Search Results

Search found 292 results on 12 pages for 'insecure'.

Page 4/12 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • according root permission to www-data

    - by user2478348
    i have a perl script dhcpmanip.pl which contain this line: system "hostapd /etc/hostapd-1.0/hostapd/hostapd.conf " it's a command to start hostapd!and i get this error : Insecure $ENV{PATH} while running setuid at /var/www/cgi-bin/dhcpmanip.pl line 46 After searching on the net i realised that i should accord root permission to www-data user (apache user) then i tried to modify the file /etc/sudoers by inserting this line : www-data ALL=NOPASSWD: /var/www/cgi-bin/dhcpmanip.pl but it still not working...does anyone have any idea about how solving this problem??thx alot

    Read the article

  • SPF blocking some emails. How to complete disable it?

    - by Rafael Colucci
    We have configured a SMTP server on IIS. We have not configured any SPF rule. Some emails are going straight to the badmail folder. Most of them have this error message: Address does not pass the Sender Policy Framework Is there any way to disable that? I know this is insecure and spammers could use it to send spam, but I really need it to be disabled for now until I have configured and tested the SPF correctly.

    Read the article

  • Soluto’s New Quick Question Button Makes Family Tech Support Simple

    - by Jason Fitzpatrick
    Soluto, a computer and boot management tool, now features a Quick Question button that allows the people you help out to easily click a button and send you both a short message and a screenshot of the problem. Any time your friend or family member presses F8, Soluto will take a screenshot of the screen, the Task Manager history, and a note from the user highlighting what issue they’re experiencing, and then email it all to you. After reviewing the email you can easily login to Soluto to remotely manage your friend’s computer and help with the problem. For more information about Soluto you can check out our previous reviews of the service here and here, or just hit up the link below to read more and take Soluto for a test drive. Soluto is a free service (for the first 5 computers), Windows only. Introducing Quick Question [The Soluto Blog] Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For? HTG Explains: What is DNS?

    Read the article

  • Quick guide to Oracle IRM 11g: Classification design

    - by Simon Thorpe
    Quick guide to Oracle IRM 11g indexThis is the final article in the quick guide to Oracle IRM. If you've followed everything prior you will now have a fully functional and tested Information Rights Management service. It doesn't matter if you've been following the 10g or 11g guide as this next article is common to both. ContentsWhy this is the most important part... Understanding the classification and standard rights model Identifying business use cases Creating an effective IRM classification modelOne single classification across the entire businessA context for each and every possible granular use caseWhat makes a good context? Deciding on the use of roles in the context Reviewing the features and security for context roles Summary Why this is the most important part...Now the real work begins, installing and getting an IRM system running is as simple as following instructions. However to actually have an IRM technology easily protecting your most sensitive information without interfering with your users existing daily work flows and be able to scale IRM across the entire business, requires thought into how confidential documents are created, used and distributed. This article is going to give you the information you need to ask the business the right questions so that you can deploy your IRM service successfully. The IRM team here at Oracle have over 10 years of experience in helping customers and it is important you understand the following to be successful in securing access to your most confidential information. Whatever you are trying to secure, be it mergers and acquisitions information, engineering intellectual property, health care documentation or financial reports. No matter what type of user is going to access the information, be they employees, contractors or customers, there are common goals you are always trying to achieve.Securing the content at the earliest point possible and do it automatically. Removing the dependency on the user to decide to secure the content reduces the risk of mistakes significantly and therefore results a more secure deployment. K.I.S.S. (Keep It Simple Stupid) Reduce complexity in the rights/classification model. Oracle IRM lets you make changes to access to documents even after they are secured which allows you to start with a simple model and then introduce complexity once you've understood how the technology is going to be used in the business. After an initial learning period you can review your implementation and start to make informed decisions based on user feedback and administration experience. Clearly communicate to the user, when appropriate, any changes to their existing work practice. You must make every effort to make the transition to sealed content as simple as possible. For external users you must help them understand why you are securing the documents and inform them the value of the technology to both your business and them. Before getting into the detail, I must pay homage to Martin White, Vice President of client services in SealedMedia, the company Oracle acquired and who created Oracle IRM. In the SealedMedia years Martin was involved with every single customer and was key to the design of certain aspects of the IRM technology, specifically the context model we will be discussing here. Listening carefully to customers and understanding the flexibility of the IRM technology, Martin taught me all the skills of helping customers build scalable, effective and simple to use IRM deployments. No matter how well the engineering department designed the software, badly designed and poorly executed projects can result in difficult to use and manage, and ultimately insecure solutions. The advice and information that follows was born with Martin and he's still delivering IRM consulting with customers and can be found at www.thinkers.co.uk. It is from Martin and others that Oracle not only has the most advanced, scalable and usable document security solution on the market, but Oracle and their partners have the most experience in delivering successful document security solutions. Understanding the classification and standard rights model The goal of any successful IRM deployment is to balance the increase in security the technology brings without over complicating the way people use secured content and avoid a significant increase in administration and maintenance. With Oracle it is possible to automate the protection of content, deploy the desktop software transparently and use authentication methods such that users can open newly secured content initially unaware the document is any different to an insecure one. That is until of course they attempt to do something for which they don't have any rights, such as copy and paste to an insecure application or try and print. Central to achieving this objective is creating a classification model that is simple to understand and use but also provides the right level of complexity to meet the business needs. In Oracle IRM the term used for each classification is a "context". A context defines the relationship between.A group of related documents The people that use the documents The roles that these people perform The rights that these people need to perform their role The context is the key to the success of Oracle IRM. It provides the separation of the role and rights of a user from the content itself. Documents are sealed to contexts but none of the rights, user or group information is stored within the content itself. Sealing only places information about the location of the IRM server that sealed it, the context applied to the document and a few other pieces of metadata that pertain only to the document. This important separation of rights from content means that millions of documents can be secured against a single classification and a user needs only one right assigned to be able to access all documents. If you have followed all the previous articles in this guide, you will be ready to start defining contexts to which your sensitive information will be protected. But before you even start with IRM, you need to understand how your own business uses and creates sensitive documents and emails. Identifying business use cases Oracle is able to support multiple classification systems, but usually there is one single initial need for the technology which drives a deployment. This need might be to protect sensitive mergers and acquisitions information, engineering intellectual property, financial documents. For this and every subsequent use case you must understand how users create and work with documents, to who they are distributed and how the recipients should interact with them. A successful IRM deployment should start with one well identified use case (we go through some examples towards the end of this article) and then after letting this use case play out in the business, you learn how your users work with content, how well your communication to the business worked and if the classification system you deployed delivered the right balance. It is at this point you can start rolling the technology out further. Creating an effective IRM classification model Once you have selected the initial use case you will address with IRM, you need to design a classification model that defines the access to secured documents within the use case. In Oracle IRM there is an inbuilt classification system called the "context" model. In Oracle IRM 11g it is possible to extend the server to support any rights classification model, but the majority of users who are not using an application integration (such as Oracle IRM within Oracle Beehive) are likely to be starting out with the built in context model. Before looking at creating a classification system with IRM, it is worth reviewing some recognized standards and methods for creating and implementing security policy. A very useful set of documents are the ISO 17799 guidelines and the SANS security policy templates. First task is to create a context against which documents are to be secured. A context consists of a group of related documents (all top secret engineering research), a list of roles (contributors and readers) which define how users can access documents and a list of users (research engineers) who have been given a role allowing them to interact with sealed content. Before even creating the first context it is wise to decide on a philosophy which will dictate the level of granularity, the question is, where do you start? At a department level? By project? By technology? First consider the two ends of the spectrum... One single classification across the entire business Imagine that instead of having separate contexts, one for engineering intellectual property, one for your financial data, one for human resources personally identifiable information, you create one context for all documents across the entire business. Whilst you may have immediate objections, there are some significant benefits in thinking about considering this. Document security classification decisions are simple. You only have one context to chose from! User provisioning is simple, just make sure everyone has a role in the only context in the business. Administration is very low, if you assign rights to groups from the business user repository you probably never have to touch IRM administration again. There are however some obvious downsides to this model.All users in have access to all IRM secured content. So potentially a sales person could access sensitive mergers and acquisition documents, if they can get their hands on a copy that is. You cannot delegate control of different documents to different parts of the business, this may not satisfy your regulatory requirements for the separation and delegation of duties. Changing a users role affects every single document ever secured. Even though it is very unlikely a business would ever use one single context to secure all their sensitive information, thinking about this scenario raises one very important point. Just having one single context and securing all confidential documents to it, whilst incurring some of the problems detailed above, has one huge value. Once secured, IRM protected content can ONLY be accessed by authorized users. Just think of all the sensitive documents in your business today, imagine if you could ensure that only everyone you trust could open them. Even if an employee lost a laptop or someone accidentally sent an email to the wrong recipient, only the right people could open that file. A context for each and every possible granular use case Now let's think about the total opposite of a single context design. What if you created a context for each and every single defined business need and created multiple contexts within this for each level of granularity? Let's take a use case where we need to protect engineering intellectual property. Imagine we have 6 different engineering groups, and in each we have a research department, a design department and manufacturing. The company information security policy defines 3 levels of information sensitivity... restricted, confidential and top secret. Then let's say that each group and department needs to define access to information from both internal and external users. Finally add into the mix that they want to review the rights model for each context every financial quarter. This would result in a huge amount of contexts. For example, lets just look at the resulting contexts for one engineering group. Q1FY2010 Restricted Internal - Engineering Group 1 - Research Q1FY2010 Restricted Internal - Engineering Group 1 - Design Q1FY2010 Restricted Internal - Engineering Group 1 - Manufacturing Q1FY2010 Restricted External- Engineering Group 1 - Research Q1FY2010 Restricted External - Engineering Group 1 - Design Q1FY2010 Restricted External - Engineering Group 1 - Manufacturing Q1FY2010 Confidential Internal - Engineering Group 1 - Research Q1FY2010 Confidential Internal - Engineering Group 1 - Design Q1FY2010 Confidential Internal - Engineering Group 1 - Manufacturing Q1FY2010 Confidential External - Engineering Group 1 - Research Q1FY2010 Confidential External - Engineering Group 1 - Design Q1FY2010 Confidential External - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret Internal - Engineering Group 1 - Research Q1FY2010 Top Secret Internal - Engineering Group 1 - Design Q1FY2010 Top Secret Internal - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret External - Engineering Group 1 - Research Q1FY2010 Top Secret External - Engineering Group 1 - Design Q1FY2010 Top Secret External - Engineering Group 1 - Manufacturing Now multiply the above by 6 for each engineering group, 18 contexts. You are then creating/reviewing another 18 every 3 months. After a year you've got 72 contexts. What would be the advantages of such a complex classification model? You can satisfy very granular rights requirements, for example only an authorized engineering group 1 researcher can create a top secret report for access internally, and his role will be reviewed on a very frequent basis. Your business may have very complex rights requirements and mapping this directly to IRM may be an obvious exercise. The disadvantages of such a classification model are significant...Huge administrative overhead. Someone in the business must manage, review and administrate each of these contexts. If the engineering group had a single administrator, they would have 72 classifications to reside over each year. From an end users perspective life will be very confusing. Imagine if a user has rights in just 6 of these contexts. They may be able to print content from one but not another, be able to edit content in 2 contexts but not the other 4. Such confusion at the end user level causes frustration and resistance to the use of the technology. Increased synchronization complexity. Imagine a user who after 3 years in the company ends up with over 300 rights in many different contexts across the business. This would result in long synchronization times as the client software updates all your offline rights. Hard to understand who can do what with what. Imagine being the VP of engineering and as part of an internal security audit you are asked the question, "What rights to researchers have to our top secret information?". In this complex model the answer is not simple, it would depend on many roles in many contexts. Of course this example is extreme, but it highlights that trying to build many barriers in your business can result in a nightmare of administration and confusion amongst users. In the real world what we need is a balance of the two. We need to seek an optimum number of contexts. Too many contexts are unmanageable and too few contexts does not give fine enough granularity. What makes a good context? Good context design derives mainly from how well you understand your business requirements to secure access to confidential information. Some customers I have worked with can tell me exactly the documents they wish to secure and know exactly who should be opening them. However there are some customers who know only of the government regulation that requires them to control access to certain types of information, they don't actually know where the documents are, how they are created or understand exactly who should have access. Therefore you need to know how to ask the business the right questions that lead to information which help you define a context. First ask these questions about a set of documentsWhat is the topic? Who are legitimate contributors on this topic? Who are the authorized readership? If the answer to any one of these is significantly different, then it probably merits a separate context. Remember that sealed documents are inherently secure and as such they cannot leak to your competitors, therefore it is better sealed to a broad context than not sealed at all. Simplicity is key here. Always revert to the first extreme example of a single classification, then work towards essential complexity. If there is any doubt, always prefer fewer contexts. Remember, Oracle IRM allows you to change your mind later on. You can implement a design now and continue to change and refine as you learn how the technology is used. It is easy to go from a simple model to a more complex one, it is much harder to take a complex model that is already embedded in the work practice of users and try to simplify it. It is also wise to take a single use case and address this first with the business. Don't try and tackle many different problems from the outset. Do one, learn from the process, refine it and then take what you have learned into the next use case, refine and continue. Once you have a good grasp of the technology and understand how your business will use it, you can then start rolling out the technology wider across the business. Deciding on the use of roles in the context Once you have decided on that first initial use case and a context to create let's look at the details you need to decide upon. For each context, identify; Administrative rolesBusiness owner, the person who makes decisions about who may or may not see content in this context. This is often the person who wanted to use IRM and drove the business purchase. They are the usually the person with the most at risk when sensitive information is lost. Point of contact, the person who will handle requests for access to content. Sometimes the same as the business owner, sometimes a trusted secretary or administrator. Context administrator, the person who will enact the decisions of the Business Owner. Sometimes the point of contact, sometimes a trusted IT person. Document related rolesContributors, the people who create and edit documents in this context. Reviewers, the people who are involved in reviewing documents but are not trusted to secure information to this classification. This role is not always necessary. (See later discussion on Published-work and Work-in-Progress) Readers, the people who read documents from this context. Some people may have several of the roles above, which is fine. What you are trying to do is understand and define how the business interacts with your sensitive information. These roles obviously map directly to roles available in Oracle IRM. Reviewing the features and security for context roles At this point we have decided on a classification of information, understand what roles people in the business will play when administrating this classification and how they will interact with content. The final piece of the puzzle in getting the information for our first context is to look at the permissions people will have to sealed documents. First think why are you protecting the documents in the first place? It is to prevent the loss of leaking of information to the wrong people. To control the information, making sure that people only access the latest versions of documents. You are not using Oracle IRM to prevent unauthorized people from doing legitimate work. This is an important point, with IRM you can erect many barriers to prevent access to content yet too many restrictions and authorized users will often find ways to circumvent using the technology and end up distributing unprotected originals. Because IRM is a security technology, it is easy to get carried away restricting different groups. However I would highly recommend starting with a simple solution with few restrictions. Ensure that everyone who reasonably needs to read documents can do so from the outset. Remember that with Oracle IRM you can change rights to content whenever you wish and tighten security. Always return to the fact that the greatest value IRM brings is that ONLY authorized users can access secured content, remember that simple "one context for the entire business" model. At the start of the deployment you really need to aim for user acceptance and therefore a simple model is more likely to succeed. As time passes and users understand how IRM works you can start to introduce more restrictions and complexity. Another key aspect to focus on is handling exceptions. If you decide on a context model where engineering can only access engineering information, and sales can only access sales data. Act quickly when a sales manager needs legitimate access to a set of engineering documents. Having a quick and effective process for permitting other people with legitimate needs to obtain appropriate access will be rewarded with acceptance from the user community. These use cases can often be satisfied by integrating IRM with a good Identity & Access Management technology which simplifies the process of assigning users the correct business roles. The big print issue... Printing is often an issue of contention, users love to print but the business wants to ensure sensitive information remains in the controlled digital world. There are many cases of physical document loss causing a business pain, it is often overlooked that IRM can help with this issue by limiting the ability to generate physical copies of digital content. However it can be hard to maintain a balance between security and usability when it comes to printing. Consider the following points when deciding about whether to give print rights. Oracle IRM sealed documents can contain watermarks that expose information about the user, time and location of access and the classification of the document. This information would reside in the printed copy making it easier to trace who printed it. Printed documents are slower to distribute in comparison to their digital counterparts, so time sensitive information in printed format may present a lower risk. Print activity is audited, therefore you can monitor and react to users abusing print rights. Summary In summary it is important to think carefully about the way you create your context model. As you ask the business these questions you may get a variety of different requirements. There may be special projects that require a context just for sensitive information created during the lifetime of the project. There may be a department that requires all information in the group is secured and you might have a few senior executives who wish to use IRM to exchange a small number of highly sensitive documents with a very small number of people. Oracle IRM, with its very flexible context classification system, can support all of these use cases. The trick is to introducing the complexity to deliver them at the right level. In another article i'm working on I will go through some examples of how Oracle IRM might map to existing business use cases. But for now, this article covers all the important questions you need to get your IRM service deployed and successfully protecting your most sensitive information.

    Read the article

  • How Do Guns Work In Space? [Video]

    - by Jason Fitzpatrick
    Why don’t astronauts fall back to Earth? What happens if you shoot a gun in space? How big of a squirt gun would you need to put out the sun? Don’t end your day with these pressing questions unanswered. [via Boing Boing] HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • Play PlayStation Games on a Rooted Nook Simple Touch

    - by Jason Fitzpatrick
    Just when you feel like you’ve seen it all, some guy comes along and shows you how he can play original PlayStation games on his ebook reader. Check out the video to see the surprisingly full-speed–albeit black and white–graphics in action. The secret sauce in Sean’s cool setup? He’s rooted the device and installed Free PlayStation Emulator (FPSE) on it–along with the NoRefresh hack–to enjoy touch-screen controls and PS emulation. The whole thing is shockingly smooth; once you get past the choppy intro videos, the games run at full speed. [via Hack A Day] HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • Change the Default Number of Rows of Tiles on the Windows 8 UI (Metro) Screen

    - by Lori Kaufman
    By default, Windows 8 automatically sets the number of rows of tiles to fit your screen, depending on your monitor size and resolution. However, you can tell Windows 8 to display a certain number of rows of tiles at all times, despite the screen resolution. To do this, we will make a change to the registry. If you are not already on the Desktop, click the Desktop tile on the Start screen. NOTE: Before making changes to the registry, be sure you back it up. We also recommend creating a restore point you can use to restore your system if something goes wrong. HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • The Dark Knight meets The Avengers [Video]

    - by Asian Angel
    Batman and the Avengers team up to defeat a common enemy, but their ‘after battle’ plans are extremely different! Can Batman learn to be a ‘team player’ who relaxes and has fun, or will he brood alone in his cave forever? The Dark Knight Meets The Avengers [CollegeHumor] HTG Explains: How Windows Uses The Task Scheduler for System Tasks HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

    Read the article

  • Ask the Readers: How Do You Remote Desktop Access Distant Computers?

    - by Jason Fitzpatrick
    You’re at a computer at point A, but the computer you want to interact with is at point B, and the only thing connecting you is a series of network switches and cabling. How do you comfortably control the remote computer? While there are a variety of ways to control a computer from afar, sometimes there’s just no good substitute for accessing the user interface as if you were sitting at the computer–a feat made possibly by remote desktop software. This week we want to hear about both your favorite remote desktop tool and your best tips for getting the most out of a remote desktop session–from banishing lag to improving mouse-cursor tracking, any tips are fair game. Sound off in the comments below with your remote desktop tips and then check back in on Friday for the What You Said roundup. Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For? HTG Explains: What is DNS?

    Read the article

  • Does Bad Weather Affect Cloud Computing? [Humor]

    - by Jason Fitzpatrick
    Indian government official Vishwa Bandhu Gupta deserves a Master Class Troll Lifetime Achievement Award for his performance in this five minute video and complete bamboozling of a poor reporter. Before we ridicule the reporter for buying Gupta’s spiel, keep in mind that 51% of Americans think cloud computing actually has something to do with clouds. Cloud Computing Is Great, But What If It Rains? [via Digital Inspiration] HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • Awesome Back to the Future – Hill Valley Mod for Grand Theft Auto IV [Video]

    - by Asian Angel
    What could be better than playing a good round of Grand Theft Auto IV? Playing with a working Delorean time machine with Marty McFly as the driver! Watch as this Delorean tears up the roads in this video from YouTube user Seedyrom34. You can read more about the mod at the YouTube link provided below… Grand Theft Auto IV: Hill Valley – [Back to the Future Mod Showcase] [via Neatorama] HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • How To Get Email Notifications Whenever Someone Logs Into Your Computer

    - by Chris Hoffman
    Do you have a computer that you don’t want other people accessing – perhaps a server? You can have Windows email you whenever someone logs into your computer (assuming it’s connected to the Internet), giving you peace of mind. We’ll be using the Windows Task Scheduler for this – it can send emails in response to a variety of events. The Task Scheduler’s built-in email feature isn’t as flexible as we’d like, so we’ll be using another tool. HTG Explains: How Windows Uses The Task Scheduler for System Tasks HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

    Read the article

  • Problems with opening CHM Help files from Network or Internet

    - by Rick Strahl
    As a publisher of a Help Creation tool called Html Help Help Builder, I’ve seen a lot of problems with help files that won't properly display actual topic content and displays an error message for topics instead. Here’s the scenario: You go ahead and happily build your fancy, schmanzy Help File for your application and deploy it to your customer. Or alternately you've created a help file and you let your customers download them off the Internet directly or in a zip file. The customer downloads the file, opens the zip file and copies the help file contained in the zip file to disk. She then opens the help file and finds the following unfortunate result:     The help file  comes up with all topics in the tree on the left, but a Navigation to the WebPage was cancelled or Operation Aborted error in the Help Viewer's content window whenever you try to open a topic. The CHM file obviously opened since the topic list is there, but the Help Viewer refuses to display the content. Looks like a broken help file, right? But it's not - it's merely a Windows security 'feature' that tries to be overly helpful in protecting you. The reason this happens is because files downloaded off the Internet - including ZIP files and CHM files contained in those zip files - are marked as as coming from the Internet and so can potentially be malicious, so do not get browsing rights on the local machine – they can’t access local Web content, which is exactly what help topics are. If you look at the URL of a help topic you see something like this:   mk:@MSITStore:C:\wwapps\wwIPStuff\wwipstuff.chm::/indexpage.htm which points at a special Microsoft Url Moniker that in turn points the CHM file and a relative path within that HTML help file. Try pasting a URL like this into Internet Explorer and you'll see the help topic pop up in your browser (along with a warning most likely). Although the URL looks weird this still equates to a call to the local computer zone, the same as if you had navigated to a local file in IE which by default is not allowed.  Unfortunately, unlike Internet Explorer where you have the option of clicking a security toolbar, the CHM viewer simply refuses to load the page and you get an error page as shown above. How to Fix This - Unblock the Help File There's a workaround that lets you explicitly 'unblock' a CHM help file. To do this: Open Windows Explorer Find your CHM file Right click and select Properties Click the Unblock button on the General tab Here's what the dialog looks like:   Clicking the Unblock button basically, tells Windows that you approve this Help File and allows topics to be viewed.   Is this insecure? Not unless you're running a really old Version of Windows (XP pre-SP1). In recent versions of Windows Internet Explorer pops up various security dialogs or fires script errors when potentially malicious operations are accessed (like loading Active Controls), so it's relatively safe to run local content in the CHM viewer. Since most help files don't contain script or only load script that runs pure JavaScript access web resources this works fine without issues. How to avoid this Problem As an application developer there's a simple solution around this problem: Always install your Help Files with an Installer. The above security warning pop up because Windows can't validate the source of the CHM file. However, if the help file is installed as part of an installation the installation and all files associated with that installation including the help file are trusted. A fully installed Help File of an application works just fine because it is trusted by Windows. Summary It's annoying as all hell that this sort of obtrusive marking is necessary, but it's admittedly a necessary evil because of Microsoft's use of the insecure Internet Explorer engine that drives the CHM Html Engine's topic viewer. Because help files are viewing local content and script is allowed to execute in CHM files there's potential for malicious code hiding in CHM files and the above precautions are supposed to avoid any issues. © Rick Strahl, West Wind Technologies, 2005-2012 Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Weblogs.asp.net has a problem, it is spam

    - by Chris Hammond
    Is anyone at Microsoft listening to the SPAM problem here on Weblogs.asp.net? My “ Can anyone do anything about the spam here on weblogs.asp.net? ” post from October got over 12 spam comments posted to it in the past 24 hours. I have comments all moderated, but that just means I have a crapload of work to do each time people comment. Also, when you click on a link from a comment notification email you are taken to an insecure site warning due to an invalid SSL Cert. We really just need some updates...(read more)

    Read the article

  • Week in Geek: New Security Hole Found Just Hours After Latest Java Update Released

    - by Asian Angel
    Our first edition of WIG for September is filled with news link coverage on topics such as Firefox 16 Beta introduces new command line feature for developers, Google to restore passwords lost using Chrome iOS app, new password stealing malware is targeting Linux & Mac OS X users, and more. Special Note: The title refers to the latest security update of Java just released this past Thursday. Please refer to our article on disabling Java here. Skull and crosshair targeting scope clipart courtesy of Clker.com. HTG Explains: How Windows Uses The Task Scheduler for System Tasks HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

    Read the article

  • StereoMood Updates; Now Offers Free iOS/Android App

    - by Jason Fitzpatrick
    StereoMood, the popular music streaming service that lets you pick tunes based on your mood, just rolled out an update that includes two brand spanking new mobile apps–one for iOS and one for Android. Grab the free apps to enjoy mood-based tunes on go. For the unfamiliar, StereoMood creates enormous playlists of music categorized by moods–whether you’re feeling happy, relaxed, melancholy, or euphoric, there’s a StereoMood playlist to match. Hit up the links below to check out the web-app or grab a copy of the new mobile apps. StereoMood / iOS App / Android App Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For? HTG Explains: What is DNS?

    Read the article

  • HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows?

    - by Chris Hoffman
    If you’ve ever purchased a computer with a hard disk capacity of 500 GB and opened Windows Explorer only to find that its capacity looked more like 440 GB, you may be wondering where all those gigabytes went. There are several reasons Windows could display the wrong amount of available space, from invisible shadow files, formatting overhead, and hidden recovery partitions to misleading (though technically accurate) storage capacities advertised by hard drive manufacturers. Image Credit: Norlando Pobre HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • Avoiding Hacker Trix

    - by Mike Benkovich
    Originally posted on: http://geekswithblogs.net/benko/archive/2014/08/20/avoiding-hacker-trix.aspxThis week we're doing a session called "Avoiding Hacker Trix" which goes thru some of the top web exploits that you should be aware of. In this webcast we will cover a variety of things including what we call the secure development process, cross site scripting attack, one click attack, SQL Injection and more. There are a bunch of links we cover, but rather than having you copy these down I'm providing them here... Links from the slide deck: Anti-XSS Library Download www.Fiddler2.com www.HelloSecureWorld.com Open Source Web Application Project - Top 10 Exploits Exploit: Cross Site Scripting - Paypal Exploit: SQL Injection - www.ri.gov Exploit: Cross Site Scripting - FTD Exploit: Insecure Direct Object Reference - Cahoots Exploit: Integer Overflow - Apple

    Read the article

  • How To Prevent Your Computer From Waking Up Accidentally

    - by Chris Hoffman
    If you find your Windows computer waking from sleep for no apparent reason, your computer is either being woken up by a hardware device – such as your mouse — or scheduled task set to wake your computer. In some cases, the cause may not be obvious. For example, if your laptop occasionally wakes up for no apparent reason, it’s possible that the floor is shaking a bit, causing the mouse to vibrate slightly and wake the computer. Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For? HTG Explains: What is DNS?

    Read the article

  • How to install a Lexmark z600 series printer?

    - by Uri Herrera
    It has been a headache trying to install this printer. All the tutorials I found are for older versions of Ubuntu, and none of them work. How can I install this printer? Edit: HOWTO: Install PITA Lexmark Z600 Z615 and Dell Photo Printer 720 Setup Lexmark Z600 and X series printer on Ubuntu (i tried this one, only that it was translated to spanish, but it was the same instructions) HOWTO: Lexmark Printers I always get an error when extracting the converted tars with all of the tuts, invalid argument or the file doesn't exist. Looks like, i was missing some ia32 libs .. and that caused the errors with the tar files, anyways i still can't print now i get this, cups-insecure-filter How to install Lezmark Z600 series printer Here, the OP offers 2 debs, i installed them on a 32 bit Ubuntu install, now the printer gets recognized but still can't print, 'cause i'm missing a filter, "rastertoz600".

    Read the article

  • How to Automatically Run Programs and Set Reminders With the Windows Task Scheduler

    - by Chris Hoffman
    Do you want your computer to automatically run a program, remind you about something, or even automatically send emails? Use the Task Scheduler included with Windows – its interface can be a bit intimidating, but it’s easy to use. The Task Scheduler has a wide variety of uses – anything you want your computer to do automatically, you can configure here. For example, you could use the task scheduler to automatically wake your computer at a specific time. HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • How to install a Lexmark z600 series printer?

    - by Uri Herrera
    It has been a headache trying to install this printer. All the tutorials I found are for older versions of Ubuntu, and none of them work. How can I install this printer? Edit: HOWTO: Install PITA Lexmark Z600 Z615 and Dell Photo Printer 720 Setup Lexmark Z600 and X series printer on Ubuntu (i tried this one, only that it was translated to spanish, but it was the same instructions) HOWTO: Lexmark Printers I always get an error when extracting the converted tars with all of the tuts, invalid argument or the file doesn't exist. Looks like, i was missing some ia32 libs .. and that caused the errors with the tar files, anyways i still can't print now i get this, cups-insecure-filter How to install Lezmark Z600 series printer Here, the OP offers 2 debs, i installed them on a 32 bit Ubuntu install, now the printer gets recognized but still can't print, 'cause i'm missing a filter, "rastertoz600".

    Read the article

  • Webmaster Tools word count

    - by Henrik Erlandsson
    Is there a way to somehow verify that the googlebot finds the headings and the content, for example by word count? I'm asking this because I tried a program called Screaming Frog, which fails to even fetch the first h1 on a validated page - for about 1/3 of all the pages(!) - and got insecure. Even though the site looks hunky dory in Webmaster Tools, I'd like to know what a googlebot-like content crawler finds on my page and in what order. Any tips on such tools is appreciated. This is not about keyword count.

    Read the article

  • HTG Explains: How Windows Uses The Task Scheduler for System Tasks

    - by Chris Hoffman
    While you can use the Windows Task Scheduler to schedule your own automatic tasks, Windows also uses it behind the scenes to perform many system tasks – defragmenting your hard disks when you’re not using your computer, for example. You can even modify these system tasks to tweak Windows to your liking – for example, you can change how often Windows creates system restore points. Third-party programs also often use the Task Scheduler for their own tasks. HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

  • What You Said: Your Favorite Remote Desktop Access Tools and Tips

    - by Jason Fitzpatrick
    Earlier this week we asked you to share your favorite remote desktop access tools and tips; now we’re back to highlight your favorite tools and how you use them. The two prevailing themes among all the tools suggested were pricing and ease of deployment. On that front, LogMeIn had a strong following. Mtech writes: I use Logmein and am amazed the free version can be used even for business purposes. I also felt so bad and wanted to pay for the Pro version just out of gratitude but they called me personally from the USA and said why pay when the free version does all you need! What a company. HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >