Search Results

Search found 13000 results on 520 pages for 'declarative security'.

Page 5/520 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Roll Your Own DIY Solar-Powered Security Camera Setup

    - by Jason Fitzpatrick
    If you’re looking to set up a security camera without running power or video lines, this solar-powered version combines a cheap Wi-Fi cam with a home-rolled solar setup to provide surveillance without wires. Courtesy of Reddit user CheapGuitar, the setup combines a dirt cheap off-brand Wi-Fi security camera, a Tupperware container spray painted black, some old camping solar panels, and a battery into a security camera that checks in as long as it’s in range of a Wi-Fi router or repeater. Hit up the link below to check out the build guide. Solar Powered Camera [via Hack A Day] HTG Explains: What Is Windows RT & What Does It Mean To Me? HTG Explains: How Windows 8′s Secure Boot Feature Works & What It Means for Linux Hack Your Kindle for Easy Font Customization

    Read the article

  • WCF Security Transport Security Questions

    - by shyneman
    I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original user's credentials in the header before the client sends the message and then the service will use the supplied credentials to authorize the user. So I have a few questions about this implementation: 1) using transport security with windows auth, I do NOT need to worry about again encrypting the passed credentials to ensure the validity... WCF automatically takes care of this - is this correct? 2) how does this implementation prevent a malicious service, running under some windows account within the domain, to send a message tagged with spoofed credentials. for e.g. a malicious service replaces the credentials with an Admin user to do something bad? Thanks for any help.

    Read the article

  • Security updates for all supported versions of SQL Server

    - by AaronBertrand
    It's patch Tuesday! [ UPDATE June 19 : Please see my follow-up post about this security update.] Today Microsoft released a security bulletin covering several issues that could potentially affect SQL Server; these exploits include remote code execution, denial of service, information disclosure and elevation of privilege. You should test these patches on all machines running SQL Server, including those running only client tools (e.g. Management Studio or Management Studio Express). The updates affect...(read more)

    Read the article

  • Security programming jobs

    - by Mike Smith
    I am a student, about to finish my undergraduate in Computer Science in about a year. I am very interested in computer/network security, but I also love programming. Is there a job or subfield that is a fusion of both? I have programmed everything from games to barcode readers to web bots, and I know for sure that I want to do some kind of programming, but ideally I would like to do some kind of software development involving computer security. Any advice would be appreciated.

    Read the article

  • Latest Security Inside Out Newsletter Now Available

    - by Troy Kitch
    The September/October edition of the Security Inside Out Newsletter is now available. Learn about Oracle OpenWorld database security sessions, hands on labs, and demos you'll want to attend, as well as frequently asked question about Label-Based Access Controls in Oracle Database 11g. Subscriber here for the bi-monthly newsletter.  ...and if you haven't already done so, join Oracle Database on these social networks: Twitter Facebook LinkedIn Google+ 

    Read the article

  • Security Updates Available for SQL Server 2008, 2008 R2, 2012, 2014

    - by AaronBertrand
    If you are running 2008 SP3, 2008 R2 SP2, 2012 SP1 (SP2 is not affected, RTM is no longer supported), or 2014, you'll want to check out Security Bulletin MS14-044 for details on a denial of service / privilege escalation issue that has been patched: http://technet.microsoft.com/en-us/library/security/MS14-044 For SQL Server 2012 and SQL Server 2014, I've blogged about recent builds and recommendations here: http://blogs.sqlsentry.com/team-posts/latest-builds-sql-server-2012/ http://blogs.sqlsentry.com/team-posts/latest-builds-sql-server-2014...(read more)

    Read the article

  • Live Security Talk Webcast: Security Best Practices for Design and Deployment on Windows Azure (Leve

    Developing secure applications and services in the cloud requires knowledge of the threat landscape specific to the cloud provider. The key is understanding threat mitigations implemented by the cloud architecture versus those that are the responsibility of the developer. Register for this exciting live webcast to learn about the threats that are specific to the cloud and how the Windows Azure architecture deals with these threats. We also cover how to use built-in Windows Azure security features...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Windows 8 Security Flaws

    A Feeling of Complacency The amount of hype coming out of the Microsoft camp concerning Windows 8's enhanced security features is pretty high. With an improved Windows Defender integrated into the upcoming operating system, some users may feel that they will have adequate protection against malware and other threats. While the improved protection is a plus, this does not mean that other trusted programs should be avoided, as it is somewhat lazy to believe that Microsoft's integrated protection in Windows 8 will provide all the security that is necessary. Careless Web Surfing The internet of...

    Read the article

  • Spring Security HTTP Basic Authentication

    - by Raspayu
    Hi people! I am trying to do a really simple basic authentication with Spring Security. I have configured properly the namespace, and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security: <security:http> <security:http-basic></security:http-basic> <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="cucu" password="tas" authorities="ROLE_USER" /> <security:user name="bob" password="bobspassword" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> It nearly all goes perfect: the methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor "cucu", neither "bob" can login there. Can anyone see what am I doing wrong? Thanks in advance! ;-)

    Read the article

  • rails declarative authorization, permit all actions for controller?

    - by SooDesuNe
    using the delcarative_authorization gem for rails, is there a shortcut to allow a role access to all controller actions? privileges do # default privilege hierarchies to facilitate RESTful Rails apps privilege :manage, :includes => [:create, :read, :update, :delete] end isn't sufficient, because I have more controlling methods than just CRUD in my controllers. Something like: role :foo do has_permission_on :bar, :to =>[:all] end would be perfect, but I'm not finding it in the docs.

    Read the article

  • C++ Declarative Parsing Serialization

    - by Martin York
    Looking at Java and C# they manage to do some wicked processing based on special languaged based anotation (forgive me if that is the incorrect name). In C++ we have two problems with this: 1) There is no way to annotate a class with type information that is accessable at runtime. 2) Parsing the source to generate stuff is way to complex. But I was thinking that this could be done with some template meta-programming to achieve the same basic affect as anotations (still just thinking about it). Like char_traits that are specialised for the different types an xml_traits template could be used in a declaritive way. This traits class could be used to define how a class is serialised/deserialized by specializing the traits for the class you are trying to serialize. Example Thoughs: template<typename T> struct XML_traits { typedef XML_Empty Children; }; template<> struct XML_traits<Car> { typedef boost::mpl::vector<Body,Wheels,Engine> Children; }; template<typename T> std::ostream& Serialize(T const&) { // my template foo is not that strong. // but somthing like this. boost::mpl::for_each<typename XML_Traits<T>::Children,Serialize>(data); } template<> std::ostream& Serialize<XML_Empty>(T const&) { /* Do Nothing */ } My question is: Has anybody seen any projects/decumentation (not just XML) out there that uses techniques like this (template meta-programming) to emulate the concept of annotation used in languges like Java and C# that can then be used in code generation (to effectively automate the task by using a declaritive style). At this point in my research I am looking for more reading material and examples.

    Read the article

  • Security in a private web service

    - by Oni
    I am developing a web site and a web service for a small on-line game. Technically, I'll be using Express (node.js) and MongoDB+Redis for the databases. This the structure I came up with: One Express server that will server as the Web Service. This will connect to the databases. One Express server that will provide the web site. It will connect to the Web Service to retrieve and push the information. iOS and Android application will be able to interact with the WebService. Taking into account: It is a small game. The information transferred is not critical. There will NOT be third party applications. At least for the moment. My concern is about which level of security I should use in each of the scenarios: Security of the user playing through web browser Security of the applications and the Web Server connecting to the WS. I have take a look at the different options and: OAuth and/or Https is too much for this scenario, isn't it? Will be a good option to hash the user and password with MD5(or similar) and some salt? I would like to get some directions and investigate by my own rather than getting a response like "you should you use this node.js module..." Thanks in advance,

    Read the article

  • TDE Tablespace Encryption 11.2.0.1 Certified with EBS 12

    - by Steven Chan
    Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  11.2.0.1 TDE Column encryption was certified with E-Business Suite 12 as part of our overall 11.2.0.1 database certification.  As of today, 11.2.0.1 TDE Tablespace encryption is now certified with Oracle E-Business Suite Release 12. What is Transparent Data Encryption (TDE) ? Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers. TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

    Read the article

  • Address Regulatory Mandates for Data Encryption Without Changing Your Applications

    - by Troy Kitch
    The Payment Card Industry Data Security Standard, US state-level data breach laws, and numerous data privacy regulations worldwide all call for data encryption to protect personally identifiable information (PII). However encrypting PII data in applications requires costly and complex application changes. Fortunately, since this data typically resides in the application database, using Oracle Advanced Security, PII can be encrypted transparently by the Oracle database without any application changes. In this ISACA webinar, learn how Oracle Advanced Security offers complete encryption for data at rest, in transit, and on backups, along with built-in key management to help organizations meet regulatory requirements and save money. You will also hear from TransUnion Interactive, the consumer subsidiary of TransUnion, a global leader in credit and information management, which maintains credit histories on an estimated 500 million consumers across the globe, about how they addressed PCI DSS encryption requirements using Oracle Database 11g with Oracle Advanced Security. Register to watch the webinar now.

    Read the article

  • SQLAuthority News – Wireless Router Security and Attached Devices – Complex Password

    - by pinaldave
    In the last four days (April 21-24), I have received calls from friends who told me that they have got strange emails from me. To my surprise, I did not send them any emails. I was not worried until my wife complained that she was not able to find one of the very important folders containing our daughter’s photo that is located in our shared drive. This was alarming in my par, so I started a search around my computer’s folders. Again, please note that I am by no means a security expert. I checked my entire computer with virus and spyware, and strangely, there I found nothing. I tried to think what can cause this happening. I suddenly realized that there was a power outage in my area for about two hours during the days I have mentioned. Back then, my wireless router needed to be reset, and so I did. I had set up my WPA-PSK [TKIP] + WPA2-PSK [AES] very well. My key was very simple ( ‘SQLAuthority1′), and I never thought of changing it. (It is now replaced with a very complex one). While checking the Attached Devices, I found out that there was another very strange computer name and IP attached to my network. And so as soon as I found out that there is strange device attached to my computer, I shutdown my local network. Afterwards, I reconfigured my wireless router with a more complex security key. Since I created the complex password, I noticed that the user is no more connecting to my machine. Subsequently, I figured out that I can also set up Access Control List. I added my networked computer to that list as well. When I tried to connect from an external laptop which was not in the list but with a valid security key, I was not able to access the network, neither able to connect to it. I wasn’t also able to connect using a remote desktop, so I think it was good. If you have received any nasty emails from me (from my gmail account) during the afore-mentioned days, I want to apologize. I am already paying for my negligence of not putting a complex password; by way of losing the important photos of my daughter. I have already checked with my client, whose password I saved in SSMS, so there was no issue at all. In fact, I have decided to never leave any saved password of production server in my SSMS. Here is the tip SQL SERVER – Clear Drop Down List of Recent Connection From SQL Server Management Studio to clean them. I think after doing all this, I am feeling safe right now. However, I believe that safety is an illusion of many times. I need your help and advice if there is anymore I can do to stop unauthorized access. I am seeking advice and help through your comments. Reference : Pinal Dave (http://www.SQLAuthority.com) Filed under: SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology

    Read the article

  • What are some topics you'd like to see covered in an 'Introduction to Network Security' book?

    - by seth.vargo
    I'm trying to put together a list of topics in Network Security and prioritize them accordingly. A little background on the book - we are trying to gear the text towards college students, as an introduction to security, and toward IT professionals who have recently been tasked with securing a network. The idea is to create a book that covers the most vital and important parts of securing a network with no assumptions. So, if you were a novice student interested in network security OR an IT professional who needed a crash course on network security, what topics do you feel would be of the upmost importance in such a text?

    Read the article

  • Spring Security RememberMe Services with Session Cookie

    - by Jarrod
    I am using Spring Security's RememberMe Services to keep a user authenticated. I would like to find a simple way to have the RememberMe cookie set as a session cookie rather than with a fixed expiration time. For my application, the cookie should persist until the user closes the browser. Any suggestions on how to best implement this? Any concerns on this being a potential security problem? The primary reason for doing so is that with a cookie-based token, any of the servers behind our load balancer can service a protected request without relying on the user's Authentication to be stored in an HttpSession. In fact, I have explicitly told Spring Security to never create sessions using the namespace. Further, we are using Amazon's Elastic Load Balancing, and so sticky sessions are not supported. NB: Although I am aware that as of Apr. 08, Amazon now supports sticky sessions, I still do not want to use them for a handful of other reasons. Namely that the untimely demise of one server would still cause the loss of sessions for all users associated with it. http://aws.amazon.com/about-aws/whats-new/2010/04/08/support-for-session-stickiness-in-elastic-load-balancing/

    Read the article

  • Oracle for PCI-DSS Security Webcast

    - by Alex Blyth
    Thanks to everyone who attended the Oracle for PCI-DSS security webcast today. It was good to see how the products we talked about last week can be used to address the PCI standard requirements. A big thanks to Chris Pickett for presenting a great session and running us through a very cool demo showing how the data is protected through out its life. The replay of the session can be downloaded here. Slides and be down loaded here. Oracle for PCI-DSS Security Compliance View more presentationsfrom Oracle Australia. Next week we resume our regular schedule with Andrew Clarke taking us through Oracle Application Express (APEX) - one of the best kept secrets in the Oracle Database. Enroll for this session here (and now :) ) Till next week Cheers Alex

    Read the article

  • WebGL, security, and Microsoft

    - by 3412132
    I was writing a post about a link I saw, but realized it was also about what companies do to this industry, so I'd like to ask your opinions on that first (the original post is below). Is it ok for companies to act childish (not wanting to share, not-invented-here syndrome, etc)? ORIGINAL POST: http://news.cnet.com/8301-30685_3-20071726-264/microsoft-declares-webgl-harmful-to-security/ What gives? I understand they're making some real points here, but haven't they been doing similar things with ActiveX? Also who are they to talk when their browser has more security problems than modern browsers do?

    Read the article

  • security stuff's

    - by raghu.yadav
    http://fmwdocs.us.oracle.com/doclibs/fmw/E10285_01/appslib7/web.1111/b31974/adding_security.htm#BGBGJEAH At design time, JDeveloper saves all policy store and identity store changes in a single file for the entire application. In the development environment, this is the jazn-data.xml file. After you configure the jazn-data.xml file using the editors, you can run the application in Integrated WebLogic Server and the contents of the policy store will be added to the domain-level store, the system-jazn-data.xml file, while the test users will be migrated to the embedded LDAP server that Integrated WebLogic Server uses for its identity store. The domain-level store allows you to test the security implementation by logging on as test users that you have created. looks like above part did went well with me, apart from following all instruction provided in doc, I need to create users from adminconsole in security-realms-Users and Groups sections to successfully login to pages.

    Read the article

  • [GEEK SCHOOL] Network Security 3: Windows Defender and a Malware-Free System

    - by Ciprian Rusen
    In this second lesson we are going to talk about one of the most confusing security products that are bundled with Windows: Windows Defender. In the past, this product has had a bad reputation and for good reason – it was very limited in its capacity to protect your computer from real-world malware. However, the latest version included in Windows 8.x operating systems is much different than in the past and it provides real protection to its users. The nice thing about Windows Defender in its current incarnation, is that it protects your system from the start, so there are never gaps in coverage. We will start this lesson by explaining what Windows Defender is in Windows 7 and Vista versus what it is in Windows 8, and what product to use if you are using an earlier version. We next will explore how to use Windows Defender, how to improve its default settings, and how to deal with the alerts that it displays. As you will see, Windows Defender will have you using its list of quarantined items a lot more often than other security products. This is why we will explain in detail how to work with it and remove malware for good or restore those items that are only false alarms. Lastly, you will learn how to turn off Windows Defender if you no longer want to use it and you prefer a third-party security product in its place and then how to enable it back, if you have changed your mind about using it. Upon completion, you should have a thorough understanding of your system’s default anti-malware options, or how to protect your system expeditiously. What is Windows Defender? Unfortunately there is no one clear answer to this question because of the confusing way Microsoft has chosen to name its security products. Windows Defender is a different product, depending on the Windows operating system you are using. If you use Windows Vista or Windows 7, then Windows Defender is a security tool that protects your computer from spyware. This but one form of malware made out of tools and applications that monitor your movements on the Internet or the activities you make on your computer. Spyware tends to send the information that is collected to a remote server and it is later used in all kinds of malicious purposes, from displaying advertising you don’t want, to using your personal data, etc. However, there are many other types of malware on the Internet and this version of Windows Defender is not able to protect users from any of them. That’s why, if you are using Windows 7 or earlier, we strongly recommend that you disable Windows Defender and install a more complete security product like Microsoft Security Essentials, or third-party security products from specialized security vendors. If you use Windows 8.x operating systems, then Windows Defender is the same thing as Microsoft Security Essentials: a decent security product that protects your computer in-real time from viruses and spyware. The fact that this product protects your computer also from viruses, not just from spyware, makes a huge difference. If you don’t want to pay for security products, Windows Defender in Windows 8.x and Microsoft Security Essentials (in Windows 7 or earlier) are good alternatives. Windows Defender in Windows 8.x and Microsoft Security Essentials are the same product, only their name is different. In this lesson, we will use the Windows Defender version from Windows 8.x but our instructions apply also to Microsoft Security Essentials (MSE) in Windows 7 and Windows Vista. If you want to download Microsoft Security Essentials and try it out, we recommend you to use this page: Download Microsoft Security Essentials. There you will find both 32-bit and 64-bit editions of this product as well versions in multiple languages. How to Use and Configure Windows Defender Using Windows Defender (MSE) is very easy to use. To start, search for “defender” on the Windows 8.x Start screen and click or tap the “Windows Defender” search result. In Windows 7, search for “security” in the Start Menu search box and click “Microsoft Security Essentials”. Windows Defender has four tabs which give you access to the following tools and options: Home – here you can view the security status of your system. If everything is alright, then it will be colored in green. If there are some warnings to consider, then it will be colored in yellow, and if there are threats that must be dealt with, everything will be colored in red. On the right side of the “Home” tab you will find options for scanning your computer for viruses and spyware. On the bottom of the tab you will find information about when the last scan was performed and what type of scan it was. Update – here you will find information on whether this product is up-to-date. You will learn when it was last updated and the versions of the definitions it is using. You can also trigger a manual update. History – here you can access quarantined items, see which items you’ve allowed to run on your PC even if they were identified as malware by Windows Defender, and view a complete list with all the malicious items Windows Defender has detected on your PC. In order to access all these lists and work with them, you need to be signed in as an administrator. Settings – this is the tab where you can turn on the real-time protection service, exclude files, file types, processes, and locations from its scans as well as access a couple of more advanced settings. The only difference between Windows Defender in Windows 8.x and Microsoft Security Essentials (in Windows 7 or earlier) is that, in the “Settings” tab, Microsoft Security Essentials allows you to set when to run scheduled scans while Windows Defender lacks this option.

    Read the article

  • Security issue about making my code public in GitHub

    - by John Doe
    I'm developing a big community/forum website and I'd like to upload my code to GitHub to have at least some sort of version control over it (because I have nothing other than a .rar file as a backup, not even SVN), to let others contribute to the project, and also perhaps using it to let my potential future employers see some of my code as some sort of curriculum. But what I'm wondering now, and I'm suprised I haven't seen anyone mention it before is the security aspect of it. Isn't publishing the code of a website a HUGE security hole? Is like giving a potential hacker or anyone who would like to find any potential exploit possible, even considering that the critical files aren't uploaded (database passwords, authentication scripts, etc.). Of course that there are millions of projects uploaded to GitHub and no one will find mine just 'by chance'. But if they look for it, it would indeed be there. Bottomline: my problem is not about copyright or licenses, but others finding exploits in my website. I'm I missing something here?

    Read the article

  • Should security updates 'always' be installed?

    - by kmansoor
    We are a small shop, no real sysadmin. So developers (Java EE) also try to maintain Ubuntu server 12.0.4. When I login a terminal and I see messages like: 6 packages can be updated. 6 updates are security updates. Should all security updates always be installed? can some be ignored? Should these be acted upon immediately? Or one could wait for 2:00 AM coming Sunday? Is there a way to know a 'critical' update? Is there a good sysadmin for dummies resource I should be reading?

    Read the article

  • Security Tips for super user in Ubuntu 11.10?

    - by Gaurav_Java
    Ubuntu is a relatively safe but this should not prevent you to be vigilant. I'm working on securing Ubuntu 11.10 and was looking for every tip to secure my Ubuntu 11.10 and upcoming version 12.04. I go through this question . But my Question is Begin as Super User and as Normal user also. Which is Best tools which I can use for preventing my data? What Services and features I Enable Manually after installing ubuntu ? What security measure I should take? What i don't do ? What are other precaution some takes as super user? what are Normal security stay patched in ubuntu? and if i am missing something then please add them

    Read the article

  • Microsoft Ramps up Security in Windows 8

    To the average consumer, improvements in the realm of security may not have the most appeal with it comes to a new working environment such as Windows 8. After all, the operating system's future release is expected to offer such flashy bells and whistles as a nifty Metro interface, a tile-based Start screen that provides a quick jump to different functions, and much more. Although these stylish features may be what jumps out at first, it is going to be hard to deny the usefulness and virtual necessity of Windows 8's new security features. The number of consumers who have turned to the intern...

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >