Search Results

Search found 1306 results on 53 pages for 'csrf protection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 21/53 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • Protecting Cookies: Once and For All

    - by Your DisplayName here!
    Every once in a while you run into a situation where you need to temporarily store data for a user in a web app. You typically have two options here – either store server-side or put the data into a cookie (if size permits). When you need web farm compatibility in addition – things become a little bit more complicated because the data needs to be available on all nodes. In my case I went for a cookie – but I had some requirements Cookie must be protected from eavesdropping (sent only over SSL) and client script Cookie must be encrypted and signed to be protected from tampering with Cookie might become bigger than 4KB – some sort of overflow mechanism would be nice I really didn’t want to implement another cookie protection mechanism – this feels wrong and btw can go wrong as well. WIF to the rescue. The session management feature already implements the above requirements but is built around de/serializing IClaimsPrincipals into cookies and back. But if you go one level deeper you will find the CookieHandler and CookieTransform classes which contain all the needed functionality. public class ProtectedCookie {     private List<CookieTransform> _transforms;     private ChunkedCookieHandler _handler = new ChunkedCookieHandler();     // DPAPI protection (single server)     public ProtectedCookie()     {         _transforms = new List<CookieTransform>             {                 new DeflateCookieTransform(),                 new ProtectedDataCookieTransform()             };     }     // RSA protection (load balanced)     public ProtectedCookie(X509Certificate2 protectionCertificate)     {         _transforms = new List<CookieTransform>             {                 new DeflateCookieTransform(),                 new RsaSignatureCookieTransform(protectionCertificate),                 new RsaEncryptionCookieTransform(protectionCertificate)             };     }     // custom transform pipeline     public ProtectedCookie(List<CookieTransform> transforms)     {         _transforms = transforms;     }     public void Write(string name, string value, DateTime expirationTime)     {         byte[] encodedBytes = EncodeCookieValue(value);         _handler.Write(encodedBytes, name, expirationTime);     }     public void Write(string name, string value, DateTime expirationTime, string domain, string path)     {         byte[] encodedBytes = EncodeCookieValue(value);         _handler.Write(encodedBytes, name, path, domain, expirationTime, true, true, HttpContext.Current);     }     public string Read(string name)     {         var bytes = _handler.Read(name);         if (bytes == null || bytes.Length == 0)         {             return null;         }         return DecodeCookieValue(bytes);     }     public void Delete(string name)     {         _handler.Delete(name);     }     protected virtual byte[] EncodeCookieValue(string value)     {         var bytes = Encoding.UTF8.GetBytes(value);         byte[] buffer = bytes;         foreach (var transform in _transforms)         {             buffer = transform.Encode(buffer);         }         return buffer;     }     protected virtual string DecodeCookieValue(byte[] bytes)     {         var buffer = bytes;         for (int i = _transforms.Count; i > 0; i—)         {             buffer = _transforms[i - 1].Decode(buffer);         }         return Encoding.UTF8.GetString(buffer);     } } HTH

    Read the article

  • le tabnagging: une nouvelle méthode d'attaque par phishing qui se base sur l'utilisation des tabs de

    Mis à jour 29 May 2010: Comme nous pouvions nous y attendre l'équipe travaillant sur le célèbre plugin NoScript vient de mettre à jour à la version 1.9.9.81. La première info de cette mise à jour est la suivante: Citation: Experimental protection against Aviv Raff's scriptless tabnagging variant, by blocking refreshes triggered on unfocused untrusted tabs. See the changelog for more details.

    Read the article

  • Seuls 57 % des responsables IT considèrent leurs solutions de sécurité efficaces, selon une étude de Lumensio Endpoint

    Seulement 57 % des responsables IT considèrent les solutions de sécurité qu'ils utilisent comme efficaces Selon une étude de Lumensio Endpoint Une étude menée au cours de cette année par la société de sécurité Lumension Endpoint montre que de nombreuses organisations et entreprises n'ont pas les moyens et les technologies nécessaires pour se protéger effacement contre les logiciels malveillants. Le sondage, mené sur 568 entreprises, a révélé que bien que 98 % de ces entreprises utilisent des solutions de sécurités informatiques, seulement 57 % des responsables IT considèrent les solutions qu'ils utilisent comme efficaces. Le coût de la protection est un mal nécessaire, mais...

    Read the article

  • How to hide download file from bots? [closed]

    - by CJ7
    Possible Duplicate: How to restrict the download of all files in a folder? I want to make a private file available for download but not use username/password protection. I want to put the file into a directory called something like download. How can I ensure: the file does not become part of search engine results, and the file cannot be accessed by bots that might guess the directory name?

    Read the article

  • Windows Server 8 Cloud Backup Beta Released

    Gaurav Gupta, a senior program manager on Microsoft's cloud backup team, announced details of the service in a recent post on Microsoft's Windows Server Blog. In essence, the Microsoft Online Backup Service allows Windows Server 8 users to backup and recover their files and folders from the cloud. This essential functionality adds extra protection off-site to prevent data loss in the event that any unplanned disasters should occur. Built on Microsoft's sturdy Windows Azure cloud platform, the Online Backup Service makes life easier for IT administrators seeking a solution to backup and recov...

    Read the article

  • Stuxnet - how it infects

    - by Kit Ong
    Except from the CNET article.http://news.cnet.com/8301-13772_3-57413329-52/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/?part=propeller&subj=news&tag=linkvThe Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens' Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system's Microsoft SQL database. The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens' Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system's Microsoft SQL database.

    Read the article

  • Internet Explorer 10 moins vulnérable que ses concurrents, Microsoft détaille les fonctions de sécurité du navigateur

    Internet Explorer 10 moins vulnérable que ses concurrents Microsoft détaille les fonctions de sécurité du navigateurLe mois dernier, une étude du cabinet NSS Labs a montré qu'Internet Explorer 10 était plus sûr que n'importe lequel de ses concurrents, en ce qui concerne la protection des utilisateurs contre les téléchargements dangereux.L'analyse, portant essentiellement sur la fonction SmartScreen du navigateur, a permis de constater qu'IE 10 sous Windows 8 était capable de bloquer près de 99,96 % des téléchargements de programmes malveillants.Le navigateur dispose cependant de plusieurs autres évolutions dans le domaine de la s...

    Read the article

  • Comodo Cleaning Essentials for Windows

    Comodo Cleaning Essentials' main purpose is to clean an infected PC. Comodo emphasizes the fact that cleaning an infected PC and protecting a clean PC from potential attacks are two completely separate items. While Comodo Cleaning Essentials specializes in the former, the company does have a preventative solution in the form of its Comodo Internet Security offering, which employs auto sandbox technology to provide ultimate protection. Comodo Cleaning Essentials is highlighted by its two core technologies: KillSwitch and Malware Scanner. KillSwitch operates off of Comodo's whitelist database...

    Read the article

  • Oracle's Sun x86 Server Product Launch Webcast, April 10th

    - by Larry Wake
    On April 10th, 2012, Oracle will host a webcast to discuss its new generation of x86 servers. Register today Topics covered will include: Enhanced virtualization for consolidation and improved server utilization Reduced licensing costs with 0.5 core factors for Oracle per core-priced software Unparalleled reliability and availability for enterprise environments Increased visibility and efficiency with Oracle Enterprise Manager Ops Center and expert 24/7 support Ongoing protection for your existing software and training investments Live Webcast:The Industry's Best x86 Platform for Running Oracle Enterprise Applications Tuesday, April 10, 2012 9:00 AM PDT 40 minutes including Q&A 

    Read the article

  • Kaspersky crée son propre système d'exploitation sécurisé, pour protéger les systèmes critiques des attaques sophistiquées

    Kaspersky crée son propre système d'exploitation sécurisé Pour protéger les systèmes critiques des attaques sophistiquées Devant la complexité sans précédent des dernières cyberattaques massives, Kaspersky Labs décide de prendre les choses en main et propose son propre OS sécurisé. La compagnie engage son expertise et son expérience en matière de sécurité pour concevoir et déployer un système d'exploitation sécurisé pour des systèmes jugés d'une « importance capitale ». Ceci étant dans le but de fournir une couche supplémentaire de protection contre malwares et autres attaques intelligentes. [IMG]http://idelways.developpez.com/news/images/kaspersky-lab.jpg[/IMG]

    Read the article

  • Domain registered with Fake info! [closed]

    - by John
    Possible Duplicate: Providing fake info during domain registration - does it matter? I have registered a Domain with fake info 24 hours ago (I didn't know its illegal! :() its still pending (not available yet) I'm not like, criminal or spammer but I don't want to show my real id, what do you suggest so I don't lose my Domain. Can I transfer it to a service like name.com because I heard they provide ID protection!

    Read the article

  • Security Seminar in Colchester Vermont Wed March 31st

    Kapersky Lab, a computer security company, will be presenting a  1/2 day seminar next week in colchester SECURING BEYOND COMPLIANCE WITH ENCRYPTION & MALWARE PROTECTION March 31 8am to 12:00pm at the Hampton Inn - Colchester VT More information and to register: http://www.npi.net/seminars/...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Comment se débarrasser du nouveau botnet "pratiquement indestructible" ? Les conseils de Microsoft et de Symantec

    Comment se débarrasser du nouveau botnet "pratiquement indestructible" ? Les conseils de Microsoft et de Symantec Microsoft met en garde contre Popureb, un nouveau Rootkit sophistiqué, capable d'écraser le MBR (Master Boot Record) et particulièrement difficile, voire impossible à détecter. Le centre de protection de Microsoft (Microsoft Malware Portection Center) affirme dans un billet de blog que si le système d'exploitation d'un utilisateur est infecté par le Trojan Win32/Popureb.E, il devra rétablir le MBR, et utiliser ensuite le CD de restauration pour restaurer son système à un état antérieur à l'infection.

    Read the article

  • Do I need to have antivirus software installed on a Linux distro?

    - by Vinaychalluru
    I thought that there was no need to scan for viruses in Ubuntu or any Linux distros until I found a virus scanner package named 'clamtk' and 'klamav' in Ubuntu software center yesterday. This leads to the following questions: How do viruses differ between Linux and Windows? How do the strategies for protection differ between Linux and Windows? Should a virus scanner package be installed on my system? If so, which would be a better option?

    Read the article

  • Internet Explorer : Microsoft rejoint la Phishing Initiative, un projet commun avec Paypal et le CERT-LEXSI contre l'hameçonnage

    Internet Explorer : Microsoft rejoint la Phishing Initiative Un projet commun avec Paypal, et le CERT-LEXSI contre l'hameçonnage En partenariat avec le CERT-LEXSI, Microsoft participe à la « phishing initiative » afin de fournir aux utilisateurs français d'Internet Explorer une meilleure protection contre le hameçonnage. Après l'annonce de l'introduction d'une fonctionnalité contre le traçage sur le web dans IE9 Microsoft ne s'arrête pas là malgré les études présentant

    Read the article

  • Popularizing SEO Through Link Building

    The most important thing for a starting SEO site is by creating an authoritative facade that will boost confidence for the site. By this one will be committing the site into an easily accessible link with secure policies for the user such as a posting requesting the user to check out the private data protection criteria once they log on to the site.

    Read the article

  • How hard is to be the anonymous owner of a website?

    - by silla
    I'd like to create a website with a very radical political message. It won't be unethical (encouraging violence, etc) but I feel the points I plan to list in it will definitely make me a lot of enemies. How hard would it be to protect my identity from anyone finding out who I am? I know domains always have a $10/year option for privatizing your registration information but is there any other protection I should think about having? Thanks!

    Read the article

  • Un expert en sécurité sort Aviator, un navigateur basé sur Chromium qui vide son cache par défaut et bloque l'installation des cookies tiers

    Protection de la vie privée : Aviator le nouveau navigateur voit le jour il vide part défaut son cache de navigation et bloque l'installation des cookies tiersSelon des experts en sécurité web, deux types de menaces principales guettent les internautes. Ces menaces ont en commun d'installer sur l'ordinateur des utilisateurs des logiciels. Alors que le premier type installe des malwares, la seconde catégorie est moins dangereuse. Les logiciels qu'elle installe sont plutôt du type espion.Si pour...

    Read the article

  • How To Harden PHP5 With Suhosin On CentOS 5.4

    <b>Howtoforge:</b> "This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: "Suhosin is an advanced protection system for PHP installations that was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core."

    Read the article

  • Google présente une version alpha d'End-to-End, un plugin Chrome pour le chiffrement des courriels de bout en bout

    Google présente une version alpha d'End-to-End, un plugin Chrome pour le chiffrement des courriels de bout en bout Dans son Transparency Report, Google a revêtu son uniforme d'éducateur pour sensibiliser le public sur la protection de leurs courriels pendant qu'ils parcourent le web. Pour pouvoir mieux expliquer cette notion, Moutain View a établi une analogie avec un système qu'il est mieux susceptible de comprendre : la poste. « Quand vous écrivez une lettre à votre amie, vous espérez qu'elle...

    Read the article

  • System Center 2012 : la plateforme de gestion des infrastructures de Cloud privé de Microsoft est disponible en version finale

    System Center 2012 : la plateforme de gestion des infrastructures de Cloud privé de Microsoft est disponible en version finale Mise à jour du 04/04/2012 System Center 2012, la plate-forme complète pour l'administration des postes de travail, des serveurs, des applications et des périphériques, en environnement physique ou virtuel est disponible en version finale. La plateforme regroupe au sein d'une seule solution unifiée, huit produits distincts permettant de déployer des services sur le Cloud, d'assurer la protection des données, de gérer les autres dispositifs non-Microsoft à l'instar de l'iPad, etc. (lire ci-avant). ...

    Read the article

  • A review of the latest version of Crypto Obfuscator for .NET and its features.

    Crypto Obfuscator For .Net is a powerful and easy-to-use product for code protection, deployment and optimization of your your .Net software. A review of the latest version of Crypto Obfuscator for .NET and its features.  read moreBy Peter BrombergDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >