Search Results

Search found 2043 results on 82 pages for 'newly insecure'.

Page 24/82 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • (12.04 vm/server) Dist-upgrade to 3.2.0-63 wants to remove git (1.9.2) and git-core - is that the correct behavior?

    - by YellowShark
    was wondering if anyone knows dist-upgrade wants to remove git. FWIW, this is a pretty simple box, mainly used for web dev. $ uname -a Linux precise64 3.2.0-61-generic #93-Ubuntu SMP Fri May 2 21:31:50 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux $ git --version git version 1.9.2 $ sudo apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be REMOVED: git git-core The following NEW packages will be installed: linux-headers-3.2.0-63 linux-headers-3.2.0-63-generic linux-image-3.2.0-63-generic The following packages will be upgraded: git-man linux-headers-server linux-image-server linux-server phpmyadmin 5 upgraded, 3 newly installed, 2 to remove and 0 not upgraded. Need to get 58.8 MB of archives. After this operation, 199 MB of additional disk space will be used. Do you want to continue [Y/n]?

    Read the article

  • Aspose.Newsletter June 2010 Edition is out now

    Aspose Newsletter for June 2010 has now been published that highlights all the newly supported features offered in the recent releases of its JasperReports exporters, SQL Server rendering extensions, .NET, Java and SharePoint components. This months technical article demonstrates the steps needed to recognize a barcode from a Word document using Aspose.BarCode for .NET and Aspose.Words for .NET. Also several examples for migrating your code from InfoPath Forms Services to Aspose.Form for .NET...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • When to use event.initMouseEvent for simulating mouse clicks?

    - by Protector one
    I wonder if there are benign use-cases for simulating mouse clicks using event.initMouseEvent. I found that it is used for creating pop-under ads in the following way: var e = document.createEvent('MouseEvents'); e.initMouseEvent('click', true, true, window, 0, 0, 0, 0, 0, true, false, false, true, 0, null); a.dispatchEvent(e); This code simulates a click on the opening browser window, to force the newly opened window beneath it. Evil. I'm thinking of simply preventing all simulated clicks in my own browser via a browser extension, but I wonder if I might break useful websites and behavior in the process. Therefore I wonder what situations justify simulating mouse clicks, and if there are big sites that use it in non-evil ways.

    Read the article

  • Database Insider - October 2012 issue

    - by Javier Puerta
    The October issue of the Database Insider newsletter is now available. (Full newsletter here) NEWS   Newly Launched Oracle Exadata X3 Redefines Extreme Performance At Oracle OpenWorld 2012, Oracle announced the general availability of Oracle Exadata Database Machine X3, a complete package of servers, storage, networking, and software that is massively scalable, secure, and fully redundant—and ideally suited for the varied and unpredictable workloads of cloud computing. Read More WEBCASTS What Are Oracle Users Doing to Improve Availability and Disaster Recovery? The Independent Oracle Users Group (IOUG) surveyed more than 350 data managers and professionals regarding planned and unplanned downtime, database high availability, and disaster recovery solutions. Download the report and watch the Webcast today.

    Read the article

  • Compaq Presario R3000 randomly fails to boot on 11.10, 12.04, 12.10

    - by dlfuller
    I’m trying to figure what to do with random failures to boot. My old HP Presario R3000 with AMD Athlon XP-M sometimes boots, sometimes hangs with a blank screen during boot, and sometimes hangs on shutdown. After a few boot attempts it will finally boot to the GNU GRUB screen where I usually can select Recovery Mode, then select return to a normal boot, and the thing will startup and function normally. The pattern is not repeatable and seemed to start after upgrading from 11.04. Clean installs of 12.04 and 12.10 on newly-formatted hard drives make no difference. If this might be a clue, hangs on shutdown often stop at a line with: “pcmcia_socket pcmcia_socket0: cs: IO port probe 0x3000-0x7fff: excluding 0x3000-0x30ff 0x3400-0x34ff 0x3800-0x38ff 0x3c00-0x3cff”. I did try the “acpi=off” modification from 11.10 randomly fails to boot on Compaq Presario R3000 with no change in these random boot failures. Any suggestions sure appreciated.

    Read the article

  • how to use unity-scope-sshsearch?

    - by jakommo
    I used unity-lens-sshsearch on 12.04, 12.10 and 13.04. But after upgrading to 13.10 it's not working any more. (Super+H does nothing) As the lens package is not available on 13.10 I installed unity-scope-sshsearch (successor of the lens?) but do not get any results in the dash for query's like user@host, hostname, 192.168... and so on. My ~/.ssh/config look's like this: Host user@hostname Hostname 192.168.1.1 User user Already tried it with a newly created user, still no results. How is unity-scope-sshsearch intended to work?

    Read the article

  • Missing shared library for Rhythmbox

    - by user1450120
    After I upgraded from 13.04 to 13.10 my rhythmbox wouldn't work. After many failed attempts I ended up uninstalling and removing all traces of rhythmbox I could find. Now I've reinstalled rhythmbox, and am getting the error rhythmbox: error while loading shared libraries: librhythmbox-core.so.7: cannot open shared object file: No such file or directory I've tried sudo apt-get install librhythmbox* Only to get Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'librhythmbox-core5' for regex 'librhythmbox*' Note, selecting 'librhythmbox-core6' for regex 'librhythmbox*' Note, selecting 'librhythmbox-core7' for regex 'librhythmbox*' librhythmbox-core7 is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded. Any ideas on how to get rhythmbox back to a working state?

    Read the article

  • apt-get upgrade E: Sub-process /usr/bin/dpkg returned an error code (1)

    - by user292425
    When I typed apt-get install upgrade, I got error: Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue [Y/n]? y Setting up linux-netizen (1.0.1-1) ... chrome: no process found dpkg: error processing linux-netizen (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: linux-netizen E: Sub-process /usr/bin/dpkg returned an error code (1) So I tried some method to fix it: sudo apt-get install -f and sudo apt-get install --configure -a But all methods are not working. Please help me....

    Read the article

  • Is Google indexing pages that has no connection with other pages? [duplicate]

    - by Grkmksk
    This question already has an answer here: How did Google find my unlinked newly created pages? 3 answers I am working on a web project that has nearly 100 thousand instant users and there is a webpage that we are using for test cases. There are no links pointing to it from other pages. It shouldn't be indexed by Google or any other search engines. "noindex" can be used in this situation, I know but I wonder if Google (or any others) indexes this page, if I don't do anything to prevent it.

    Read the article

  • What's New in JMS 2 - Part 1

    - by reza_rahman
    JMS 2 is one of the most significant parts of Java EE 7. One of the principal goals of the JMS 2 API is improving developer productivity by reducing the amount of code to work with JMS by adopting programming paradigms like higher level abstractions, dependency injection, annotations, runtime exceptions, the builder pattern and intelligent defaults. In a recent OTN article, JMS 2 specification lead Nigel Deakin covers the ease-of-use changes in detail. The article is the first of a two part series on JMS 2. For more visual folks, there is my JMS 2 slide deck: What’s New in Java Message Service 2 from Reza Rahman You can also check out the official specification yourself or try things out with the newly released Java EE 7 SDK.

    Read the article

  • Unable to upgrade 11.04 to 11.10

    - by Kasi
    I have Ubuntu 11.04 installed in my laptop and tried to upgrade it by opening the update manager and and making the necessary settings in settings - updates - release upgrade - normal releases and then hitting the check button. But nothing appeared indicating later version is available to be upgraded. When I run the following sudo apt-get dist-upgrade below is the result that appeared. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Also I am unable to watch YouTube videos in the Firefox 15.0 in my Ubuntu 11.04.

    Read the article

  • How to stop registration attempts on Asterisk

    - by Travesty3
    The main question: My Asterisk logs are littered with messages like these: [2012-05-29 15:53:49] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:50] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:55] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:55] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:57] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device <sip:[email protected]>;tag=cb23fe53 [2012-05-29 15:53:57] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device <sip:[email protected]>;tag=cb23fe53 [2012-05-29 15:54:02] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:54:03] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 21:20:36] NOTICE[5578] chan_sip.c: Registration from '"55435217"<sip:[email protected]>' failed for '65.218.221.180' - No matching peer found [2012-05-29 21:20:36] NOTICE[5578] chan_sip.c: Registration from '"1731687005"<sip:[email protected]>' failed for '65.218.221.180' - No matching peer found [2012-05-30 01:18:58] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=dEBcOzUysX [2012-05-30 01:18:58] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=9zUari4Mve [2012-05-30 01:19:00] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=sOYgI1ItQn [2012-05-30 01:19:02] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=2EGLTzZSEi [2012-05-30 01:19:04] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=j0JfZoPcur [2012-05-30 01:19:06] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=Ra0DFDKggt [2012-05-30 01:19:08] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=rR7q7aTHEz [2012-05-30 01:19:10] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=VHUMtOpIvU [2012-05-30 01:19:12] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=JxZUzBnPMW I use Asterisk for an automated phone system. The only thing it does is receives incoming calls and executes a Perl script. No outgoing calls, no incoming calls to an actual phone, no phones registered with Asterisk. It seems like there should be an easy way to block all unauthorized registration attempts, but I have struggled with this for a long time. It seems like there should be a more effective way to prevent these attempts from even getting far enough to reach my Asterisk logs. Some setting I could turn on/off that doesn't allow registration attempts at all or something. Is there any way to do this? Also, am I correct in assuming that the "Registration from ..." messages are likely people attempting to get access to my Asterisk server (probably to make calls on my account)? And what's the difference between those messages and the "Sending fake auth rejection ..." messages? Further detail: I know that the "Registration from ..." lines are intruders attempting to get access to my Asterisk server. With Fail2Ban set up, these IPs are banned after 5 attempts (for some reason, one got 6 attempts, but w/e). But I have no idea what the "Sending fake auth rejection ..." messages mean or how to stop these potential intrusion attempts. As far as I can tell, they have never been successful (haven't seen any weird charges on my bills or anything). Here's what I have done: Set up hardware firewall rules as shown below. Here, xx.xx.xx.xx is the IP address of the server, yy.yy.yy.yy is the IP address of our facility, and aa.aa.aa.aa, bb.bb.bb.bb, and cc.cc.cc.cc are the IP addresses that our VoIP provider uses. Theoretically, ports 10000-20000 should only be accessible by those three IPs.+-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ | Order | Source Ip | Protocol | Direction | Action | Destination Ip | Destination Port | +-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ | 1 | cc.cc.cc.cc/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 2 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 80 | | 3 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2749 | | 4 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 443 | | 5 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 53 | | 6 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1981 | | 7 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1991 | | 8 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2001 | | 9 | yy.yy.yy.yy/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 137-138 | | 10 | yy.yy.yy.yy/255.255.255.255 | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 139 | | 11 | yy.yy.yy.yy/255.255.255.255 | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 445 | | 14 | aa.aa.aa.aa/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 17 | bb.bb.bb.bb/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 18 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1971 | | 19 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2739 | | 20 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1023-1050 | | 21 | any | all | inbound | deny | any on server | 1-65535 | +-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ Set up Fail2Ban. This is sort of working, but it's reactive instead of proactive, and doesn't seem to be blocking everything (like the "Sending fake auth rejection ..." messages). Set up rules in sip.conf to deny all except for my VoIP provider. Here is my sip.conf with almost all commented lines removed (to save space). Notice at the bottom is my attempt to deny all except for my VoIP provider:[general] context=default allowguest=no allowoverlap=no bindport=5060 bindaddr=0.0.0.0 srvlookup=yes disallow=all allow=g726 allow=ulaw allow=alaw allow=g726aal2 allow=adpcm allow=slin allow=lpc10 allow=speex allow=g726 insecure=invite alwaysauthreject=yes ;registertimeout=20 registerattempts=0 register = user:pass:[email protected]:5060/700 [mysipprovider] type=peer username=user fromuser=user secret=pass host=sip.mysipprovider.com fromdomain=sip.mysipprovider.com nat=no ;canreinvite=yes qualify=yes context=inbound-mysipprovider disallow=all allow=ulaw allow=alaw allow=gsm insecure=port,invite deny=0.0.0.0/0.0.0.0 permit=aa.aa.aa.aa/255.255.255.255 permit=bb.bb.bb.bb/255.255.255.255 permit=cc.cc.cc.cc/255.255.255.255

    Read the article

  • How to access the FirstData web service integration WSDL file?

    - by rcampbell
    FirstData has horrendous customer support, but I have to integrate with their Global Gateway web service for a project I'm working on. I'm simply trying to run the Axis2 wsdl2java tool according to the instructions in their manual. This basically consists of adding the keyStore and keyStorePassword JVM parameter. I've done both, but I continue to get Connection reset errors when trying to run: wsdl2java.bat -uri https://www.staging.linkpointcentral.com/fdggwsapi/order.wsdl -S C:\ When I try to access the URL with my browser, I get Error 101 (net::ERR_CONNECTION_RESET): Unknown error. I assume there are developers out there who have completed a FirstData web service integration. What am I doing wrong? I've also tried connecting via cURL: C:\curl-7.19.7-ssl-sspi-zlib-static-bin-w32>curl --cert C:\FDGGWS\WSXXXXXXXXXX._.1.pem --key C:\FDGGWS\WSXXXXXXXXXX._.1.key --insecure https://www.staging.linkpointcentral.com/fdggwsapi/order.wsdl Enter PEM pass phrase: curl: (52) SSL read: error:00000000:lib(0):func(0):reason(0), errno 10054 I know I'm entering the correct key password because when I enter a fake one I get: curl: (58) unable to set private key file: 'C:\FDGGWS\WSXXXXXXXXXX._.1.key' type PEM

    Read the article

  • Why is it 8 here,understanding buffer overflow

    - by Mask
    void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; ret = buffer1 + 12; (*ret) += 8;//why is it 8?? } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); } The above demo is from here: http://insecure.org/stf/smashstack.html But it's not working here: D:\test>gcc -Wall -Wextra hw.cpp && a.exe hw.cpp: In function `void function(int, int, int)': hw.cpp:6: warning: unused variable 'buffer2' hw.cpp: At global scope: hw.cpp:4: warning: unused parameter 'a' hw.cpp:4: warning: unused parameter 'b' hw.cpp:4: warning: unused parameter 'c' 1 And I don't understand why it's 8 though the author thinks: A little math tells us the distance is 8 bytes.

    Read the article

  • Facebook Connect - Security Warning

    - by Skoder
    Hey all, I'm using Facebook connect using FBML tags. Although it works, when I run the site in Internet Explorer, a security warning comes up similar to this: The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this? Current site: http://www.facebook.com Trusted site: http://localhost" My Facebook code involves these two: http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js I tried changing them to HTTPS: https://ssl.connect... but the errors still appear. None of my pages use SSL. I've also tried turning facebook-logo='false' but still no luck. Any ideas on how to fix this? Although it's not show-stopping, it doesn't give a good impression to users who may be feel it insecure. Thanks

    Read the article

  • WCF Service Authentication problem?

    - by Marcus
    I have an application which exposes lots of interfaces via net.tcp protocol, using both SecurityMode.Transport and SecurityMode.None (I really need support for both). My whole application is written in a DLL file. I have a form which consumes this DLL and now I made a Windows Service to consume this DLL. The problem is, when this windows service goes up, the insecure service throws this exception: Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding. In the client side, nothing has changed. Is there any reason for this behaviour? The program is exactly the same. When I run the same test with the form app, it works... ps: I've already tried running the windows service as: SYSTEM, NETWORK SERVICE and my user account (which runs the form app) Thanks

    Read the article

  • faking a filesystem / virtual filesystem

    - by attwad
    I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how. What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user. Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.

    Read the article

  • Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

    - by yourfriendzak
    I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

    Read the article

  • rpcbind authorization problems

    - by Milan
    Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

    Read the article

  • Using JavaScript eval to parse JSON

    - by Quandary
    Question: I'm using eval to parse a JSON return value from one of my WebMethods. I prefer not to add jquery-json because the transfer volume is already quite large. So I parse the JSON return value with eval. Now rumors go that this is insecure. Why ? Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway. And if they do it locally, JavaScript only executes in their browser. So I fail to see where the problem is. Can anybody shed some light on this, using this concrete example? function OnWebMethodSucceeded(JSONstrWebMethodReturnValue) { var result=eval('(' + JSONstrWebMethodReturnValue + ')') ... // Adding result.xy to a table }

    Read the article

  • Permission denied - /tmp/.ruby_inline/Inline_ImageScience_cdab.c

    - by Ikaros
    I have a Ruby on Rails app that I've recently deployed to a remote server (Ubuntu 9.10, nginx, passenger, ruby-enterprise) and I'm getting the error (works fine locally): Permission denied - /var/www/project_name/tmp/.ruby_inline/Inline_ImageScience_cdab.c First, the folder /tmp/.ruby_inline/ is empty - should it be? Is it trying to create Inline_ImageScience_cdab.c or read it? I think I have all the required gems installed: 'gem list' shows image_science and RubyInline installed. libfreeimage3 and libfreeimage-dev are also installed. I've run chmod 755 on /tmp/.ruby_inline/ to match the permissions on surrounding folders but I cannot go any higher than that, however, or I get another error: /var/www/project_name/tmp/.ruby_inline is insecure (40777). It may not be group or world writable. Exiting. And I guess second, why am I getting this error? :) Thanks

    Read the article

  • Dealing with HTTP content in HTTPS pages

    - by El Yobo
    We have a site which is accessed entirely over HTTPS, but sometimes display external content which is HTTP (images from RSS feeds, mainly). The vast majority of our users are also stuck on IE6. I would both of the following Prevent the IE warning message about insecure content Present something useful to users in place of the images that they can't otherwise see; if there was some JS I could run to figure out which images haven't been loaded and replace them with an image of ours instead that would be great. I suspect that the first aim is simply not possible, but the second may be sufficient. A worst case scenario is that I parse the RSS feeds when we import them, grab the images store them locally so that the users can access them that way, but it seems like a lot of pain for reasonably little gain.

    Read the article

  • Characteristics of an Initialization Vector

    - by Jamie Chapman
    I'm by no means a cryptography expert, I have been reading a few questions around Stack Overflow and on Wikipedia but nothing is really 'clear cut' in terms of defining an IV and it's usage. Points I have discovered: An IV is pre-pended to a plaintext message in order to strengthen the encryption The IV is truely random Each message has it's own unique IV Timestamps and cryptographic hashes are sometimes used instead of random values, but these are considered to be insecure as timestamps can be predicted One of the weaknesses of WEP (in 802.11) is the fact that the IV will reset after a specific amount of encryptions, thus repeating the IV I'm sure there are many other points to be made, what have I missed? (or misread!)

    Read the article

  • Is it secure to use malloc?

    - by Felix Guerrero
    Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into? Quoting him: [..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."

    Read the article

  • C#, MEF - Sign trusted plugins for abuse reduction

    - by Marks
    Hi there. I have a program that is extendable by plugins using the Microsoft Extensibility Framework. But i dont want untrusted sources to give out plugins that may be insecure. So i want to sign the plugins (maybe with Visual Studio's built in signing) and check if the plugins are trustworthy at program start. I didn't find a way to check DLL signing from inside C#. And also there is the problem, that I load the plugins with a DirectoryCatalog. There is no way to tell, which plugin is from which file. Anyone knows a way to do this? Thanks for any help, Marks

    Read the article

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >