Search Results

Search found 6397 results on 256 pages for 'secure emails'.

Page 4/256 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >

Good quality Secure Software Development Training [closed]

- by Patrick

Just had my annual appraisal and found out my company is willing to pay for training and exams etc! Woohoo (they kept that one quiet). I'm interested in doing a course on secure development techniques. Has anyone got any suggestions for good quality distance learning courses in secure development (I could probably get a couple of days off to attend a conference/ course if required)? We're mostly an MS .Net house but I have no particular allegiance to MS or any other programming language (though, obviously, C++ is the best language in the world). I have 12 years development experience working in (what are now) PCI:DSS environments, including designing and developing a key management system and I have some knowledge of basic attacks (XSS, injection etc). I would prefer a hard course I struggle with to a basic course I learn 3 things from (but hopefully get something right at my level). A quick google found these two course which look good: http://www.sans.org/course/secure-coding-net-developing-defensible-applications https://www.isc2.org/csslpedu/default.aspx I don't really know how to choose between them, and finding other courses isn't going to make that job any easier, so I thought I'd ask those who know. EDIT : Hmm, care to share the reason for your down vote, will help me learn how to use the site better...

Read the article
Why is this rkhunter script sending empty emails?

- by Oddthinking

I have started running rkhunter (a security monitoring tool) and I have finally managed to clear all of its warnings. Now, a cron job runs every day to monitor my machine. Rather than send me an email of warnings, it sends me an email with no body - which I don't really want. Looking at the (unedited, straight out of the box) /etc/cron.daily/rkhunter script, it contains this snippet of shell code: if [ -s "$OUTFILE" ]; then ( echo "Subject: [rkhunter] $(hostname -f) - Daily report" echo "To: $REPORT_EMAIL" echo "" cat $OUTFILE ) | /usr/sbin/sendmail $REPORT_EMAIL fi The -s clause should prevent empty emails from being sent, right? Does anyone have an explanation why this would still send empty emails?

Read the article
Extract reply to addresses from all emails in an outlook folder

- by RodH257

I've got to send a bulk email out to a bunch of people in reply to emails they sent me. I've got all the original emails stored in a single outlook folder. I want to extract all of the reply-to addresses from the emails in that folder so I can send an email to all of them. http://thetechieguy.wordpress.com/2008/04/22/extracting-email-address-from-outlook-2007-folder/ shows you how to export the FROM address of these emails, however a large amount of them came from a web service that sends emails 'on behalf of' the person I'm trying to mail to. So I need the reply-to address, and the export wizard doesn't do that. Does anyone have a tip on how to do this? This is Outlook 2007 on Exchange 2010.

Read the article
Sorting emails with no To: tags in Outlook

- by user29589

Lately people at work have been sending with mailing lists in blind copies instead of just sending to the mailing lists. I think the intent is to prevent people from accidentally replying to all, but it means that these emails aren't sorted into their proper folders when they arrive. I'd like to at least be able to sort them into a common folder, but these emails arrive with no "To:" line in the headers. I'm using Outlook 2007, and I can't figure out a way to use their built-in rule editor to create a rule that sorts these emails. Is there a plugin that will allow me to sort emails like this, or a better rule editor? Updated: I know this is very old, but this is still very annoying to me. Is there any way to sort these kinds of emails to their own folder?

Read the article
/var/log/secure user activity. also, httpd can not start without two users

- by user52869

hello, i found some strange informations in /var/log/secure file: Feb 10 02:02:04 server2364 usermod[30750]: unlock user `username1' password Feb 10 02:02:04 server2364 usermod[30811]: lock user `username2' password Feb 10 02:05:16 server2364 usermod[30992]: unlock user `username2' password Feb 10 02:05:18 server2364 usermod[31114]: unlock user `username1' password username1 and username2 are two usernames on system, that have no ability to login. for every night in 02:02h results like that are in /var/log/secure file. one more thing: files /etc/shadow, and /etc/shadow have timestamps 02:05h. what can be cause for it? next thing, if i remove those two accounts (username1 and username2), i can not start web server. can you help me with some ideas, am i hacked?

Read the article
mitigating lost emails when switching provider

- by sam

were about to change to gmail from a webmail provided by our hosting provider, i understand changing the mx records and all. But my main worry was if there would be any emails that would fall through the gaps of the two systems during change over. Im not familiar with the ins and outs of how the mx record works, is it like a dns record change, ie. it needs to propagate ? If thats the case would there be a period were its left my current email provider but not switched to the new gmail account ? Thus allowing emails not be delivered or worse lost ?

Read the article
Changing hosts but keep old emails [closed]

- by LDaniel

Possible Duplicate: Change host / keep emails OK here's the situation...I'm trying to transfer my domain and email address to a new hosting service and I would like to start using Google's domain apps for my email, etc. My email address is currently on a WebMail type platform and when I move my domain and start using Google domain apps I would also like to keep the old emails and have them imported the the email address on Google. Note: The email address will be the same on both hosts. For example [email protected]. So its keeping the same address between two different systems. I've been Googling how to do this for awhile and all the migrate options that come up don't appear in the the Google inbox setting or domain apps config settings. Any help is greatly appreciated.

Read the article
Plesk: Spamassassin ignores emails to redirected accounts

- by Mat

When I set up email redirects within Plesk 9.5, Spamassassin ignores all emails sent to the redirected address and only scans emails that are sent directly to the address which has a mailbox. Steps to reproduce Set up two mail accounts: [email protected] as a proper email account with a mailbox and [email protected] with all emails redirected to [email protected]. (It doesn't make a difference, if [email protected] has a mailbox enabled or not.) [email protected] -> [email protected] Set up the spam filter on both accounts. I set mine to delete spam right away, but you can just keep the default ("mark as spam"). Now, when you send an emails to [email protected], it will have Spamassassins tags in the email header, but when you send emails to [email protected], they will end up in the same mailbox but will have no spamassassin tags in the emails header and they will not be scanned. Other notes I am using Plesk 9.5.4 on Ubuntu 8.04 LTS with the default Qmail. I've observed this bug since Plesk 8, but I can't stand it any more and would appreciate any hack or fix.

Read the article
Emails not sending from outlook / OWA - Not even hitting the mail queue in exchange

- by webnoob

We are having an issue this morning where we can receive external emails but cannot send internal or external ones from Outlook or OWA. If I use: Send-MailMessage –From <[email protected]> –To <[email protected]> –Subject “Test #01”-Body “Just a test message.” –SMTPServer <Server-Name> –Credential <domain\user> the email is sent correctly which makes me think there is a connection issue with OWA and Outlook. However, outlook is reporting as Connected with exchange. I have checked the message tracking in exchange tools and emails sent via outlook and OWA do not appear. Nothing has changed on the server on the weekend so I don't really know where to start debugging this issue. We are using Windows SBS 2011. We only have one send connector which isn't using Smart Hosts and is set to use DNS MX records. Use external DNS is not checked and I can ping google.com etc so doesn't appear to be a DNS issue (plus the email sends from the console anyway). EDIT It appears that users using IMAP can send emails correctly, its only ones that rely on the normal exchange connection type that don't work. EDIT Emails from IMAP are hitting the email queue's where as emails from the normal exchange accounts aren't. EDIT It seems that some of the emails we tried to send yesterday sent at about 1am but now it won't work again..

Read the article
Is osTicket secure/private enough

- by Andy

I was going to use osTicket as my 'help desk' for my website, however I just got a little bit concerned when I realised that the clients' login details to see their support tickets are only their email address and a ticket ID. I am probably going over the top with security though, which is why I wanted to get some second opinions on how secure osTicket actually is and whether I should use it with my website. I run a software company, so chances are licence keys may be included in support tickets which are obviously sensitive information and valuable - so I want to ensure that the likelihood of a support ticket being hacked is very low. If there is any plugins/additions to make osTicket more 'secure', I would appreciate it if you could point me to them. Otherwise if there are any more free, more suited, help desk softwares out there please let me know. Thanks in advance

Read the article
Secure Deployment of Oracle VM Server for SPARC - updated

- by Stefan Hinker

Quite a while ago, I published a paper with recommendations for a secure deployment of LDoms. Many things happend in the mean time, and an update to that paper was due. Besides some minor spelling corrections, many obsolete or changed links were updated. However, the main reason for the update was the introduction of a second usage model for LDoms. In a very short few words: With the success especially of the T4-4, many deployments make use of the hardware partitioning capabilities of that platform, assigning full PCIe root complexes to domains, mimicking dynamic system domains if you will. This different way of using the hypervisor needed to be addressed in the paper. You can find the updated version here: Secure Deployment of Oracle VM Server for SPARCSecond Edition I hope it'll be useful!

Read the article
Books or guides regarding secure key storage and database encryption

- by Matty

I have an idea for a SaaS product I want to create, however, this product will store extremely sensitive data that needs to be encrypted at rest. The trouble is not so much the encryption, but the problem of securely storing the keys so that in the event the server was somehow compromised, the keys couldn't just be recovered and used to decrypt the database. Are there any decent books to guides regarding database encryption, and in particular secure key storage? This seems to be a less than straightforward topic and something that is difficult to get right. I'm seeing multiple ways to attack such a system, but unable to come up with one that is secure enough to store highly confidential information.

Read the article
Friday Spotlight: Oracle Secure Global Desktop and amitego VISULOX

- by Chris Kawalek

Happy Friday! Our spotlight this week is a screencast about a fantastic solution that takes the security model of Oracle Secure Global Desktop and adds even more features. If you work in environments where you need to have a video record of users' interactions with applications, or need to ensure that two users can remotely work on the same session (a worker entering data in a form from one workstation and a manager typing an authorization code from another, for example), amitego VISULOX can do this and a lot more. It's built on top of Oracle Secure Global Desktop, so you get all of the great features there, plus additional unique security related features provided by VISULOX. Click the thumbnail below to watch the screencast. We'll see you next week! -Chris

Read the article
Identify "non-secure" content IE warns about [on hold]

- by Doug Harris

As many know, if you serve a page over https and the content loads resources (images, stylesheets, js, SWF objects, etc) over http, older versions of Internet Explorer will show the user a warning saying "This page contains both secure and non-secure items". This is discomforting to many non-technical users. Usually, I can look at the HTML source and identify which item(s) are triggering this error. Sometimes a Flash object will load something else or some embedded javascript will put a new object in the DOM and trigger this. What tools are good for quickly tracking down the source of the warning?

Read the article
What's New in Oracle Secure Global Desktop 5.1 webcast

- by Chris Kawalek

We have a really exciting webcast coming up for you this week that will tell you all about what's new in Oracle Secure Global Desktop 5.1. Hosted by Andy Hall, you will learn all the exciting features in this brand new release! What's New in Oracle Secure Global DesktopThursday, November 7, 9AM Pacific TimeRegister now. If you'd like a sneak peek, hop on over to the Fat Bloke Sings, where Fat Bloke goes into detail on some of the new features. My favorite is accessing your applications (or even full desktops) from SGD using just the Chrome web browser. In this graphic, Fat Bloke is running Oracle Linux via SGD and accessing with Chrome on the Mac. This required no installation on the client, no dependencies on any other software, nothing -- just open up Chrome, login, and all of your stuff is there. Very cool. We hope to see you on Thursday! -Chris

Read the article
Rendering of Oracle Secure Global Desktop's Administration Console on Modern Browser Versions

- by Mohan Prabhala

For customers using Oracle Secure Global Desktop version 4.6x, one of the issues reported is the improper rendering of the administration console when using modern browser versions such as Safari 5, Firefox 4+ or Internet Explorer 9. We are pleased to provide a fix for use of these modern browser versions when using Oracle Secure Global Desktop 4.6x. Please refer to Doc ID 1367923.1 on My Oracle Support. The solution involves a new .jar file, oracletheme.jar and following a few simple instructions. Download the new oracletheme.jar to /tmp and backup the existing one located at /opt/tarantella/webserver/tomcat/<tomcat_ver>/webapps/sgdadmin/WEB-INF/lib/oracletheme.jar Stop the webserver /opt/tarantella/bin/tarantella stop webserver Copy the new oracletheme.jar to the correct directory cp /tmp/oracletheme.jar /opt/tarantella/webserver/tomcat/<tomcat_ver>/webapps/sgdadmin/WEB- INF/lib/oracletheme.jar Verify permissions for the file -rw-r----- 1 root ttaserv 280449 Sep 9 2010 oracletheme.jar Finally, restart the webserver /opt/tarantella/bin/tarantella start webserver

Read the article
secure boot windows 8 issues it hates ubuntu :(

- by Steven Brown

im running into issues with windows 8. ok so i disabled secure boot from my laptop. i tell it to launch from my USB with ubuntu installed on it and it wont boot. just simply light my screen and darken it. iv google the fire out of this and no use so im asking for help. im useing ubuntu 13.04. more details: well i have tryed to boot another OS (zorin) and it hates it too. i dont know why my secure boot wont shut off. if it helps i have a HP 2000.

Read the article
How do I code Citrix web sites to use a Secure Gateway (CSG)?

- by RAVolt

I'm using Citrix's sample code as a base and trying to get it to generate ICA files that direct the client to use their Secure Gateway (CSG) provider. My configuration is that the ICA file's server address is replaced with a CSG ticket and traffic is forced to go to the CSG. The challenge is that both the Citrix App Server (that's providing the ICA session on 1494) and the CSG have to coordinate through a Secure Ticket Authority (STA). That means that my code needs to talk to the STA as it creates the ICA file because STA holds a ticket that the CSG needs embedded into the ICA file. Confusing? Sure! But it's much more secure. The pre-CSG code looks like this: AppLaunchInfo launchInfo = (AppLaunchInfo)userContext.launchApp(appID, new AppLaunchParams(ClientType.ICA_30)); ICAFile icaFile = userContext.convertToICAFile(launchInfo, null, null); I tried to the SSLEnabled information to the ICA generation, but it was not enough. here's that code: launchInfo.setSSLEnabled(true); launchInfo.setSSLAddress(new ServiceAddress("CSG URL", 443)); Now, it looks like I need to register the STA when I configure my farm: ConnectionRoutingPolicy policy = config.getDMZRoutingPolicy(); policy.getRules().clear(); //Set the Secure Ticketing Authorities (STAs). STAGroup STAgr = new STAGroup(); STAgr.addSTAURL(@"http://CitrixAppServerURL/scripts/ctxsta.dll"); //creat Secure Gateway conenction SGConnectionRoute SGRoute = new SGConnectionRoute(@"https://CSGURL"); SGRoute.setUseSessionReliability(false); SGRoute.setGatewayPort(80); SGRoute.setTicketAuthorities(STAgr); // add the SGRoute to the policy policy.setDefault(SGRoute); This is based on code I found on the Citrix Forums; however, it breaks my ability to connect with the Farm and get my application list! Can someone point me to an example of code that works? Or a reference document?

Read the article
Deploy multiple emails to email providers, but without showing favouritism

- by Ardman

We are currently developing a new email deployment system. We have the system currently configured so that it reads a record from the database and loads the email content and deploys it to the target. Now we want to move this over to multiple threads. That is easily done, except we then hit the email providers returning SMTP codes referring to "Too many connections", or "Deferred connection". The solution to this is to have a thread open up a connection to the email provider and deploy n emails and then disconnect. We have currently configured the application so that it will support these session based email deployments. The problem is this, the database table has multiple email addresses in and they aren't grouped by email provider because that will show favouritism. We need to be able to retrieve a set number of, i.e. Hotmail, emails (@hotmail.com, @hotmail.co.uk, @live.co.uk) so that we are reducing the number of connections to Hotmail and reducing the risks of getting the "Too many connections" error. We are at the point now where we have gone round and round in circles trying to get a solution, so I thought I'd throw it out there and see if anyone has any ideas? EDIT I would like to stress that this application is not used for spamming purposes.

Read the article
Memory (flash) cards secure delete (have to use algorithms or just delete?)

- by daveny

We all know that if you want to completely delete files from HDD, you have to use a special erase algorithm in order to make it impossible to read it back. But what with the memory cards? Do they need the same algorithms to ensure that no one could read it back? (it has a completely different structure to store data, and I don't know what the case here with secure delete)

Read the article
regular expression for emails NOT ending with replace script

- by corroded

I'm currently modifying my regex for this: http://stackoverflow.com/questions/2782031/extracting-email-addresses-in-an-html-block-in-ruby-rails basically, im making another obfuscator that uses ROT13 by parsing a block of text for all links that contain a mailto referrer(using hpricot). One use case this doesn't catch is that if the user just typed in an email address(without turning it into a link via tinymce) So here's the basic flow of my method: 1. parse a block of text for all tags with href="mailto:..." 2. replace each tag with a javascript function that changes this into ROT13 (using this script: http://unixmonkey.net/?p=20) 3. once all links are obfuscated, pass the resulting block of text into another function that parses for all emails(this one has an email regex that reverses the email address and then adds a span to that email - to reverse it back) step 3 is supposed to clean the block of text for remaining emails that AREN'T in a href tags(meaning it wasn't parsed by hpricot). Problem with this is that the emails that were converted to ROT13 are still found by my regex. What i want to catch are just emails that WEREN'T CONVERTED to ROT13. How do i do this? well all emails the WERE CONVERTED have a trailing "'.replace" in them. meaning, i need to get all emails WITHOUT that string. so far i have this regex: /\b([A-Z0-9._%+-]+@[A-Z0-9.-]+.[A-Z]{2,4}('.replace))\b/i but this gets all the emails with the trailing '.replace i want to get the opposite and I'm currently stumped with this. any help from regex gurus out there? MORE INFO: Here's the regex + the block of text im parsing: http://www.rubular.com/r/NqXIHrNqjI as you can see, the first two 'email addresses' are already obfuscated using ROT13. I need a regex that gets the emails [email protected] and [email protected]

Read the article
A few tips on deploying Secure Enterprise Search with PeopleSoft

- by Matthew Haavisto

Oracle's Secure Enterprise Search is part of PeopleSoft now. It is provided as part of the Peopltools platform as an appliance, and is used with applications starting with release 9.2. Secure Enterprise Search is a rich and powerful search product that can enhance search and navigation in PeopleSoft applications. It also provides useful features like facets and filtering that are common in consumer search engines.Several questions have arisen about the deployment of SES and how to administer it and insure optimum performance. People have also asked about what versions are supported on various platforms. To address the most common of these questions, we are posting this list of tips.Platform SupportSES 11.1.2.2 does not support some of the platforms supported by PeopleTools, such as Windows 2012 and AIX 7.1. However, PeopleSoft and SES can use different operating system platforms when SES is deployed on a separate machine.SES 11.2.2.2 will have the required platform support for PT 8.53 in the future. We are planning to certify PT 8.53 once the testing is complete in 8.54 development and all platform support is released for 11.2.2.2.ArchitectureWe recommend running SES on a separate machine (from your apps) for two reasons:1. SES bundles specific WebLogic, Java, and Oracle DB versions and might need different OS patches at a minimum than PeopleSoft. By having SES run on a different machine, these pre-requisites can be managed better through their lifecycle independenly for PeopleSoft and SES.2. SES is resource intensive - it runs it's own WebLogic and Oracle database. By having SES run on its own machine, sufficient resources can be allocated to SES and free the PeopleSoft servers from impacts of SES load patterns.We will be providing a comprehensive red paper covering PeopleSoft/SES administration in the near future, but until that is published, we'll post tips on this blog.

Read the article
Accessing Secure Web Services from ADF Mobile

- by Shay Shmeltzer

Most of the enterprise Web services you'll access are going to be secured - meaning they'll require you to pass a user/password in order to get to their data. If you never created a secured Web service, it's simple in JDeveloper! For the below video I just right clicked on a Java class that I exposed as a Web service, and chose "Web Service Properties" and then checked the "oracle/wss_username_token_service_policy" box from the list of options (that's the option supported by ADF Mobile right now): In the demo below we are going to use a "remote" login server that does the authentication of the user/pass.The easiest way to "create" a remote login server is to create a "regular" web ADF application, secure it, and deploy it on a server. The secured ADF application can just require ADF Authentication with a simple HTTP Basic Authentication - basically the next two images in the Application->Secure->Configure ADF Security menu wizard. ok - so now you have a secured ADF application - deploy it on a server and get the URL for that application. From this point on you'll see the process in the video which deals with the configuration of your ADF Mobile app. First you'll need to enable security for your ADF mobile application, so it will prompt users to provide a user/pass combination. You'll also need to configure security on specific features. And you can have them use remote login pointing to your regular secured ADF application. Next define your Web service data control. Right click on the web service data control to "define Web Service Security". You'll also need to define the adfCredentialStoreKey property for the Web Service data control in the connections.xml file. This should be it. Here is the flow: If you haven't already - you can read more about this in the Mobile developer guide, and Andrejus has a sample for you.

Read the article
Antenna Aligner Part 10: Updates and emails…

- by Chris George

Since my last post back in July, I’ve not done huge amounts of work on my app for two reasons. Firstly, no time! Secondly, I wanted to leave it out in the wild for a while and see what happened. Well, what happened? over 1,300 users, that’s what’s happened! This uptake is beyond my wildest expectations, and apart from a couple of issues that I’ll mention in a minute, most of the feedback has been very positive indeed! I’ve had several emails giving me feedback and reporting issues, all of which I have made a point of replying to immediately. This act alone has met with favourable replies! One of the main issues was with iPad. So it turns out that my app is only accurate in portrait mode. Turning it into landscape will offset the direction by +-90degrees! Whoops! I think I’ve fixed this by disabling the orientation switching, but I have not yet had an iPad to test this on. I had several emails from iPod Touch users claiming the app did not work for them. Specifically, the compass view did not work. On investigation, it turns out that the iPod Touch does not have the compass hardware required to do this. Unfortunately there is no way to exclude iPod Touch’s from the list of supported devices, so I’ve just had to make it very clear in the itunes description that the device is not fully supported. You can still get the list of transmitters, but you then have to use a real compass to get the bearing. But that’s not the end of the world. Several customers have requested the aerial polarisation to be displayed in the app. I was already working on this, and the data was already there, it was just a case of displaying this in the UI. I have a solution now, and this will be in the next release. Of course, with the Digital switchover in full swing across the UK, there have been one set of data updates (in 1.0.3), and another is due shortly. This reflects the transmitters as they switch over the digital fully and their power output increased. So all in all I’m very pleased with the feedback I’ve had, and I’m looking to get the next release out there by early December (allowing for the 2-3 week Apple approval lag!)

Read the article
export emails from open-xchnage webmail and import them to horde webmail

- by sam

Im moving hosting and need to move the emails stored with the old domain/hosting, the hosting i want to transfer from uses open-xchange for its webmail and the hosting i want to move to uses horde for their webmail. Is their an automated way from inside of the open xchange webmail, or is there a way i can do it from inside of outlook / mac mail ? not sure if this is the right place for this, if not please advise..

Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >