Search Results

Search found 1066 results on 43 pages for 'vulnerability scanning'.

Page 29/43 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

• April 2010 Critical Patch Update Released

  - by eric.maurice

  Hi, this is Eric Maurice. Today Oracle released the April 2010 Critical Patch Update (CPUApr2010),the first one to include security fixes for Oracle Solaris. Today's Critical Patch Update (CPU) provides 47 new security fixes across the following product families: Oracle Database Server, Oracle Fusion Middleware, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Life Sciences, Retail, and Communications Industry Suites, and Oracle Solaris. 28 of these 47 new vulnerabilities are remotely exploitable without authentication, but the criticality of the affected components and the severity of these vulnerabilities vary greatly. Customers should, as usual, refer to the Risk Matrices in the CPU Advisory to assess the relevance of these fixes for their environment (and the urgency with which to apply the fixes). 7 of the 47 new vulnerabilities affect various versions of Oracle Database Server. None of these 7 vulnerabilities are remotely exploitable without authentication. Furthermore, none of these fixes are applicable to client-only deployments. The most severe CVSS Base Score for the Database Server vulnerabilities is 7.1. As a reminder, information about Oracle's use of the CVSS 2.0 standard can be found in Note 394487.1 (My Oracle Support subscription required). Note that this Critical Patch Update includes fixes for vulnerabilities that were publicly disclosed by David Litchfield at the BlackHat DC Conference in early February (CVE-2010-0866 and CVE-2010-0867). 5 of the 47 new vulnerabilities affect various components of the Oracle Fusion Middleware product family. The highest CVSS Base Score for these vulnerabilities is 7.5. Note that the patches for Oracle WebLogic Server are cumulative and this Critical Patch Update therefore also includes a fix for a vulnerability (CVE-2010-0073) that was the subject of a Security Alert issued by Oracle on February 4, 2010. Customers, who have not applied the previously-released patch, should apply today's Critical Patch Update as soon as possible. As stated at the beginning of this blog, it is also noteworthy to highlight that this Critical Patch Update provides 16 new fixes for the Sun product line. With the recent close of the Sun acquisition both security organizations have worked diligently to align Sun's previous security practices with Oracle's. Java users know that Oracle released a Critical Patch Update for Java SE and Java For Business earlier this month (in accordance with the Java patching schedule previously published by Sun Microsystems). Please note that for the first time, the Java advisories included CVSS Scores to help assess the severity of the new vulnerabilities fixed with the advisory. The rapid inclusion of the Solaris product lines in the Critical Patch Update and the extension of Oracle Software Security Assurance to Sun technologies are evidence of the flexibility of Oracle's security assurance programs. These should also result in tangible security benefits for the users of the Oracle hardware and software stack (such as a predictable patching schedule for all Oracle products).

  Read the article

• How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

  - by Matthew Patrick Cashatt

  Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

  Read the article

• Wireless Connected But No Internet Connection (Ubuntu 12.04)

  - by Zxy

  I am using same network for 2 days and everything was normal. However, today even though it shows me as connected to the network, I do not have internet connection. If I use ethernet cable instead of wireless, I am still able to connect to the internet. Also my friends are able to connect to the wireless network and they can get internet connection. I did not update or install anything since yesterday. Therefore I do not have any idea why it is happening. Here is some information about my connection: I will be appreciate to any kind of help. root@ghostrider:/etc/resolvconf# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.023 ms 64 bytes from 127.0.0.1: icmp_req=3 ttl=64 time=0.036 ms 64 bytes from 127.0.0.1: icmp_req=4 ttl=64 time=0.040 ms ^C --- 127.0.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.023/0.035/0.042/0.008 ms root@ghostrider:/etc/resolvconf# ping 192.168.1.3 PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data. ^C --- 192.168.1.3 ping statistics --- 19 packets transmitted, 0 received, 100% packet loss, time 18143ms root@ghostrider:/etc/resolvconf# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 11 packets transmitted, 0 received, 100% packet loss, time 10079ms root@ghostrider:/etc/resolvconf# cat /etc/lsb-release; uname -a DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS" Linux ghostrider 3.2.0-24-generic-pae #39-Ubuntu SMP Mon May 21 18:54:21 UTC 2012 i686 i686 i386 GNU/Linux root@ghostrider:/etc/resolvconf# lspci -nnk | grep -iA2 net 03:00.0 Ethernet controller [0200]: Atheros Communications Inc. AR8131 Gigabit Ethernet [1969:1063] (rev c0) Subsystem: Lenovo Device [17aa:3956] Kernel driver in use: atl1c -- 04:00.0 Network controller [0280]: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller [14e4:4727] (rev 01) Subsystem: Broadcom Corporation Device [14e4:0510] Kernel driver in use: wl root@ghostrider:/etc/resolvconf# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 007: ID 0489:e00d Foxconn / Hon Hai Bus 001 Device 004: ID 1c7a:0801 LighTuning Technology Inc. Fingerprint Reader Bus 001 Device 005: ID 064e:f219 Suyin Corp. Bus 002 Device 010: ID 0424:2412 Standard Microsystems Corp. Bus 002 Device 004: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 002 Device 011: ID 0403:6010 Future Technology Devices International, Ltd FT2232C Dual USB-UART/FIFO IC root@ghostrider:/etc/resolvconf# iwconfig lo no wireless extensions. eth1 IEEE 802.11 ESSID:"PoliTekno" Mode:Managed Frequency:2.462 GHz Access Point: 00:16:E3:40:C3:E4 Bit Rate=54 Mb/s Tx-Power:24 dBm Retry min limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=5/5 Signal level=-52 dBm Noise level=-97 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 eth0 no wireless extensions. root@ghostrider:/etc/resolvconf# rfkill list all 0: brcmwl-0: Wireless LAN Soft blocked: no Hard blocked: no 1: ideapad_wlan: Wireless LAN Soft blocked: no Hard blocked: no 2: ideapad_bluetooth: Bluetooth Soft blocked: no Hard blocked: no 5: hci0: Bluetooth Soft blocked: no Hard blocked: no root@ghostrider:/etc/resolvconf# lsmod Module Size Used by nls_iso8859_1 12617 0 nls_cp437 12751 0 vfat 17308 0 fat 55605 1 vfat usb_storage 39646 0 uas 17828 0 snd_hda_codec_realtek 174055 1 rfcomm 38139 12 parport_pc 32114 0 ppdev 12849 0 bnep 17830 2 joydev 17393 0 ftdi_sio 35859 1 usbserial 37173 3 ftdi_sio snd_hda_intel 32765 3 snd_hda_codec 109562 2 snd_hda_codec_realtek,snd_hda_intel snd_hwdep 13276 1 snd_hda_codec acer_wmi 23612 0 hid_logitech_dj 18177 0 snd_pcm 80845 2 snd_hda_intel,snd_hda_codec uvcvideo 67203 0 btusb 17912 2 snd_seq_midi 13132 0 videodev 86588 1 uvcvideo bluetooth 158438 23 rfcomm,bnep,btusb psmouse 72919 0 usbhid 41906 1 hid_logitech_dj snd_rawmidi 25424 1 snd_seq_midi intel_ips 17753 0 serio_raw 13027 0 root@ghostrider:/etc/resolvconf# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.023 ms 64 bytes from 127.0.0.1: icmp_req=3 ttl=64 time=0.036 ms 64 bytes from 127.0.0.1: icmp_req=4 ttl=64 time=0.040 ms ^C --- 127.0.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.023/0.035/0.042/0.008 ms root@ghostrider:/etc/resolvconf# ping 192.168.1.3 PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data. ^C --- 192.168.1.3 ping statistics --- 19 packets transmitted, 0 received, 100% packet loss, time 18143ms root@ghostrider:/etc/resolvconf# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 11 packets transmitted, 0 received, 100% packet loss, time 10079ms root@ghostrider:/etc/resolvconf# cat /etc/lsb-release; uname -a DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS" Linux ghostrider 3.2.0-24-generic-pae #39-Ubuntu SMP Mon May 21 18:54:21 UTC 2012 i686 i686 i386 GNU/Linux root@ghostrider:/etc/resolvconf# lspci -nnk | grep -iA2 net 03:00.0 Ethernet controller [0200]: Atheros Communications Inc. AR8131 Gigabit Ethernet [1969:1063] (rev c0) Subsystem: Lenovo Device [17aa:3956] Kernel driver in use: atl1c -- 04:00.0 Network controller [0280]: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller [14e4:4727] (rev 01) Subsystem: Broadcom Corporation Device [14e4:0510] Kernel driver in use: wl root@ghostrider:/etc/resolvconf# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 007: ID 0489:e00d Foxconn / Hon Hai Bus 001 Device 004: ID 1c7a:0801 LighTuning Technology Inc. Fingerprint Reader Bus 001 Device 005: ID 064e:f219 Suyin Corp. Bus 002 Device 010: ID 0424:2412 Standard Microsystems Corp. Bus 002 Device 004: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 002 Device 011: ID 0403:6010 Future Technology Devices International, Ltd FT2232C Dual USB-UART/FIFO IC root@ghostrider:/etc/resolvconf# iwconfig lo no wireless extensions. eth1 IEEE 802.11 ESSID:"PoliTekno" Mode:Managed Frequency:2.462 GHz Access Point: 00:16:E3:40:C3:E4 Bit Rate=54 Mb/s Tx-Power:24 dBm Retry min limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=5/5 Signal level=-52 dBm Noise level=-97 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 eth0 no wireless extensions. root@ghostrider:/etc/resolvconf# rfkill list all 0: brcmwl-0: Wireless LAN Soft blocked: no Hard blocked: no 1: ideapad_wlan: Wireless LAN Soft blocked: no Hard blocked: no 2: ideapad_bluetooth: Bluetooth Soft blocked: no Hard blocked: no 5: hci0: Bluetooth Soft blocked: no Hard blocked: no root@ghostrider:/etc/resolvconf# lsmod Module Size Used by nls_iso8859_1 12617 0 nls_cp437 12751 0 vfat 17308 0 fat 55605 1 vfat usb_storage 39646 0 uas 17828 0 snd_hda_codec_realtek 174055 1 rfcomm 38139 12 parport_pc 32114 0 ppdev 12849 0 bnep 17830 2 joydev 17393 0 ftdi_sio 35859 1 usbserial 37173 3 ftdi_sio snd_hda_intel 32765 3 snd_hda_codec 109562 2 snd_hda_codec_realtek,snd_hda_intel snd_hwdep 13276 1 snd_hda_codec acer_wmi 23612 0 hid_logitech_dj 18177 0 snd_pcm 80845 2 snd_hda_intel,snd_hda_codec uvcvideo 67203 0 btusb 17912 2 snd_seq_midi 13132 0 videodev 86588 1 uvcvideo bluetooth 158438 23 rfcomm,bnep,btusb psmouse 72919 0 usbhid 41906 1 hid_logitech_dj snd_rawmidi 25424 1 snd_seq_midi intel_ips 17753 0 serio_raw 13027 0 hid 77367 2 hid_logitech_dj,usbhid ideapad_laptop 17890 0 sparse_keymap 13658 2 acer_wmi,ideapad_laptop lib80211_crypt_tkip 17275 0 snd_seq_midi_event 14475 1 snd_seq_midi snd_seq 51567 2 snd_seq_midi,snd_seq_midi_event wl 2646601 0 wmi 18744 1 acer_wmi i915 414672 3 drm_kms_helper 45466 1 i915 snd_timer 28931 2 snd_pcm,snd_seq mac_hid 13077 0 snd_seq_device 14172 3 snd_seq_midi,snd_rawmidi,snd_seq lib80211 14040 2 lib80211_crypt_tkip,wl drm 197692 4 i915,drm_kms_helper i2c_algo_bit 13199 1 i915 snd 62064 15 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_rawmidi,snd_se q,snd_timer,snd_seq_device video 19068 1 i915 mei 36570 0 soundcore 14635 1 snd snd_page_alloc 14108 2 snd_hda_intel,snd_pcm lp 17455 0 parport 40930 3 parport_pc,ppdev,lp atl1c 36718 0 root@ghostrider:/etc/resolvconf# nm-tool NetworkManager Tool State: connected (global) - Device: eth1 [PoliTekno] ---------------------------------------------------- Type: 802.11 WiFi Driver: wl State: connected Default: yes HW Address: AC:81:12:7F:6B:B2 Capabilities: Speed: 54 Mb/s Wireless Properties WEP Encryption: yes WPA Encryption: yes WPA2 Encryption: yes Wireless Access Points (* = current AP) CnDStudios: Infra, 00:12:BF:3F:0A:8A, Freq 2412 MHz, Rate 54 Mb/s, Strength 85 WPA AIR_TIES: Infra, 00:1C:A8:6E:84:32, Freq 2462 MHz, Rate 54 Mb/s, Strength 72 WPA2 VKSS: Infra, 00:E0:4D:01:0D:47, Freq 2452 MHz, Rate 54 Mb/s, Strength 62 WPA2 PROGEDA: Infra, 00:1A:2A:60:BF:61, Freq 2462 MHz, Rate 54 Mb/s, Strength 47 WPA MobilAtolye: Infra, 72:2B:C1:65:75:3C, Freq 2422 MHz, Rate 54 Mb/s, Strength 35 WPA WPA2 AIRTIES_WAR-141: Infra, 00:1C:A8:AB:AA:48, Freq 2422 MHz, Rate 54 Mb/s, Strength 35 WPA WPA2 tilda_biri_yeni: Infra, 54:E6:FC:B0:3C:E9, Freq 2437 MHz, Rate 0 Mb/s, Strength 34 WEP *PoliTekno: Infra, 00:16:E3:40:C3:E4, Freq 2462 MHz, Rate 54 Mb/s, Strength 100 WPA2 AIRTIES_RJY: Infra, 00:1A:2A:BD:85:16, Freq 2462 MHz, Rate 54 Mb/s, Strength 55 WEP IPv4 Settings: Address: 0.0.0.0 Prefix: 24 (255.255.255.0) Gateway: 192.168.1.1 DNS: 192.168.1.1 - Device: eth0 ----------------------------------------------------------------- Type: Wired Driver: atl1c State: unavailable Default: no HW Address: F0:DE:F1:6C:90:65 Capabilities: Carrier Detect: yes Speed: 100 Mb/s Wired Properties Carrier: off root@ghostrider:/etc/resolvconf# sudo iwlist scan lo Interface doesn't support scanning. eth1 Scan completed : Cell 01 - Address: 00:16:E3:40:C3:E4 ESSID:"PoliTekno" Mode:Managed Frequency:2.462 GHz (Channel 11) Quality:5/5 Signal level:-48 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Cell 02 - Address: 00:E0:4D:01:0D:47 ESSID:"VKSS" Mode:Managed Frequency:2.452 GHz (Channel 9) Quality:4/5 Signal level:-64 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s 48 Mb/s; 54 Mb/s Cell 03 - Address: 00:1C:A8:AB:AA:48 ESSID:"AIRTIES_WAR-141" Mode:Managed Frequency:2.422 GHz (Channel 3) Quality:2/5 Signal level:-77 dBm Noise level:-95 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK IE: Unknown: DDB20050F204104A0001101049001E007FC5100018DE7CF0D8B70223A62711C18926AC290E30303030303139631044000102103B0001031047001076B31BC241E953CB99C3872554425A28102100194169725469657320576972656C657373204E6574776F726B73102300074169723534343010240008312E322E302E31321042000F4154303939313131383030323832351054000800060050F20400011011000741697235343430100800020084103C000103 IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Cell 04 - Address: 72:2B:C1:65:75:3C ESSID:"MobilAtolye" Mode:Managed Frequency:2.422 GHz (Channel 3) Quality:2/5 Signal level:-78 dBm Noise level:-92 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : TKIP CCMP Authentication Suites (1) : PSK IE: Unknown: DDA20050F204104A0001101044000102103B00010310470010BC329E001DD811B28601722BC165753C1021001D48756177656920546563686E6F6C6F6769657320436F2E2C204C74642E1023001C48756177656920576972656C6573732041636365737320506F696E74102400065254323836301042000831323334353637381054000800060050F204000110110009487561776569415053100800020084103C000100 IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : TKIP CCMP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s 18 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 12 Mb/s 24 Mb/s; 48 Mb/s Cell 05 - Address: 00:12:BF:3F:0A:8A ESSID:"CnDStudios" Mode:Managed Frequency:2.412 GHz (Channel 1) Quality:5/5 Signal level:-47 dBm Noise level:-95 dBm IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (1) : TKIP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s 6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Cell 06 - Address: 00:1C:A8:6E:84:32 ESSID:"AIR_TIES" Mode:Managed Frequency:2.462 GHz (Channel 11) Quality:5/5 Signal level:-56 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s 6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Cell 07 - Address: 54:E6:FC:B0:3C:E9 ESSID:"tilda_biri_yeni" Mode:Managed Frequency:2.437 GHz (Channel 6) Quality:1/5 Signal level:-85 dBm Noise level:-99 dBm Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 12 Mb/s; 24 Mb/s; 36 Mb/s; 9 Mb/s; 18 Mb/s 48 Mb/s; 54 Mb/s Cell 08 - Address: 18:28:61:16:57:C3 ESSID:"obilet" Mode:Managed Frequency:2.437 GHz (Channel 6) Quality:1/5 Signal level:-88 dBm Noise level:-99 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : CCMP TKIP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Cell 09 - Address: 00:1A:2A:60:BF:61 ESSID:"PROGEDA" Mode:Managed Frequency:2.462 GHz (Channel 11) Quality:2/5 Signal level:-75 dBm Noise level:-98 dBm IE: WPA Version 1 Group Cipher : TKIP Pairwise Ciphers (1) : TKIP Authentication Suites (1) : PSK Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s 6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s eth0 Interface doesn't support scanning.

  Read the article

• Help writing server script to ban IP's from a list

  - by Chev_603

  I have a VPS that I use as an openvpn and web server. For some reason, my apache log files are filled with thousands of these hack attempts: "POST /xmlrpc.php HTTP/1.0" 404 395 These attack attempts fill up 90% of my logs. I think it's a WordPress vulnerability they're looking for. Obviously they are not successful (I don't even have Wordpress on my server), but it's annoying and probably resource consuming as well. I am trying to write a bash script that will do the following: Search the apache logs and grab the offending IP's (even if they try it once), Sort them into a list with each unique IP on a seperate line, And then block them using the IP table rules. I am a bash newb, and so far my script does everything except Step 3. I can manually block the IP's, but that's tedious and besides, this is Linux and it's perfectly capable of doing it for me. I also want the script to be customizable so that I (or anyone else who wants to use it) can change the variables to suit whatever situation I/they may deal with in the future. Here is the script so far: #!/bin/bash ##IP LIST GENERATOR ##Author Chev Young ##Script to search Apache logs and list IP's based on custom filters ## ##Define our variables: DIRECT=~/Script ##Location of script&where to put results/temp files LOGFILE=/var/log/apache2/access.log ## Logfile to search for offenders TEMPLIST=xml_temp ## Temporary file name IP_LIST=ipstoban ## Name of results file FILTER1=xmlrpc ## What are we looking for? (Requests we want to ban) cd $DIRECT if [ ! -f $TEMPLIST ];then touch $TEMPLIST ##Create temp file fi cat $LOGFILE | grep $FILTER1 >> $DIRECT/$TEMPLIST ## Only interested in the IP's, so: sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d $DIRECT/$TEMPLIST | sort | uniq > $DIRECT/$IP_LIST rm $TEMPLIST ## Clean temp file echo "Done. Results located at $DIRECT/$IP_LIST" So I need help with the next part of the script, which should ban the IP's (incoming and perhaps outgoing too) from the resulting $IP_LIST file. I don't care if it utilizes UFW or IPTables directly, as long as it bans the IP's. I'd probably run it as a cron task. What I'm having trouble with is understanding how to use line of the result file as a seperate variable to do something like: ufw deny $IP1 $IP2 $IP3, ect Any ideas? Thanks.

  Read the article

• Maven 3 - duplicate declaration of version

  - by Taylor Leese

  I just upgraded to m2eclipse version 0.10 which includes an embedded Maven 3 and I'm now getting the following error when trying to run a build. I've already set Maven-Installations to my Maven 2 installation, but it had no effect. How do I resolve this? [INFO] Scanning for projects... [ERROR] The build could not read 1 project -> [Help 1] [ERROR] The project com.stuff:sutff-web:0.0.1-SNAPSHOT (C:\development\taylor\stuff\pom.xml) has 1 error [ERROR] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: com.google.appengine:appengine-api-labs:jar -> duplicate declaration of version ${gae.version} [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException

  Read the article

• How to disable windows server 2008 timestamp response

  - by Cal

  Posted this question on stackoverflow but then got instructed to post it here: I was using Rapid7's Nexpose to scan one of our web servers (windows server 2008), and got a vulnerability for timestamp response. According to Rapid7, timestamp response shall be disabled: http://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp So far I have tried several things: Edit the registry, add a "Tcp1323Opts" key to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, and set it to 0. http://technet.microsoft.com/en-us/library/cc938205.aspx Use this command: netsh int tcp set global timestamps=disabled Tried powershell command: Set-netTCPsetting -SettingName InternetCustom -Timestamps disabled (got error: Set-netTCPsetting : The term 'Set-netTCPsetting' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.) None of above attempts was successful, after re-scan we still got the same alert. Rapid7 suggested using a firewall that's capable of blocking it, but we want to know if there is a setting on windows to achieve it. Is it through a specific port? If yes, what is the port number? If not, could you suggest a 3rd party firewall that is capable of blocking it? Thank you very much.

  Read the article

• Netbeans autocomplete unusably slow/nonfunctional in Netbeans 6.8 Latest

  - by Stefan Kendall

  I'm running a 2.5Ghz C2D with 4GB RAM, so there's no reason hardwre-wise why Netbeans should be peforming so poorly. Using the latest Netbeans release and grails plugin (installed via the plugin manager), automcomplete is either too slow to use or doesn't work at all. If I'm within a class, and I attempt to auto-complete a field, it takes 3-4 seconds before being able to finish the field name. If I'm in a class of the same package (like a unit test), I can't get any of the properties to appear on the object. Furthermore, it says "Scanning in progress" for a full 5-6 seconds before pulling up the method list. Is there a way to fix this behavior?

  Read the article

• Maven: Cannot get the help goals working (clean:help, compiler:help, etc)

  - by SirFabel

  Hi, I am new in Maven. Do you know what am I doing wrong below? Thanks SirFabel mvn -e clean:help Warning: JAVA_HOME environment variable is not set. + Error stacktraces are turned on. [INFO] Scanning for projects... [INFO] Searching repository for plugin with prefix: 'clean'. [INFO] ------------------------------------------------------------------------ [ERROR] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Required goal not found: clean:help in org.apache.maven.plugins:maven-clean-plugin:2.2 [INFO] ------------------------------------------------------------------------ [INFO] Trace org.apache.maven.BuildFailureException: Required goal not found: clean:help in org.apache.maven.plugins:maven-clean-plugin:2.2 at org.apache.maven.lifecycle.DefaultLifecycleExecutor.getMojoDescriptor(DefaultLifecycleExecutor.java:1867) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.segmentTaskListByAggregationNeeds(DefaultLifecycleExecutor.java:462) at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:175) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:328)

  Read the article

• Zxing barcode source code integration to the android project.

  - by sujitjitu

  Hi I want to integrate the zxing source code to my android application. I have downloaded the zxing1.5 and integrate the whole code to my application and i am calling the activity "CaptureActivity" through intent. It is showing only the camera view but it is not scanning the barcode. Can u please tell me how to solve this problem because i want my application to be stand alone. i don't want to install BarcodeScanner.apk separately in the device. thanks in advance....

  Read the article

• Quick question on session security.

  - by Scarface

  Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

  Read the article

• Using RegEx to replace invalid characters

  - by yeahumok

  Hello I have a directory with lots of folders, subfolder and all with files in them. The idea of my project is to recurse through the entire directory, gather up all the names of the files and replace invalid characters (invalid for a SharePoint migration). However, i'm completely unfamiliar with Regular Expressions. The characters i need to get rid in filenames are: ~, #, %, &, *, { } , \, /, :, <, ?, -, | and "" I want to replace these characters with a blank space. I was hoping to use a string.replace() method to look through all these file names and do the replacement. So far, the only code i've gotten to is the recursion. I was thinking of the recursion scanning the drive, fetching the names of these files and putting them in a List. Can anybody help me with how to find/replace invalid chars with RegEx with those specific characters?

  Read the article

• Why are my Windows 7 updates continuously failing?

  - by Chris C.

  I'm an advanced level user here with an odd issue. I have two Windows Updates that are failing to install, every single time. I'm getting a mysterious "Code 1" error on both updates, an error for which I'm having difficulty finding a solution. The updates in question are: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [May 2011] Because these updates are failing, the Shut Down button in my start menu always has the shield icon next to it, indicating that "new" updates will be installed on shut down. But, of course, they'll fail and when the PC is restarted, the shield icon is still there. When checking the update history and viewing the details of the failed updates, I get the following: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) Installation date: ?6/?29/?2011 3:00 AM Installation status: Failed Error details: Code 1 Update type: Important A security issue has been identified leading to MFC application vulnerability in DLL planting due to MFC not specifying the full path to system/localization DLLs. You can protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. More information: http://go.microsoft.com/fwlink/?LinkId=216803 System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [May 2011] Installation date: ?6/?28/?2011 3:00 AM Installation status: Failed Error details: Code 1 Update type: Important This tool is being offered because an inconsistency was found in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This tool checks your computer for such inconsistencies and tries to resolve issues if found. More information: http://support.microsoft.com/kb/947821 About My System I'm running Windows 7 Home Premium x64 Edition. This is a custom PC build and the OS was installed fresh, not an upgrade from a previous version. I've been running this system for about 4 months. Windows Updates aside, the system is usually quite stable. Thanks in advance for your help!

  Read the article

• Router slowing my connection?

  - by Roberto

  I have a Linksys WRT54G and I pay for a 12Mbps connection. I've been testing my connection using speedtest.net for many days and always get 8Mbps. I called the support and they told me to bypass the router and test. I did it and got 16Mbps (much more than I pay for), so I thought "this guy just changed my speed so can he blame my router", and he blamed it. But to my surprise, everytime I bypass the router I get 16Mbps and when I use the router I get 8Mbps. Is this guy trolling me somehow (configuring the VOIP-modem-stuff to different profiles depending o the MAC address connecting to it) or is my router a POS? How can I find out? I don't know what's the thing the router connects to, it's a kind of VOIP adapter; the link is this one, but unfortunately I don't think you'll understand because it's in Portuguese. I know they can remotely connect to it, that's the origin of my conspiracy theory :) I just tested wired to the router and got 10Mbps (and still 8Mbps on wifi and 16Mbps without router) O_o I'm 5cm away from my router, so no obstacles to interfere, right? ------ UPDATE ------- It's a WRT54G V8, I'm using firmware v8.00.7 (will install 8.00.8 tomorrow, but I saw that it's only a minor fix to UPnP denial of service security vulnerability). Results: IPerf LAN-LAN: 80Mbps IPerf LAN-WLAN: 19Mbps (therefore we can ignore wireless issues/settings) I wasn't able to make the (W)LAN-WAN NAT-enabled test with IPerf, I get a connection refused error. I'm not sure if did it right: ran in server mode, configured router to forward that port to my IP and tried to connect to my internet IP that got from this site. I don't think there is a way to disable NAT using this firmware. Question: Let's suppose it's an underpowered hardware issue. Is it right to assume that custom firmwares could resolve the issue because they are possibly better implemented and would make better use of the router resources? I couldn't find any references pointing to wired performance improvements with the use of custom firmware.

  Read the article

• Automatically check for Security Updates on CentOS or Scientific Linux?

  - by Stefan Lasiewski

  We have machines running RedHat-based distros such as CentOS or Scientific Linux. We want the systems to automatically notify us if there are any known vulnerabilities to the installed packages. FreeBSD does this with the ports-mgmt/portaudit port. RedHat provides yum-plugin-security, which can check for vulnerabilities by their Bugzilla ID, CVE ID or advisory ID. In addition, Fedora recently started to support yum-plugin-security. I believe this was added in Fedora 16. Scientific Linux 6 did not support yum-plugin-security as of late 2011. It does ship with /etc/cron.daily/yum-autoupdate, which updates RPMs daily. I don't think this handles Security Updates only, however. CentOS does not support yum-plugin-security. I monitor the CentOS and Scientific Linux mailinglists for updates, but this is tedious and I want something which can be automated. For those of us who maintain CentOS and SL systems, are there any tools which can: Automatically (Progamatically, via cron) inform us if there are known vulnerabilities with my current RPMs. Optionally, automatically install the minimum upgrade required to address a security vulnerability, which would probably be yum update-minimal --security on the commandline? I have considered using yum-plugin-changelog to print out the changelog for each package, and then parse the output for certain strings. Are there any tools which do this already?

  Read the article

• Compact representation of GUID/UUID?

  - by chakrit

  I need to generate a GUID and save it via a string representation. The string representation should be as short as possible as it will be used as part of an already-long URL string. Right now, instead of using the normal abcd-efgh-... representation, I use the raw bytes generated and base64-encode them instead, which results in a somewhat shorter string. But is it possible to make it even shorter? I'm OK with losing some degree of uniqueness and keeping a counter, but scanning all existing keys is not an option. Suggestions?

  Read the article

• jQuery ajax in DotNetNuke preserving user authentication

  - by Michael Bradley

  I want to use jQuery's ajax functionality in a DotNetNuke module I'm developing. I want the ajax call to be authenticated via DNN's membership functionality. I want the ajax response as json. How can I do this? I've looked at IWeb and IWebCF -- it's not clear to me from much Googleing and scanning the forums whether these modules would allow me to create a web service that would accept a simple post request and return json (seems like they want to do it the ASP.NET AJAX way with a generated proxy, I'd prefer to just use jQuery's AJAX call functionality). Seems you can't create a simple webmethod in a DNN module (since they are developed as User Controls (.ascx)). I could deploy an .asmx file with module, but that won't leverage DNN's authentication system. Ideas? I'm currently developing against DNN 4.9.5

  Read the article

• GWT 2.X No resource found for key

  - by Han Fastolfe

  I've developed a GWT app using i18n internationalization. In Host/Dev mode it works fine, but launching GWT compile gives this error: No resource found for key xxx, like below. Compiling module ...rte.RTE Scanning for additional dependencies: file:/home/.../client/i18n/RTEValidationMessages.java Computing all possible rebind results for '...client.i18n.RTEMessages' Rebinding ...client.i18n.RTEMessages Invoking com.google.gwt.dev.javac.StandardGeneratorContext@e7dfd0 Processing interface ...client.i18n.RTEMessages Generating method body for txtIndirizzo3() [ERROR] No resource found for key 'txtIndirizzo3' Messages are loaded with late binding. public class RTEValidationMessages { private RTEMessages additionalMessages; public RTEValidationMessages() { additionalMessages = GWT.create(RTEMessages.class); } } Deleting the method which gives the error, results in another random method with error, say not the method before or after in the interface ...client.i18n.RTEMessages. Help is greatly appreciated.

  Read the article

• A possible case of hacked email account. What kind of an attack is this?

  - by Rickesh John

  I own a Yahoo mail account. I am using this account for sending resumes and receive notifications from various job portals. But yesterday, I found that some 10-15 mails had been sent to random addresses from my account. Most of them had this format: hr@<companyname>.com I am pretty sure that I didn't send any mails to such addresses. Initially, I thought the job portals may be sending mails on my behalf and Yahoo is logging them, but then I saw the contents. The contents of all those mails were a URL, which I did not click. SCARED. Also, to top it off, my "Sending Name" has been changed to 'Nice Maria'!! o_0 I have taken the necessary measures and changed my password and the secret question. I cannot delete this account as this email is registered with all the job portals and other companies. Is this a simple case of my account being compromised or was I a victim of some web vulnerability? All the mails seem to be bot generated, with only a URL as the message body. Please advice.

  Read the article

• Permission Problem While Installing Module With CPAN

  - by neversaint

  I tried to following module using CPAN, but the message I get is the "I have neither the -x permission ..." . How can I resolve that? cpan[3]> install List::MoreUtils is it OK to try to connect to the Internet? [yes] Fetching with LWP: http://www.perl.org/CPAN/authors/id/V/VP/VPARSEVAL/List-MoreUtils-0.22.tar.gz CPAN: Digest::SHA loaded ok (v5.48) Fetching with LWP: http://www.perl.org/CPAN/authors/id/V/VP/VPARSEVAL/CHECKSUMS Checksum for /home/ewijaya/.cpan/sources/authors/id/V/VP/VPARSEVAL/List-MoreUtils-0.22.tar.gz ok Scanning cache /home/neversaint/.cpan/build for sizes .....I have neither the -x permission nor the permission to change the permission; cannot estimate disk usage of '/home/neversaint/.cpan/build/Module-Build-0.3607-Kvb1Vq' .I have neither the -x permission nor the permission to change the permission; cannot estimate disk usage of '/home/neversaint/.cpan/build/ExtUtils-ParseXS-2.2205-zuX4x2' ^CCaught SIGINT, trying to continue

  Read the article

• Is there a jdbc driver for SQL Server that can search for database instances on network?

  - by djangofan

  Is there a jdbc driver for SQL Server that can search for database instances on network? Just wanting to emulate "OSQL -L" from the JDBC driver. Dont want to have to call OSQL from JNI or something. I also don't want to have to write my own code for scanning a UDP port. I want my Java application to be able to search for live SQL Servers and prompt me with a list of available servers. Isn't this a reasonable expectation for a JDBC driver? OSQL.exe can do it and so why not the JDBC driver?

  Read the article

• USB interface barcode scanners

  - by Nimbuz

  Not exactly a programming question, but close. I'll try my luck anyway. The keyboard wedge barcode scanner inserts the translation device between the reader and the keyboard. Data sent through a wedge appears as if it was typed into the computer, while the keyboard itself remains fully functional. Because a computer using a keyboard wedge can't tell the difference between data that is entered by a scanning device, or data that is entered by keyboard typing, a wedge can be used to easily add barcode reading capability to an existing computer without modifying software applications. I'd like to know if all USB interface barcode scanners automatically translate digital signals from a barcode reader into keyboard strokes for a applications just like wedge or is USB different from wedge? Many thanks

  Read the article

• Comparing datafeeds from different networks (Affiliate Marketing)

  - by Logistetica

  Hi, I am working on integrating affiliate sales into few existing sites. We are using a few merchants who work via different networks (cj, shareasale, linkshare, avantlink). Now my observation is that all these networks provide data feeds in different formats. But that's not a big problem. My main concern is actually merchants using different titles on same products. I don't want to run into these situations: a) two listings of the SAME product from N merchants (if titles are just a bit different) b) one listing of N different products from merchants (if we don't use strict comparison algorithm) We want to automate everything as much as possible, want to avoid operators scanning listings under question all the time. How is this problem typically handled?

  Read the article

• Why does Perl complain about "Unsuccessful stat on filename containing newline"?

  - by Daniel

  Hello, I am getting an error I do not understand. I am using File:Find to recurse a fylesystem on Windows using Activestate Perl 5.8.8 and trying to stat $File::Find::name; so I am not stat-ing a filename got from a text file scanning requiring chomp-ing or newline removing. I was unable to get file modification time, the mtime in: my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) = stat($File::Find::name); so trying a -s $File::Find::name gives me the error: Unsuccessful stat on filename containing newline A typical file name found is F01-01-10 Num 0-00000.pdf but I get the same error even renaming in E02.pdf

  Read the article

• Better way to write this regex to match multi-ordered property list?

  - by Andrew Philips

  I've been whacking on this regex for a while, trying to build something that can pick out multiple ordered property values (DTSTART, DTEND, SUMMARY) from an .ics file. I have other options (like reading one line at a time and scanning), but wanted to build a single regex that can handle the whole thing. SAMPLE PERL # There has got to be a better way... my $x1 = '(?:^DTSTART[^\:]*:(?<dts>.*?)$)'; my $x2 = '(?:^DTEND[^\:]*:(?<dte>.*?)$)'; my $x3 = '(?:^SUMMARY[^\:]*:(?<dtn>.*?)$)'; my $fmt = "$x1.*$x2.*$x3|$x1.*$x3.*$x2|$x2.*$x1.*$x3|$x2.*$x3.*$x1|$x3.*$x1.*$x2|$x3.*$x2.*$x1"; if ($evts[1] =~ /$fmt/smo) { printf "lines:\n==>\n%s\n==>\n%s\n==>\n%s\n", $+{dts}, $+{dte}, $+{dtn}; } else { print "Failed.\n"; } SAMPLE DATA BEGIN:VEVENT UID:0A5ECBC3-CAFB-4CCE-91E3-247DF6C6652A TRANSP:OPAQUE SUMMARY:Gandalf_flinger1 DTEND:20071127T170005 DTSTART,lang=en_us:20071127T103000 DTSTAMP:20100325T003424Z X-APPLE-EWS-BUSYSTATUS:BUSY SEQUENCE:0 END:VEVENT SAMPLE OUTPUT lines: == 20071127T103000 == 20071127T170005 == Gandalf_flinger1

  Read the article

• How to ignore/prevent javadoc folder from validation during Eclipse Build?

  - by h2g2java

  In my war is a huge javadoc folder. There is no point in validating it since javadocs are produced by Sun(Oracle) javadoc utility. I have forgotten how I did it the last time. I need to tell Eclipse build not to validate that particular folder. Reasons why I need it: 1. the html produced by Sun javadoc generation utility does not meet the requirement that Eclipse uses - there is a bug report in Eclipse but Eclipse responds that Sun javadoc generator non-compliance is not their fault and that Eclipse intends to stick to their strict compliance. Which results in lots of html errors listed in the problems tab. 2. the javadoc folder is a remote link and high activity on that link is using up my cpu resource, and because it is a link to a remote location, that cpu high activity is sustained for long time until it finishes scanning the whole 35MB javadocs. Thanks - need help.

  Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >