechanism Design PrincipleThe Least Common Mechanism design principle declares that mechanisms used to access resources should not be shared. Psychological Acceptability Design PrincipleThe Psychological Acceptability design principle refers to security mechanisms not make resources more difficult to access than if the security mechanisms were not present Defense in Depth Design PrincipleThe Defense in Depth design principle is a concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource. When designing a system that requires meeting a security quality attribute architects need consider the scope of security needs and the minimum required security qualities. Not every system will need to use all of the basic security design principles but will use one or more in combination based on a company’s and architect’s threshold for system security because the existence of security in an application adds an additional layer to the overall system and can affect performance. That is why the definition of minimum security acceptably is need when a system is design because this quality attributes needs to be factored in with the other system quality attributes so that the system in question adheres to all qualities based on the priorities of the qualities. Resources: Barnum, Sean. Gegick, Michael. (2005). Least Privilege. Retrieved on August 28, 2011 from https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/351-BSI.html Saltzer, Jerry. (2011). BASIC PRINCIPLES OF INFORMATION PROTECTION. Retrieved on August 28, 2011 from  http://web.mit.edu/Saltzer/www/publications/protection/Basic.html Barnum, Sean. Gegick, Michael. (2005). Defense in Depth. Retrieved on August 28, 2011 from  https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/347-BSI.html Bertino, Elisa. (2005). Design Principles for Security. Retrieved on August 28, 2011 from  http://homes.cerias.purdue.edu/~bhargav/cs526/security-9.pdf

  Read the article

• Unable to connect to SQL Database (can the password be reset)

  - by user45450

  I have recently joined a company which has an SQL 2005 Server running a few databases. The server looks like no one has touched it in a couple of years and has this week it ran out of disk space. After a quick hard drive scan it looks like some of the databases have become a little bloated and particularly the Sharepoint_config~*~_log and WSS_Content_log.ldf have grown to about 15GB. I have been able to log into a couple of the other databases and use the shrinkfile command to free up disk space but for some reason I am unable to log into the sharepoint and Microsoft#SSEE databases (which gives me the "cannot connect to Sharepoint, a network related or instance specific error occurred..." when I try and connect) I can see that the database is running via the SQL surface configuration and I have made sure that the remote connection settings allow me to connect locally but I am still unable to log in either with windows authentication or locally. Is there any way to reset or recover the database login details so I can get in? ( I have tried logging in with all the administrative passwords I can find and after tracking down the company who installed it in the first place I found out that they have no idea what the password could have been)

  Read the article

• Database Vault 11gR2 11.2.0.1 Certified with Oracle E-Business Suite

  - by Steven Chan

  Oracle Database Vault allows security administrators to protect a database from privileged account access to application data.  Database objects can be placed in protected realms, which can be accessed only if a specific set of conditions are met.  Oracle Database Vault 11gR2 11.2.0.1 is now certified with Oracle E-Business Suite Release 11i and 12.You can now enable Database Vault 11gR2 on your existing E-Business Suite 11.2.0.1 Database instance.  If you already have DB Vault 10gR2 or 11gR1 enabled in your E-Business Suite environment, you can now upgrade to the 11gR2 Database.  We also support EBS patching with Database Vault 11.2.0.1 enabled. Our DB Vault realm creation and grants-related scripts have been updated to reduce patching downtimes.

  Read the article

• AVTest.org Results for March – April 2014 now Available

  - by Akemi Iwaya

  Do you like to keep up with how well the various anti-virus programs are doing, or just want to see how well your favorite one did? Then you will definitely want to have a look at the latest batch of test results from AVTest.org. The results for testing during March and April are now available for viewing at your leisure. One thing to keep in mind when viewing the latest set of results: the testing was performed on Windows 8.1 during this round. Current security products for Windows 8.1 put to the test [AVTest.org] Note: When you visit the page, you may need to scroll down just a tiny bit in order to see the results listing. [via ZDNet News]

  Read the article

• Critical Patch Update for April 2010 Now Available

  - by Steven Chan

  The Critical Patch Update (CPU) for April 2010 was released on April 13, 2010. Oracle strongly recommends applying the patches as soon as possible.The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.The Critical Patch Update Advisory is available at the following location:Oracle Technology NetworkThe next four Critical Patch Update release dates are:July 13, 2010October 12, 2010January 18, 2011April 19, 2011

  Read the article

• Salt and hash a password in .NET

  - by Jon Canning

  I endeavoured to follow the CrackStation rules: Salted Password Hashing - Doing it Right    public class SaltedHash     {         public string Hash { get; private set; }         public string Salt { get; private set; }         public SaltedHash(string password)         {             var saltBytes = new byte[32];             new RNGCryptoServiceProvider().GetNonZeroBytes(saltBytes);             Salt = ConvertToBase64String(saltBytes);             var passwordAndSaltBytes = Concat(password, saltBytes);             Hash = ComputeHash(passwordAndSaltBytes);         }         static string ConvertToBase64String(byte[] bytes)         {             return Convert.ToBase64String(bytes);         }         static string ComputeHash(byte[] bytes)         {             return ConvertToBase64String(SHA256.Create().ComputeHash(bytes));         }         static byte[] Concat(string password, byte[] saltBytes)         {             var passwordBytes = Encoding.UTF8.GetBytes(password);             return passwordBytes.Concat(saltBytes).ToArray();         }         public static bool Verify(string salt, string hash, string password)         {             var saltBytes = Convert.FromBase64String(salt);             var passwordAndSaltBytes = Concat(password, saltBytes);             var hashAttempt = ComputeHash(passwordAndSaltBytes);             return hash == hashAttempt;         }     }

  Read the article

• Keyring Password, Unity in 11.10

  - by Collin Owens

  Login to 11.10 I input my password and shortly afterward I am asked for a keyring password. I realize that I was asked for this during installation (second time lucky!) and I did enter a password (what a mistaka to maka). This now entails my having to input the keyring password on every boot up! Looking at previous answers it would seem that the applications - accesories - password and encryption keys - was the suggested route. However I assume that was in Gnome (At this stage I look back in fondness!!!) Certainly, I don't get the same route in Unity! I saw a reference to seahorse in a terminal - but this results in several error reports and a sub windows which does not seem to open. The objective in this exercise is to log in using the login password and not also the keyring password! any help would be appreciated - thank you

  Read the article

• Permissions & File Structure w/ nginx & multiple sites

  - by Michael

  I am using nginx for the first time as a long time Apache user. I setup a Linode to test everything and to eventually port over my websites. Previously I had /home/user/www (wwwroot) I am looking at doing something similar with /srv/www/domain/www (wwwroot) Rather than using /srv/domain (wwwroot), the reason is many of the sites are WordPress and one of the things I do for security is to move the config file one level above wwwroot and can't have multiple configuration files from multiple domains in the same top level folder. Since I own all the sites, I wasn't going to create a user for each domain. My user is a member of www-data and was going to use 2770 for www and have domain/www for each new domain. www would be owned by group www-data. Is this the best way to handle this?

  Read the article

• Develop secureness first or as a later step?

  - by MattyD

  The question Do you actively think about security when coding? asks about security mindset while programming. Obviously, a developer does need to think about security while coding — SQL injection, password security, etc. However, as far as the real, fully-formed security, especially the tricky problems that may not be immediately obvious, should I be concerned with tackling these throughout the development process, or should it be a step of its own in later development? I was listening to a podcast on Security Now and they mentioned about how a lot of the of the security problems found in Flash were because when Flash was first developed it wasn't built with security in mind (because it didn't need to) — therefore Flash has major security flaws at its core. I know that no one would want to actively disagree with "think security first" as a best practice, but many companies do not follow best practices. So, what is the correct approach to balance between needing to get the product done and developing it securely?

  Read the article

• VPN no longer works, saves old password?

  - by nathanvda

  I am not sure if this question is related to 11.10 or gnome 3.2, but the VPN configuration screen has changed, and now the user and password is optional, but there is no way for me to override it. On our VPN we use a token, so I have to enter the password each time. But even if I clear the password, clear the password and the user, there is no way for me to unset the user and password, so I am unable to access the VPN. Because he never asks the password anymore, and each time I return to the VPN configuration window, I see the same setting. Please help. Is there another way to configure the VPN? [Found Quick Fix] Recreate the VPN connection, fill everything in but the password, and this will work the first time.

  Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >