Search Results

Search found 18805 results on 753 pages for 'security center'.

Page 36/753 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43 | Next Page >

Looking for resources to explain a security risk.

- by Dave

I've a developer which has given users the ability to download a zip archive which contains an html document which references a relative javascript file and flash document. The flash document accepts as one of it's parameters a url which is embedded in the html document. I believe that this archive is meant to be used as a means to transfer an advertisement to someone who would use the source to display the ad on their site, however the end user appears to want to view it locally. When one opens the html document the flash document is presented and when the user clicks on the flash document it redirects to this embedded url. However, if one extracts the archive on the desktop and opens the html document in a browser and clicks the flash object, nothing observable happens, they will not be redirected to the external url. I believe this is a security risk because one is transferring from the local computer zone to an external zone. I'm trying to determine the best way to explain this security risk in the simplest of terms to a very end user. They simply believe it's "broken" when it's not broken, they're being protected from a known vulnerability. The developer attempted to explain how to copy the files to a local iis instance, which I highly doubt is running on the users machine, and I do not consider this to be a viable explanation.

Read the article
Security considerations processing emails

- by Timmy O' Tool

I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

Read the article
How do I remove a root kit from Windows XP?

- by Chloe

I was looking for root kits following these instructions http://computersight.com/software/how-to-manually-remove-rootkit/ and saw this in my boot log: Loaded driver \SystemRoot\System32\Drivers\awhk9fmc.SYS I tried to search for that filename in Google but there was absolutely nothing found. I tried to look at the file on the disk but could not find it. Nearly every other file is there. I even tried to boot in Windows 98 and mount the NTFS and see the file, but it still wasn't there. I ran a full scan with Microsoft Security Essentials but it found nothing. When I rebooted, I saw this line instead: Loaded driver \SystemRoot\System32\Drivers\a6n163gl.SYS How can I remove this? How can I find out what it does? How can I find out when it was put in? How can I find out who wrote it? Here is my full boot log: Service Pack 3 10 31 2012 17:35:36.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver MpFilter.sys Loaded driver KSecDD.sys Loaded driver WudfPf.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver uagp35.sys Loaded driver Mup.sys Loaded driver \SystemRoot\system32\DRIVERS\amdk7.sys Loaded driver \SystemRoot\system32\DRIVERS\sisgrp.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\drivers\cmuda.sys Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\sisnicxp.sys Loaded driver \SystemRoot\System32\Drivers\avzk9sf5.SYS Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\gameenum.sys Loaded driver \SystemRoot\system32\DRIVERS\serscan.sys Loaded driver \SystemRoot\system32\drivers\DrmCAudio.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\tap0901.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\dtsoftbus01.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\srvkp.sys Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\system32\DRIVERS\ctxusbm.sys Loaded driver \??\C:\WINDOWS\system32\drivers\cbfs3.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Did not load driver \SystemRoot\System32\Drivers\StarOpen.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

Read the article
Can't install software by terminal

- by behnam mohammadi

I don't know what packages i have installed that i no longer can get and install packages in terminal. e.g. when trying to install Prozgui, i got this error: Traceback (most recent call last): File "/usr/bin/add-apt-repository", line 60, in <module> sp = SoftwareProperties() File "/usr/lib/python2.7/dist-packages/softwareproperties/SoftwareProperties.py", line 90, in __init__ self.reload_sourceslist() File "/usr/lib/python2.7/dist-packages/softwareproperties/SoftwareProperties.py", line 538, in reload_sourceslist self.distro.get_sources(self.sourceslist) File "/usr/lib/python2.7/dist-packages/aptsources/distro.py", line 91, in get_sources raise NoDistroTemplateException("Error: could not find a " aptsources.distro.NoDistroTemplateException: Error: could not find a distribution template and it happens for all others too. Plus, my Software Center has been disabled and doesn't start. I get this error for that too: Traceback (most recent call last): File "/usr/bin/software-center", line 111, in <module> from softwarecenter.app import SoftwareCenterApp File "/usr/share/software-center/softwarecenter/app.py", line 40, in <module> from softwarecenter.db.application import Application, DebFileApplication File "/usr/share/software-center/softwarecenter/db/application.py", line 30, in <module> from softwarecenter.distro import get_distro File "/usr/share/software-center/softwarecenter/distro/__init__.py", line 151, in <module> distro_instance=_get_distro() File "/usr/share/software-center/softwarecenter/distro/__init__.py", line 140, in _get_distro module = __import__(distro_id, globals(), locals(), [], -1) ImportError: No module named OPTIMOS Can anyone please help me with this? Thank you in advance!

Read the article
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

- by ryw

Our ASP/IIS web server talks to a SQL 2005 db server. Eventually, without a pattern, some pages start showing error instead of the page content: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. Rebooting web server resolves it. Anyone know about it?

Read the article
How to set up Mercurial with ssl/security

- by Sam Lee

I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.

Read the article
Web Security: Worst-Case Situation

- by Yongho

I currently have built a system that checks user IP, browser, and a random-string cookie to determine if he is an admin. In the worst case, someone steals my cookie, uses the same browser I do, and masks his IP to appear as mine. Is there another layer of security I should add onto my script to make it more secure?

Read the article
MySQL - connection and security

- by Phil Jackson

Hi, I was wondering if someone could tell me if there is any potential security breeches that could occur by connecting to a sql database that does not reside at 'localhost' i.e. via ip address? Regards, Phil

Read the article
Relative connection string to AzMan XML store when using security application block

- by David Hall

Is it possible to specify a relative connection string for an AzMan XML store? My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store. MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error. EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.

Read the article
Error: java.security.AccessControlException: Access denied

- by RMD

Hi, I have to connect to a https url with username and password to read a file. I am not able to connect to the server (see the error log below). I do not have much java experience so I need help with this code. I would really appreciate some help to solve this! Thank you. Raquel CODE: import lotus.domino.; import java.net.; import java.io.*; import javax.net.ssl.HttpsURLConnection; public class JavaAgent extends AgentBase { public void NotesMain() { try { String username = "123"; String password = "456"; String input = username + ":" + password; String encoding = new sun.misc.BASE64Encoder().encode (input.getBytes()); //Open the URL and read the text into a Buffer String urlName = "https://server.org/Export.mvc/GetMeetings?modifiedSince=4/9/2010"; URL url = new URL(urlName); HttpsURLConnection connection = (HttpsURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); connection.setRequestProperty("Content-Length", String.valueOf (encoding.length())); connection.setUseCaches(false); connection.setDoInput(true); connection.setDoOutput(true); connection.setAllowUserInteraction(true); connection.setRequestProperty("Authorization", "Basic " + encoding); connection.setRequestProperty("Cookie", "LocationCode=Geneva"); connection.connect(); BufferedReader rd = null; try{ rd = new BufferedReader(new InputStreamReader(connection.getInputStream())); } catch (IOException e) { System.out.println("Read failed"); System.exit(-1); } String line; while((line = rd.readLine()) != null) { System.out.println(line.toString()); } rd.close(); connection.disconnect(); } catch(Exception e) { e.printStackTrace(); } } } LOG: java.security.AccessControlException: Access denied (java.lang.RuntimePermission exitVM.-1) at java.security.AccessController.checkPermission(AccessController.java:108) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at COM.ibm.JEmpower.applet.AppletSecurity.superDotCheckPermission(AppletSecurity.java:1449) at COM.ibm.JEmpower.applet.AppletSecurity.checkRuntimePermission(AppletSecurity.java:1311) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1611) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1464) at java.lang.SecurityManager.checkExit(SecurityManager.java:744) at java.lang.Runtime.exit(Runtime.java:99) at java.lang.System.exit(System.java:275) at JavaAgent.NotesMain(Unknown Source) at lotus.domino.AgentBase.runNotes(Unknown Source) at lotus.domino.NotesThread.run(Unknown Source)

Read the article
Configuring security in ASP.NET MVC at runtime

- by Andrew

Is it possible to have security in ASP.NET MVC configurable at runtime? For example, if I have a controller that has been marked as [Authorize(Roles="Admin")] Is there a way to add/remove roles at runtime? Or, do you have to change it in code and re-compile?

Read the article
Handling form security

- by Harun Baris Bulut

So how do you maintain the form security about posting data to different page problem? For instance you have a member and he/she tries to change the personal settings and you redirected member to www.domain.com/member/change/member_id member changed the values and post the data to another page by changing the action with firebug or something else. For instance www.domain.com/member/change/member_id_2 How do you handle this problem without using sessions?

Read the article
Which Secure Software Development Practices do you Employ?

- by Michael Howard-MSFT

I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ask for more information about what we're doing. But what I'd like to know is: 1) What are you doing within your organization to help improve the security of your product? 2) What works? What doesn't work? 3) How did you get management to agree to this work? Thanks.

Read the article
How To Save Spring Security Logged In User In Session

- by Brad Rhoads

This code get's the currently logged in user, using the Spring Security Plugin (acegi): def principalInfo = authenticateService.principal() def person = null if (principalInfo != "anonymousUser" && principalInfo.username) { person = Person.findByUsername(principalInfo.username) } I would like then do: session.user = person This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

Read the article
Grails + Spring Security one field login

- by Miguel

Hi all Is it possible, using spring security plugin 0.5.3 with Grails 1.2.1, to authenticate a user using only one field? I mean, for example, making j_username and j_password fields in the authentication form equal previous to the authentication. I read it was possible to define j_username field in Config.groovy with acegi plugin, in older versions of the plugin. Now it uses SecurityConfig.groovy but the possibility of defining the field exists no more. Any ideas?? Thanks a lot, Miguel

Read the article
Mobile security solutions

- by techzen

What are the mobile security solutions used by you / your organization. What are the pro's and cons of usage of these solution - and how far have you been successful in implementing these - were there any loopholes / issues faced in using them?. In general, can you suggest a set of guidelines to watch for when going for going for selecting a specific solution in this context.

Read the article
Accessing Spring Security User Details from within Mule Services

- by user299222

We're securing Mule services using the Spring Security Framework, and some of the services need to access some information in the UserDetails object. Is there a way to access this object from within a Mule service? Thanks, Dennis

Read the article
Security of executing a command from php

- by Nicolò Martini

I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program). My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check? Thanks in advance.

Read the article
WCF Message Security implementation with custom attributes

- by parag

How can i implement message security in WCF with custom attributes, One way of doing this by UserNamePasswordValidator which accepts user name and password but in my case I have to pass 2 more attribute that is company and region to authenticate the user. Please suggest the solution for achieving this.

Read the article
HTML/JavaScript compation for security.

- by BCS

I just ran across this point that references a security vulnerability in Web Apps that depends on looking at the size of encrypted web pages to deduce what the uses is doing. The simplest solution to this I can think of would be to use a tool to minify all static content so that (after encryption) only a small number of result sizes exist so as to minimize the information available to an eavesdropper. Are there any tools for doing this?

Read the article
Security Suggestions

- by Kumar

I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

Read the article
Spring Security User

- by DD

What is best practise in Spring when creating a new user with custom attributes...to extend org.springframework.security.core.userdetails.User or to create the User in the UserDetailsService (this is the approach taken in the IceFaces tutorial). public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { AppUser user = userDAO.findUser(username); if (user == null) throw new UsernameNotFoundException("User not found: " + username); else { return makeUser(user); } } private User makeUser(AppUser user) { return new User(user.getLogin(), user .getPassword(), true, true, true, true, makeGrantedAuthorities(user)); }

Read the article
Security concerns when bridging programming languages.

- by The Rook

What security concerns are there when you create a hybrid of languages? For instance using python and java code together with jython, or creating a python module from a C++ library. There are other ways of mixing 2 or more languages. Do you know of an example where this creates a vulnerability?

Read the article
Encoding PHP Tags for Security?

- by Abi Noda

Kohana and Codeigniter both have encode_php_tags(). I understand XSS cleaning (for Javascript), but when and why would you use encode_php_tags()? What is the security threat?

Read the article
Using web.config directory security and extensionless urls

- by Matt Brailsford

Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43 | Next Page >