Search Results

Search found 16163 results on 647 pages for 'advanced security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 31/647 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

  • What Can We Learn About Software Security by Going to the Gym

    - by Nick Harrison
    There was a recent rash of car break-ins at the gym. Not an epidemic by any stretch, probably 4 or 5, but still... My gym used to allow you to hang your keys from a peg board at the front desk. This way you could come to the gym dressed to work out, lock your valuables in your car, and not have anything to worry about. Ignorance is bliss. The problem was that anyone who wanted to could go pick up your car keys, click the unlock button and find your car. Once there, they could rummage through your stuff and then walk back in and finish their workout as if nothing had happened. The people doing this were a little smatter then the average thief and would swipe some but not all of your cash leaving everything else in place. Most thieves would steal the whole car and be busted more quickly. The victims were unaware that anything had happened for several days. Fortunately, once the victims realized what had happened, the gym was still able to pull security tapes and find out who was misbehaving. All of the bad guys were busted, and everyone can now breathe a sigh of relieve. It is once again safe to go to the gym. Except there was still a fundamental problem. Putting your keys on a peg board by the front door is just asking for bad things to happen. One person got busted exploiting this security flaw. Others can still be exploiting it. In fact, others may well have been exploiting it and simply never got caught. How long would it take you to realize that $10 was missing from your wallet, if everything else was there? How would you even know when it went missing? Would you go to the front desk and even bother to ask them to review security tapes if you were only missing a small amount. Once highlighted, it is easy to see how commonly such vulnerability may have been exploited. So the gym did the very reasonable precaution of removing the peg board. To me the most shocking part of this story is the resulting uproar from gym members losing the convenient key peg. How dare they remove the trusted peg board? How can I work out now, I have to carry my keys from machine to machine? How can I enjoy my workout with this added inconvenience? This all happened a couple of weeks ago, and some people are still complaining. In light of the recent high profile hacking, there are a couple of parallels that can be drawn. Many web sites are riddled with vulnerabilities are crazy and easily exploitable as leaving your car keys by the front door while you work out. No one ever considered thanking the people who were swiping these keys for pointing out the vulnerability. Without a hesitation, they had their gym memberships revoked and are awaiting prosecution. The gym did recognize the vulnerability for what it is, and closed up that attack vector. What can we learn from this? Monitoring and logging will not prevent a crime but they will allow us to identify that a crime took place and may help track down who did it. Once we find a security weakness, we need to eliminate it. We may never identify and eliminate all security weaknesses, but we cannot allow well known vulnerabilities to persist in our system. In our case, we are not likely to meet resistance from end users. We are more likely to meet resistance from stake holders, product owners, keeper of schedules and budgets. We may meet resistance from integration partners, co workers, and third party vendors. Regardless of the source, we will see resistance, but the weakness needs to be dealt with. There is no need to glorify a cracker for bringing to light a security weakness. Regardless of their claimed motives, they are not heroes. There is also no point in wasting time defending weaknesses once they are identified. Deal with the weakness and move on. In may be embarrassing to find security weaknesses in our systems, but it is even more embarrassing to continue ignoring them. Even if it is unpopular, we need to seek out security weaknesses and eliminate them when we find them. http://www.sans.org has put together the Common Weakness Enumeration http://cwe.mitre.org/ which lists out common weaknesses. The site navigation takes a little getting used to, but there is a treasure trove here. Here is the detail page for SQL Injection. It clearly states how this can be exploited, in case anyone doubts that the weakness should be taken seriously, and more importantly how to mitigate the risk.

    Read the article

  • Creating advanced website by redirecting and replacing content from Google Sites

    - by David
    I would like to create a corporate website with members area. Importantly, I want many novice webadmins to be able to modify static content themselves. Therefore, I got the idea to create the site using Google Sites and insert elements with width and height in places where I want dynamic content. The website would be read using PHP on a different server and the marker elements would be replaced with dynamic content created by PHP. What would be the drawbacks of this approach?

    Read the article

  • Is there a point to using theft tracking software like Prey on my laptop, if you have login security?

    - by Reckage
    Hey, so I have a Thinkpad that I use in a variety of places (coffee shops, work, etc.). I don't generally abandon it, but I figure there's a chance I might get careless and it gets stolen at some point. I was thinking of installing something like Prey (http://preyproject.com/), but my OS installs are password secured, and on top of that, I have a fingerprint reader that you need just to get through the BIOS. So: is there actually any benefit to setting up software that tracks the laptop's whereabouts? I imagine that either: The laptop won't boot or login, if the thief doesn't get past the security. If the thief goes around said security somehow, presumably they've split the laptop for parts or bypassed BIOS security, gotten stuck on Windows security and formatted it. Given that it's highly unlikely that the thief would go to the trouble, what's the utility in installing laptop tracking software like Prey?

    Read the article

  • Form Validation, Dependant Drop Downs, Data Level Security in OWS for DotNetNuke - 5 Videos

    In this tutorial we demonstrate some very advanced techniques for building a car parts application in Open Web Studio. Throughout the tutorial we cover form input, validation, how to use dependant drop down lists, populating checkbox lists and introduce a new concept of data level security. Data level security allows you to control which data a user can access within a module. The videos contain: Video 1 - How to Setup Form Validation Video 2 - Car Parts Application, Assigning Security Roles into a Global Session Variable Video 3 - How to Build the Categories Module with Data Level Security Video 4 - How to Build the SubCategories Module and Use SubQuery Video 5 - How to Build the Car Parts List Module Total Time Length: 44min 19secsDid you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Advanced Analytics Oracle Data Mining - NEW 2-Day Training Course

    - by Mike.Hallett(at)Oracle-BI&EPM
    A NEW 2-Day Oracle University (OU) Instructor Led Course on Oracle Data Mining has been developed for partners and customers to learn more about data mining, predictive analytics and knowledge discovery inside the Oracle Database. Oracle Data Mining, provides data mining algorithms that run native for high performance in-database model building and model deployment. This OU course is a great way to learn the advantages and benefits of "big data analytics"; mining data, building and deploying "predictive analytics" all inside the Oracle Database and to work with OBI. To register for a class, click here, then click on View Schedule to see the latest scheduled classes and/or submit your information expressing interest in attending a class.

    Read the article

  • Vermont IT Jobs: Sr. Security Analyst in Montpelier

    Senior Security Analyst Summary This position is responsible for advancing the Information Systems program within the company by assisting the Chief Information Security Officer (CISO) to plan, develop, and monitor administrative, physical, and technical safeguards for the companys Information Assets. Key Responsibilities Under Direction of CISO, establish  and maintain company-wide information security policies, standards and procedures Manage the Information Security Program Office...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Unleash Oracle Premier Support's Advanced Proactive Capabilities

    - by swalker
    Where do you go to solve technical problems? Better yet, where do you find out how to prevent them? Oracle Premier Support's proactive capability portfolio can help you prevent, resolve, and upgrade. Join thousands of Oracle customers and partners who are already taking advantage of proactive support. Are You Ready To Get Proactive? Bookmark the proactive capabilities portfolio and start exploring Oracle Premier Support's proactive support capabilities. Search "Get Proactive" in My Oracle Support to view the knowledge, tools and communities available through product specific pages. Act now to get started! Questions? Contact Oracle’s "Get Proactive" team today.

    Read the article

  • Report: 8 Advanced OpenOffice.org Add-ons

    OpenOffice is the best cross-platform office productivity suite, but it misses a few popular features like a clipart gallery, Google Docs integration, PDF import, and more than basic templates. But they're out there if you know where to look, and Eric Geier shows the way.

    Read the article

  • Ubuntu 13.10 Security Key

    - by Toby J
    I was attempting to install Ubuntu 13.10 today and it came up with a screen asking for me to setup a security key. In the first place, I'm not sure what a security key is, but It said I would have to enter it everytime I booted Ubuntu so I assume it's the same thing as a logon password in Windows 8. Is there anyway I can bypass this step without setting up a security key or logon password? I hate these things and have always avoided them in Windows. I don't need them as there is never anyone but myself and my wife on our computers. We are retired, no children or nieces, nephews, friends, etc. who ever use our computer and we don't have any security information such as SS #, etc. on it. Also, I quit the installation at this point but I was not seeing any of the screen prompts as listed in the setup instructions on the Ubuntu website. Has the setup for Ubuntu 13.10 changed since these instructions were written? Thanks

    Read the article

  • 8 Advanced OpenOffice.org Add-ons

    <b>Linux Planet:</b> "OpenOffice is the best cross-platform office productivity suite, but it misses a few popular features like a clipart gallery, Google Docs integration, PDF import, and more than basic templates. But they're out there if you know where to look, and Eric Geier shows the way."

    Read the article

  • Security Access Control With Solaris Virtualization

    - by Thierry Manfe-Oracle
    Numerous Solaris customers consolidate multiple applications or servers on a single platform. The resulting configuration consists of many environments hosted on a single infrastructure and security constraints sometimes exist between these environments. Recently, a customer consolidated many virtual machines belonging to both their Intranet and Extranet on a pair of SPARC Solaris servers interconnected through Infiniband. Virtual Machines were mapped to Solaris Zones and one security constraint was to prevent SSH connections between the Intranet and the Extranet. This case study gives us the opportunity to understand how the Oracle Solaris Network Virtualization Technology —a.k.a. Project Crossbow— can be used to control outbound traffic from Solaris Zones. Solaris Zones from both the Intranet and Extranet use an Infiniband network to access a ZFS Storage Appliance that exports NFS shares. Solaris global zones on both SPARC servers mount iSCSI LU exported by the Storage Appliance.  Non-global zones are installed on these iSCSI LU. With no security hardening, if an Extranet zone gets compromised, the attacker could try to use the Storage Appliance as a gateway to the Intranet zones, or even worse, to the global zones as all the zones are reachable from this node. One solution consists in using Solaris Network Virtualization Technology to stop outbound SSH traffic from the Solaris Zones. The virtualized network stack provides per-network link flows. A flow classifies network traffic on a specific link. As an example, on the network link used by a Solaris Zone to connect to the Infiniband, a flow can be created for TCP traffic on port 22, thereby a flow for the ssh traffic. A bandwidth can be specified for that flow and, if set to zero, the traffic is blocked. Last but not least, flows are created from the global zone, which means that even with root privileges in a Solaris zone an attacker cannot disable or delete a flow. With the flow approach, the outbound traffic of a Solaris zone is controlled from outside the zone. Schema 1 describes the new network setting once the security has been put in place. Here are the instructions to create a Crossbow flow as used in Schema 1 : (GZ)# zoneadm -z zonename halt ...halts the Solaris Zone. (GZ)# flowadm add-flow -l iblink -a transport=TCP,remote_port=22 -p maxbw=0 sshFilter  ...creates a flow on the IB partition "iblink" used by the zone to connect to the Infiniband.  This IB partition can be identified by intersecting the output of the commands 'zonecfg -z zonename info net' and 'dladm show-part'.  The flow is created on port 22, for the TCP traffic with a zero maximum bandwidth.  The name given to the flow is "sshFilter". (GZ)# zoneadm -z zonename boot  ...restarts the Solaris zone now that the flow is in place.Solaris Zones and Solaris Network Virtualization enable SSH access control on Infiniband (and on Ethernet) without the extra cost of a firewall. With this approach, no change is required on the Infiniband switch. All the security enforcements are put in place at the Solaris level, minimizing the impact on the overall infrastructure. The Crossbow flows come in addition to many other security controls available with Oracle Solaris such as IPFilter and Role Based Access Control, and that can be used to tackle security challenges.

    Read the article

  • OpenWorld - Database Security Demonstrations in Moscone South Left

    - by Troy Kitch
    All this week, Oracle security experts will be giving live product demos of Oracle Database Security solutions in Moscone South Left, in the Oracle DEMOgrounds for "database." Demonstrations include Oracle Database Defense-in-Depth Security, Database Application Data Redaction, Transparent Data Encryption, Oracle Audit Vault and Database Firewall, Data Masking and Data Subsetting. Don't miss it!

    Read the article

  • Advanced subversion techniques, what am I missing?

    - by Derek Adair
    I started using SVN about 9 months ago and it's been a game changer to say the least. Although, I feel I'm still a bit lost. I feel like there is a lot more I need to take advantage of to really step up my application development. For example I would like to be able to quarantine any volatile/major changes into some kind of 'sub-repository' or something. I'm finding that major changes are impeding minor bug fixes that are quite urgent. How can I push one simple update without pushing incomplete or broken code?

    Read the article

  • Advanced Charts Part I

    - by Tim Dexter
    Yeeeep! Another series looms ... this one could stretch out a bit and more options become available. Ever needed to generate something similar to these? Beyond what BIP can provide today but there are a few options; one from Oracle and R, now out in the wild and another out there from JFreeChart, open source and therefore almost free. Of course Google is ever present and they have been extending their chart support. I blogged the How for Google charts a while back here. Different ways to integrate but they can all help to close the charting gap for you.

    Read the article

  • Security Alert for CVE-2012-4681 Released

    - by Eric P. Maurice
    Hi, this is Eric Maurice again! Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software. Vulnerabilities CVE-2012-4681, CVE-2012-1682, and CVE-2012-3136 have each received a CVSS Base Score of 10.0.  This score assumes that the affected users have administrative privileges, as is typical in Windows XP.  Vulnerability CVE-20120-0547 has received a CVSS Base Score of 0.0 because this vulnerability is not directly exploitable in typical user deployments, but Oracle has issued a security-in-depth fix for this issue as it can be used in conjunction with other vulnerabilities to significantly increase the overall impact of a successful exploit. If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system.  Note that this malware may in some instances be detected by current antivirus signatures upon its installation.  Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible.  Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.    Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html   Java users should download the latest release of JRE at http://java.com, and of course   Windows users can take advantage of the Java Automatic Update to get the latest release. For more information: The Advisory for Security Alert CVE-2012-4681 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html  Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp    Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml   

    Read the article

  • Easy QueryBuilder - A User-Friendly Ad-Hoc Advanced Search Solution

    Constructing an easy and powerful QueryBuilder interface becomes more important for complex data grid filtering and accurate reporting services. In this article, I'll discuss how to build a query search engine using ASP.NET AJAX and dynamic SQL. The main goal is to provide an interactive interface to allow users select query attributes, operators, attribute values, and T-SQL operators so that the data context query list can be easily composed and a search engine is invoked.

    Read the article

  • Easy QueryBuilder - A User-Friendly Ad-Hoc Advanced Search Solution

    Constructing an easy and powerful QueryBuilder interface becomes more important for complex data grid filtering and accurate reporting services. In this article, I'll discuss how to build a query search engine using ASP.NET AJAX and dynamic SQL. The main goal is to provide an interactive interface to allow users select query attributes, operators, attribute values, and T-SQL operators so that the data context query list can be easily composed and a search engine is invoked.Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >