Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 380/596 | < Previous Page | 376 377 378 379 380 381 382 383 384 385 386 387  | Next Page >

• Mozilla Firefox 23 Will Block Mixed SSL Content

  - by Anirudha

  Originally posted on: http://geekswithblogs.net/anirugu/archive/2013/07/03/mozilla-firefox-23-will-block-mixed-ssl-content.aspxIf you have a site which is running on SSL and used content that make non-https request then you need to a bit worried. The default setting of Firefox 23 will block the content that called on non-https address and page is based on SSL. for example script using https://code.jquery.com/jquery-1.10.2.min.js will not work because code.jquery.com can not be reach on https. the cdn ajax.googleapis.com support SSL so you can try it. if you want to disable this settings you can modify it on about:config security.mixed_content.block_active_content change the value true to false and it will be disable (it’s just for example)

  Read the article

• Climbing the hacker ladder

  - by cobie

  This is not a question in which I am asking for opinions rather I am asking for first hand experience. I have been programming in python for quite a while and I feel solid enough in python programming. I can come up with algorithms for problems and implement them but I somehow feel I am stuck with remaining an apprentice. What are some first hand experiences on how to climb up the ladder and become better at programming as in learning about browsers security, compilers etc. Personal experiences would be valued in responses.

  Read the article

• If you had the power to remove one thing in your daily job, what would it be?

  - by Pierre 303

  With nearly 60 answers to this question it's highly likely that your answer has already been posted. Please don't post an answer unless you have something new to say This can be a particular task you find not very useful, a manager behavior, your canteen, some security rule you must comply to, tools they want you to use, commuting, schedules, a customer, a technical problem you encouter all the time, anything, ... please be creative ;) One answer per thing. Explain why. Please vote up on other answers if appropriate.

  Read the article

• How to get KeePass to properly work with Chromium?

  - by Tom

  The two-channel auto-type obfuscation feature of KeePass doesn't work for me with Chromium (on Ubuntu 12.04 64 bits). However, it works just fine with Firefox. Dows anyone know how to fix this? Textboxes in web forms in Chromium seems to have something special that causes this feature to fail. Only some of the username/password characters are being auto-typed. This might be related to this: if I select an entry in KeePass and click "Copy User Name", I can paste it fine with Ctrl+V in any textbox in Firefox, but I can't on Chromium. However, text copied using Ctrl+C from a regular text file (say, from gedit), can be pasted fine on both browsers. What may be wrong? I wouldn't like to deactive this feature for all the entries in my keepass files as I use them on Windows too and they work just fine there (even on Google Chrome for Windows). This feature gives an appreciated extra security measure against spyware/keyloggers.

  Read the article

• Multiple vulnerabilities in Firefox web browser

  - by chandan

  CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3062 Numeric Errors vulnerability 6.8 Firefox web browser Solaris 11 11/11 SRU 9.5 Solaris 10 SPARC: 145080-11 X86: 145081-10 CVE-2012-0467 Denial of service (DoS) vulnerability 10.0 CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0469 Resource Management Errors vulnerability 10.0 CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0473 Numeric Errors vulnerability 5.0 CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3 CVE-2012-0479 Identity spoofing vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

  Read the article

• What You Said: How Do You Set Reminders?

  - by Jason Fitzpatrick

  Earlier this week we asked you to share your favorite tricks for staying on top of your tasks with timely reminders. Now we’re back to highlight some great reader tips (including a bit of software older than some of our readers). Most of us have to-do lists longer than we can do in a given day (or week!) and a constantly changing set of demands and next-actions. Having a timely and effective reminder system is the difference between dropping the ball and getting things done; how exactly that reminder system plays out, however, varied greatly from reader to reader. OJMDC sticks with analog reminders: Sticky notes in the middle of my monitor and in my wallet. I’ve tried my phone apps but I typically disregard them. HTG Explains: Is UPnP a Security Risk? How to Monitor and Control Your Children’s Computer Usage on Windows 8 What Happened to Solitaire and Minesweeper in Windows 8?

  Read the article

• StreamInsight will not push feature releases through Microsoft Update going forward

  - by Roman Schindlauer

  Until now, we've released StreamInsight through the Microsoft Download Center, and also released it out through Microsoft Update. Going forward, we will only release new StreamInsight versions through the Microsoft Download Center and only use MU to release service packs and security fixes (should any be needed). As a result of this decision, we are pulling off the recent StreamInsight 2.1 release from MU; this release is still available in Download Center. Don’t worry: there’s nothing wrong with the versions we’ve shipped in MU, we’ve just adjusted how we use MU. There is no action necessary from our customers as a result of this change, and we are not rolling back any changes to your current installation, so if you have installed StreamInsight 2.1 recently through the Microsoft Update, they will still work fine. Regards, The StreamInsight Team

  Read the article

• deny-uncovered-http-methods in Servlet 3.1

  - by reza_rahman

  Servlet 3.1 is a relatively minor release included in Java EE 7. However, the Java EE foundational API still contains some very important changes. One such set of features are the security enhancements done in Servlet 3.1 such as the new deny-uncovered-http-methods option. Servlet 3.1 co-spec lead Shing Wai Chan outlines the use case for the feature and shows you how to use it in a recent code example driven post. You can also check out the official specification yourself or try things out with the newly released Java EE 7 SDK.

  Read the article

• Android : Facebook collecte vos numéros de téléphone sans votre permission, Norton l'a classé parmi les applications à risque sur la plateforme

  Android : L'application Facebook collecte vos numéros sans votre permission Norton l'a classée parmi les applications à risque sur la plateformeMobile Insight, le nouvel outil d'analyse de risque embarqué dans la mise à jour de Norton Mobile Security sur Android, a marqué d'un drapeau l'application Facebook sur Android. La raison est que l'application envoie automatiquement le numéro de téléphone de l'utilisateur vers les serveurs de Facebook.L'éditeur Symantec va plus loin dans son explication en révélant que l'envoi du numéro de téléphone se fait au premier lancement de l'application, « même avant que vous ne vous connectiez à votre compte Facebook. Vous n'avez pas besoin de fournir votre numéro, de v...

  Read the article

• Best strategy for supporting multiple server communication from iPhone/android app?

  - by tipycalFlow

  I'm making an app that will be used in multiple hospitals in the US. As per HIPAA compliance requirement, every hospital will have its own server that complies with these requirements of ensuring patient data security, etc. Now the task is that the app should communicate with a particular server based on the login info. An additional requirement is that new hospitals(servers) are likely to be added along the way, even after the app is available on the market. So basically, according to some login credentials, the app should communicate with the server of the hospital assigned to that person. One pretty crude way is to set up our own server which links the hospitals with the login info and accordingly, provides a base-url for data exchange. Is there a more efficient way to handle this?

  Read the article

• Package version updates policy

  - by Sandman4

  Not sure if here it's the right place to ask, if not - please point me to the right direction. Let's say there's a package, for the sake of real-world example - bind9. In Precise and in Quantal it's version 9.8.1. The original developer (ISC) currently provide versions 9.8.4 which is a bugfix release in the 9.8 line, and 9.9.2 which is a "new features" branch. It looks like when a security issue is encountered, the specific bugfix is backported into 9.8.1. Now the question: Why maintainers don't just update to the latest bugfix release ? Why to backport only certain patches ? Is it intentionally or just there's no maintaner who would take the effort to update to the latest bugfix release ?

  Read the article

• Alternatives to OAuth?

  - by sdolgy

  The Web industry is shifting / has shifted towards using OAuth when extending API services to external consumers & developers. There is some elegance in simple....and well, the 3-step OAuth process isn't too bad ... i just find it is the best of a bad bunch of options. Are there alternatives out there that could be better, and more secure? The security reference is derived from the following URLs: http://www.infoq.com/news/2010/09/oauth2-bad-for-web http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/

  Read the article

• Startup value for Win7

  - by Mike

  Problem at a glance: For Win 7, Ubuntu One changes the startup value to enabled whenever I run it More Details: If I change the startup value in: Control Panel System and Security Administrative Tools System Configuration Startup to disabled for Ubuntu One (since I don't want it to start when I log on), it succesfully stops Ubuntu One from starting at logon However, if I start the Ubuntu One manually, it changes the above startup value to enabled. Is there a way to prevent Ubuntu One from changing its startup value? I want it to stay disabled. I haven't found anything relevant in Ubuntu One's settings dialog.

  Read the article

• Development methodology for single web developer?

  - by CaseTA

  I'm a web developer who mostly works with the LAMP stack when it comes to my own projects. Most of the time I just start coding on a project and fixing bugs and adding features as I go along. Often I'll try to use an existing solution such as Wordpress or Drupal. Now that I'm thinking of creating my own web application with businesses as the target group, I feel there's a need for proper analysis and design. Something lightweight for a one person project and still solid enough to handle requirements, user interfaces, security, etc. If you could recommend methodologies and literature I would be grateful.

  Read the article

• Prevent product key from being used on multiple virtual machines

  - by Nahum Litvin

  I have a software product. it will probably run on VMs that have no network connection at all. I want the user to pay for each VM the user runs. I thought to ask the user for some kind of hardware ID and provide him with serial that is unique for his machine. But user can just copy the VM image and than have two machines running? So I thought of having a security dongle. But how can I prevent user from running two VM's on the same machine both connected to the same dongle? This should be only basic defense so that actual hacking will be required to breach the license and not only spinning one more VM.

  Read the article

• Are there good replacements for client-side java in web programming? [closed]

  - by varesa

  Now since the latest java exploit, and many others in the past, people are again recommended to get rid of java on their computers for good. I, as a java web applications developer, am think about possible alternatives. Many seem to have gotten rid of java, so I would not like to develop for an environmet, that users do not have on their computers, and that they are not willing to install for security reasons. Are there any other real options that HTML5 + JS? (Don't take me wrong about not wanting HTML5+JS, I just want to know the options)

  Read the article

• La France peu exposée à la cyber-criminalité d'après un rapport de Microsoft qui pousse à migrer ver

  La France est peu exposée à la cybercriminalité Et Windows 7 serait beaucoup moins perméable aux attaques, selon Microsoft Microsoft vient de publier la 8ème édition de son rapport semestriel sur la sécurité : le SIR (pour Security Intelligence Report). D'après ce rapport, les pirates ont adapté leurs techniques pour être plus efficaces sur différents types de cibles. Par exemple, les réseaux d'entreprise sont davantage sensibles aux vers alors que les « systèmes à domicile » sont plus soumis à des attaques sous forme de fausses loteries (9% des spams filtrés contre 4 % sur le premier semestre) ou par des logiciels malveillants comme les faux anti-virus, les Botnets ou les manipula...

  Read the article

• https (SSL) instead of http

  - by user1332729

  I am building myself a new website, out of privacy and security concerns I am contemplating trying to make it https only. It will be mobile-friendly using media queries but I am concerned--especially for mobile users--about the increased bandwidth. How much will doing so increase my bandwidth or slow load times? For pages where I'm not transferring sensitive information, should I leave external links (to a jQuery library, or a web font for instance) in http? Simply put, I have read articles saying the entire web would be more secure if everything was SSL but my actual knowledge of implementation is limited to payment gateways and log-in pages and such. I apologize for the open-ended nature of the question but anything, even just simple answers to the specific questions is welcomed.

  Read the article

• Generating SQL Server Test Data with Visual Studio 2010

  As a database developer or tester sometimes you need to have production like data in your environment for your development or testing, but you cannot have the production data because of security and privacy issues. So how you can generate test data or replicate similar data as in production for your development or test environment? Join SQL Backup’s 35,000+ customers to compress and strengthen your backups "SQL Backup will be a REAL boost to any DBA lucky enough to use it." Jonathan Allen. Download a free trial now.

  Read the article

• How to switch from Apache 2.0 Handler to FastCGI on Ubuntu Zend Server?

  - by amoooc

  I can't deploy/manage my Joomla websites On Ubuntu 12.04 Zend Server PHP 5.3.14 due to permissions during Joomla installation/J! extensions installation. All files are unwriteable. Only CHMOD 777 will help but of course it's not resolving the problem due to security issues. I think it's because cgi-fcgi is not shipped with Zend Server (only with Zend Server for Windows) Or maybe there is different solution how to make it work? PHP info on Ubuntu Zend Server Server API: Apache 2.0 Handler PHP Version 5.3.14 Zend Server Community Edition 5.6.0 Server Software Apache/2.2.22 (Ubuntu) Zend Framework 1.12.0 I'm already asked similar question here, but unfortunately without solution yet so Ubuntu Community please advice. I would be grateful for any help. Cheers

  Read the article

• Secure Open Source?

  - by opatachibueze

  I want to make a delicate application of mine (an antivirus actually) open source but I want to have a control on who really obtains the source or not. Preferably they should apply and I or administrators approve their applications. Is there any online platform for this? The main reason for the control/security is to possibly prevent malware makers to easily discover how to bypass the stealth checking methods it utilizes for malware detection. Edit: I am looking for advice - possibly to hear from someone who has done something similar. Thanks!

  Read the article

• Introducing Next-Generation Enterprise Auditing and Database Firewall Platform Webcast, 12/12/12

  - by Troy Kitch

  Join us, December 12 at 10am PT/1pm ET, to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition, this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse. This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode. You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments. Register for the webcast here.

  Read the article

• Sony VAIO wireless card not connecting intel 4965AGN

  - by marcski55

  I'm running a Sony VAIO VGN-CR410E, and recently moved it to Ubuntu from Windows 7. Both my home and work networks (which I maintain) run WPA/WPA2-PSK authentication for security. My wireless network card (intel 4965AGN) will not connect to them unless I am in the same room (kind of defeats the purpose of wireless). The PC is 4 years old and the routers are brand new (last month or so). Had no problems with it with Win7, but Ubuntu just doesn't like the networks. As an IT manager, my laptop needs to work, so any help is appreciated. If this is a duplicate, please let me know of what. I've spent hours searching and nothing has worked. Thanks for your help. (This is my first experience fully relying on Ubuntu). I can see the networks and attempt connection, but it fails authentication. Let me know of any code you need.

  Read the article

• Does anyone have thoughts/experiences on the IT division of Accenture? I just got a job offer from them.

  - by accenturejob

  Hi everyone, this is my first post here. As the title says, I just got a job offer for an entry level Technology Analyst role at Accenture, which is a very large consulting company. I'm a recent college graduate, and this would be my first "real" job out of school. I'm wondering if any of you guys have any experiences/insights/opinions on Accenture as a company, specifically, the Security or IT Strategy divisions of its Technology consulting branch. What do you think of the people there, the management, the clients, etc? Thanks a lot; hopefully this will help me make a decision.

  Read the article

• Open a popup window from Silverlight

  - by Emanuele Bartolesi

  Silverlight has a method called HtmlPage.PopupWindow() that opens new web browser window with a specific page. You can find this method in the namespace System.Windows.Browser. If you haven’t in your project, add a reference to System.Windows.Browser. The method HtmlPage.PopupWindow() has three parameters: Uri – location to browse String – the target window HtmlPopupWindowOptions – a class with the window options (full list of properties http://msdn.microsoft.com/en-us/library/system.windows.browser.htmlpopupwindowoptions(v=vs.95).aspx) For a security reason of Silverlight the call to HtmlPage.PopupWindow() is allowed through any user input like a button, hyperlink, etc. The code is very simple: var options = new HtmlPopupWindowOptions {Left = 0, Top = 0, Width = 800, Height = 600}; if (HtmlPage.IsPopupWindowAllowed) HtmlPage.PopupWindow(new Uri("http://geekswithblogs.net/"), "new", options); The property IsPopupWindowAllowed is used to check whether the window is enabled to open popup.

  Read the article

< Previous Page | 376 377 378 379 380 381 382 383 384 385 386 387  | Next Page >