Search Results

Search found 292 results on 12 pages for 'insecure'.

Page 6/12 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Recursive reset file permissions on Windows

    - by Peter Horvath
    There is a big, complex directory structure on a relative big NTFS partition. Somebody managed to put very bad security privileges onto it - there are directories with randomly given/denied permissions, etc. I already run into permission bugs multiple times, and I found insecure permission settings multiple times (for example, write permissions for "Everyone", or false owners). I don't have time to check everything by hand (it is big). But luckily, my wishes are very simple. The most common: read/write/execute on anything for me, and maybe read for Everyone. Is it possible to somehow remove all security data from a directory and giving my (simple) wishes to overwrite everything there? On Unix, I used a chown -R ..., chmod -R ... command sequence. What is its equivalent on Windows?

    Read the article

  • How to manage credentials on multiserver environment

    - by rush
    I have a some software that uses its own encrypted file for password storage ( such as ftp, web and other passwords to login to external systems, there is no way to use certificates ). On each server I've several instances of this software, each instance has its own password file. At the moment number of servers is permanently growing and it's getting harder and harder to manage all passwords on all instances up to date. Unfortunately, some servers are in cegregated network and there is no access from them to some centralized storage, but it works vice versa. My first idea was to create a git repository, encrypt each password with gpg and store it there and deliver it within deployment system, but security team was not satisfied with this idea and as it is insecure to store passwords in repository even in encrypted view ( from their words ). Nothing similar comes to my mind. Is there any way to implement safe and secure password storage with minimal effort to manage all passwords up-to-date? ps. if that matters I've red hat everywhere.

    Read the article

  • What compatibility trade-offs do we need to make in order to use a hardened SSL config for Nginx?

    - by nathan.f77
    I found some hardened SSL settings in github.com/ioerror/duraconf. Here is the header from the config: This is an example of a high security, somewhat compatible SSLv3 and TLSv1 enabled HTTPS proxy server. The server only allows modes that provide perfect forward secrecy; no other modes are offered. Anonymous cipher modes are disabled. This configuation does not include the HSTS header to ensure that users do not accidentally connect to an insecure HTTP service after their first visit. It only supports strong ciphers in PFS mode: ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols SSLv3 TLSv1; If we were to use these settings on our website, what does "somewhat compatible" mean? For example, would IE6 still be able to connect?

    Read the article

  • How to maintain PCI compliance on a LAMP server when repositories don't keep up with versions

    - by Jared Green
    We run Ubuntu Lucid 10.0.4 as the foundation of our LAMP environment. We are trying to become PCI compliant so that we can pass CC info through our server. We have run some third-party scans on our servers to begin the certification process and have run into errors regarding PHP 5 versions and Apache versions. The latest PHP version hosted in our official lucid repository is about 10 versions lower than what PCI compliance requires. How do we upgrade to stay current with PCI compliance requirements? We need to get from php 5.3.2 to php 5.3.15 As well as up to apache 2.2.23 I've searched far and wide for an answer and haven't come up with a realistic answer. Some recommend compiling manually - which sounds like a nightmare, and others recommend a PPA - which sounds insecure. What should we do?

    Read the article

  • User for MSSQL 2008 Service Accounts

    - by Campo
    I want to create a Domain User that runs the SQL Service Accounts. The reason for this is that I have setup mirroring and MS recommends having the same user (a domain user account) running the services across all the the computers in the configuration to ensure mirroring will work properly. Right now in the test environment I just had them run under my user for simplicity. But now that I know what I am doing I would like to test the configuration more accurately. I am also aware that it makes things much simpler if this user is an administrator. My question is. Should I just create a simple user SQLSERVICEUSER and make it an administrator? Seems a little insecure to me. Anyone have a more elegant solution?

    Read the article

  • Securely wiping a file on a tmpfs

    - by Nanzikambe
    I have a script that decrypts some data to a tmpfs, the directory is secure (permissions), the machine's swap is encrypted (random key on boot) and when the script is done it does a 35 pass wipe (Peter Gutmann) of the cleartext on the tmpfs . I do this because I'm aware wiping files on a journaling file system is insecure, data may be recovered. For discussion, here're the relevant bits extracted: # make the tmpfs mkdir /mnt/tmpfs chmod 0700 /mnt/tmpfs mount -t tmpfs -o size=1M tmpfs /mnt/tmpfs cd /mnt/tmpfs # decrypt the data gpg -o - <crypted_input_file> | \ tar -xjpf - # do processing stuff # wipe contents find . -type f -exec bcwipe -I {} ';' # nuke the tmpfs cd .. umount -f /mnt/tmpfs rm -fR /mnt/tmpfs So, my question, assuming for the moment that nobody is able to read the cleartext in the tmpfs while it exists (I use umask to set cleartext to 0600), is there any way any trace of the cleartext could remain either in memory or on disk after the snippet above completes?

    Read the article

  • Installing Windows 8 over Windows 7 with Ubuntu installed using wubi (both on `C:\`)

    - by peat-ar
    Current state I'm using both - Ubuntu (installed via Wubi on the same drive as Windows) and Windows 7 - quite frequently. I just bought the upgrade to Windows 8 and was curious to try it out, however I'm quite insecure whether Windows 8's "secure boot" will exclude my current Ubuntu installation and if it's even possible to keep it. So... is there any way to upgrade to Windows 8 without overwriting Ubuntu? (I really don't want to reinstall it, as a lot of customization has been done here and taking backups and all would get pretty wearing (same case for Windows 7 - if possible, I'd like to keep my files)) This is not a dublicate of Installing Windows 8 over Windows 7 with Ubuntu installed using wubi? because this question only deals with the case when Ubuntu has been installed on (e.g.) D:\ (while Windows is being installed on C:\)

    Read the article

  • unwanted password prompt pops up on web server?

    - by Paul
    my web server randomly asks for a password as though basic authentication is turned on. It's an IIS 7 web server and you have to specifically install basic authentication in the roles section. It isn't installed. The message that pops up is "Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)" I cannot reproduce the problem but a number of customers have reported the problem and it only seems to appear to a small number of customers. It pops up when they visit the homepage, nothing is generated by the IIS logs to indicate a password box is being served (e.g. no 401 errors etc) Can anyone offer any advice? Thanks

    Read the article

  • mount: mount to NFS server 'IPADDRESS' failed: RPC Error: Program not registered

    - by matt74tm
    I've got two Redhat5/CentOS systems which share a folder. I'm trying to change the shared folder location, but I ran into this error on the machine on which the folder is mounted... How can I correct this? I rebooted the computer but to no avail. Server1 - where its "mounted" /etc/fstab IPADDRESS2:/opt/programA/common/files /srv/server2-share nfs rw,intr 0 0 Server2 - where its "shared" /etc/exports /opt/programA/common/files IPADDRESS1/28(rw,insecure,sync,no_root_squash) Ran the following on Server2 root@server2 [~]# /etc/init.d/nfs start root@server2 [~]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd root@server2 [~]# /etc/init.d/nfs status rpc.mountd (pid 10204) is running... nfsd (pid 10201 10200 10199 10198 10197 10196 10195 10194) is running... rpc.rquotad (pid 10189) is running...

    Read the article

  • SSL certificate: unable to get local issuer certificate

    - by celwell
    I'm running Debian (Lenny). When I run this: curl --ssl https://www.google.com I get this error: curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

    Read the article

  • CentOS / Redhat: Give file permission for apache and vsftp

    - by paskster
    I use CentOS 5.5 and Apache Webserver on my dedicated Server. My Folder "/var/www/myWebApp" is owned by apache, so that apache can read, write logs, etc.. But now I would like to use very secure FTP (vsftp) to upload my new files. I used to give every user rwx -Acess to "/var/www/myWebApp", but I guess this is way to insecure. On CentOS I created another user "ftpuser" for uploading files and that has "/var/www/myWebApp" as its home directory. How can I give him the permission to write into the "/var/www/myWebApp" without giving every user the same rights?

    Read the article

  • Mounting FTP as filesystem in debian using curlftpfs

    - by Karel Bílek
    I am trying to mount a FTP as filesystem in debian using curlftpfs. What I get after running curlftpfs -o allow_other username:[email protected] /mnt/myftp/ is just: fuse: failed to open /dev/fuse: Permission denied even when run as root. What am I doing wrong? (curlftpfs is in version curlftpfs 0.9.2 libcurl/7.21.0 fuse/2.8) edit: When I write ls -lah /dev/fuse, I see crw-rw---- 1 root fuse 10, 229 Apr 9 00:34 /dev/fuse ...but even when I add both myself and user root to group fuse, neither me (as a user) or user root can mount ftp, I still see fuse: failed to open /dev/fuse: Permission denied edit2: Even if I write this fairly insecure and crazy line: sudo chmod a+rwx /dev/fuse I still get the permission denied message. Which permissions could be denied? edit3: I forgot to mention I am on VPS with OpenVZ. I thought that there is no issue with this, but apparently, there is! I am adding the resolution as the answer.

    Read the article

  • How to secure Firefox traffic (+DNS) through SOCKS proxy under Ubuntu 10.04?

    - by Maarx
    I'm using Ubuntu 10.04, and starting a SOCKS proxy with 'ssh -D', and setting Ubuntu to use it with "System - Preferences - Network Proxy". Firefox uses the proxy, and the proxy's IP appears when I visit a site like http://www.whatismyip.com/. My question is, is Firefox resolving DNS requests through this proxy? Is my web-browsing truly secure? (That is, until I exit the other end of the proxy. I know it's insecure after that.) (And I've verified the keys, I'm not being man-in-the-middled) (And--screw it. You know what I mean. Is it resolving DNS requests through the proxy?) I don't know how I would go about verifying such a thing for myself. Using additional hardware such as another debugging proxy is not an option. If Firefox isn't resolving my DNS requests through the SOCKS proxy, how do I go about fixing it?

    Read the article

  • Postfix Inbound/Outbound Gateway for Google Apps

    - by geofflee
    I currently have a Postfix/Dovecot setup, but our server is hitting capacity, so we decided to switch to Google Apps. However, we have certain web applications that need to send and receive e-mail directly (for example, e-mail being redirected to a script). What I want to do is host certain e-mail accounts with Google Apps, while my current server continues to manage other e-mail accounts. I assume this means that I would use my current server as an Inbound/Outbound Gateway, so my questions are: 1) How do I setup Postfix as an Outbound Gateway without making it an (insecure) open relay? 2) How do I setup Postfix as an Inbound Gateway so that only certain e-mail addresses are forwarded to Google Apps? Thank you!

    Read the article

  • Plesk 9.2.1 reporting much more SMTP traffic than the logs indicate

    - by Eric3
    Plesk is reporting nearly 7GB of SMTP traffic so far this month on one domain, most of it outgoing. However, after running qmail's mail logs (which only go back to May 8) through Sawmill, only about 900MB of traffic on that domain is accounted for. What I know so far: Email sent via PHP's mail() function is sent through sendmail, which has been logging its output via syslog to the same logs that qmail uses, at /usr/local/psa/var/log/ Messages sent by logging in directly via Telnet are logged as well I verified that Plesk is reporting totals correctly by creating a new domain, sending some large emails through it, running Plesk's statistics calculation script, and comparing its reported totals to the actual size of the emails sent The problem domain did have three mail accounts with blank or insecure passwords, which I corrected Does anyone know how Plesk calculates SMTP traffic statistics? Are there some log files elsewhere that I'm missing? What kind of SMTP traffic would Plesk know about that isn't being logged?

    Read the article

  • Provisioning SIP Phones over the internet

    - by Jorge Fernandez
    I have a few SIP Phones that are located of site and connect to my PBX over the internet to make calls. For some reason one of these phones has become unprovisioned. In my office phones get provisioned by the server via TFTP. The ones that I have off site I pre-provisioned manually before I sent them off-site (I'm in Florida the phone is in New Jersey). Whats the best way to provision these over the internet? TFTP is very insecure. Sending the plain text profiles with the SIP Account and Password over the internet is out of the question. The phones have been off-site for about 6 months without any issues. Im using Trixbox and Cisco 7940 Phones.

    Read the article

  • www-data is unable to write to an NFS share

    - by Bastian
    On Debian Squeeze, I created an NFS share with these options rw,sync,no_root_squash,no_subtree_check,insecure and on the other Debian Squeeze I can successfully mount it and read write with root, but this share is intended to be used by Apache. I changed the permission to 777 just to make sure. And still, the www-data user can read, create files but not write to them! It does not sound to me like the typical permissions problem, maybe something related to NFS, a lock problem that I am not aware of. Any idea is welcome.

    Read the article

  • Hp Procurve Switch : port filtered

    - by user117140
    My HP Procurve switch is blocking port 22 and I dont know how to unblock it.Please let me know From the server, see port 22 is blocked [root@server ~]#nmap -p22,80,443 10.247.172.70 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-04-16 14:12 IST mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers Interesting ports on 10.247.172.70: PORT STATE SERVICE 22/tcp filtered ssh ------------------> see 80/tcp filtered http 443/tcp filtered https This is blocked on cisco switch but I dont have any clue how this is done. I know that vlan is configured on switch. vlan 54 ip ospf 10.247.172.65 area 0.0.0.10 vrrp vrid 54 owner virtual-ip-address 10.247.172.65 255.255.255.192 priority 255 enable exit exit Please let me know how to unblock ssh port 22 access on this switch?

    Read the article

  • NFS Issues in Gnome

    - by Alex
    I mount NFSv4 export via /etc/fstab and mount and use the shared folder in nautilus. There are two issues: When I copy a large file (around 4 GB) to the NFS server, the progress bar rapidly goes to 2 GB and then basically stops moving. But the copy s still in progress - it is just not displayed well When I disconnect from the network without unmounting the nfs share, nautilus freezes. How can I work around that? /etc/export on the server /export/share 192.168.0.0/24(rw,sync,insecure,no_subtree_check,anonuid=1000,anongid=1000) /etc/fstab on the client: server:/share /mnt nfs4 soft,tcp

    Read the article

  • chroot for unsecure programs execution

    - by attwad
    Hi, I have never set-up a chroot-jailed environment before and I am afraid I need some help to do it well. To explain shortly what this is all about: I have a webserver to which users send python scripts to process various files that are stored on the server (the system is for Research purpose). Everyday a cron job starts the execution of the uploaded scripts via a command of this kind: /usr/bin/python script_file.py All of this is really insecure and I would like to create a jail in which I would copy the necessary files (uploaded scripts, files to process, python binary and dependencies). I already looked at various utilities to create jails but none of them seemed up-to-date or were lacking solid documentation (ie. the links proposed in How can I run an untrusted python script) Could anyone guide me to a viable solution to my problem? like a working example of a script that creates a jail, put some files in it and executes a python script? Thank you very much.

    Read the article

  • Firewall still blocking port 53 despite listing otherwise?

    - by Tom
    I have 3 nodes with virtually the same iptables rules loaded from a bash script, but one particular node is blocking traffic on port 53 despite listing it's accepting it: $ iptables --list -v Chain INPUT (policy DROP 8886 packets, 657K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 2 122 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 20738 5600K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- eth1 any anywhere node1.com multiport dports http,smtp 0 0 ACCEPT udp -- eth1 any anywhere ns.node1.com udp dpt:domain 0 0 ACCEPT tcp -- eth1 any anywhere ns.node1.com tcp dpt:domain 0 0 ACCEPT all -- eth0 any node2.backend anywhere 21 1260 ACCEPT all -- eth0 any node3.backend anywhere 0 0 ACCEPT all -- eth0 any node4.backend anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 15804 packets, 26M bytes) pkts bytes target prot opt in out source destination nmap -sV -p 53 ns.node1.com // From remote server Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST Interesting ports on ns.node1.com (1.2.3.4): PORT STATE SERVICE VERSION 53/tcp filtered domain Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds Any ideas? Thanks

    Read the article

  • How do I securely store and manage 180 passwords?

    - by Sammy
    I have about 180 passwords for different websites and web services. They are all stored in one single password protected Excel document. As the list gets longer I am more and more concerned about its security. Just how secure, or should I say insecure, is a password protected Excel document? What's the best practice for storing this many passwords in a secure and easy manageable way? I find the Excel method to be easy enough, but I am concerned about the security aspect.

    Read the article

  • Access requires a username and password

    - by articles
    Access requires a username and password Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection) I am getting this above message. I have hosted a website in godaddy hosting space. But when i run it.. it is prompt for User name and Password (above message). I am not using windows authentications in my website.... Moreover, i have test my website code on testing server....it never prompts for this message unless Integrated Windows Authentication is checked. Any help is appreciated.. Thanks

    Read the article

  • Browser keeps being really rude to me today

    - by j-t-s
    Hi All I've had this problem only once before, years ago. I bought a new computer the other day and last night I visited a website which Google Chrome suspected was an insecure site. So I proceeded to view the page anyway (Stupid, I know... But I was curious), and all of a sudden the window closed and ever since, every few minutes either Google chrome or Internet Explorer keeps popping up with random websites, most of which are porn-related sites. I have downloaded ZoneAlarm, IOBit 360, Eset Smart Security and none of them reported any problems. I still have the rube browser problem. Can somebody please suggest any software/ways to fix this? (Other than to reformat please :)) Thank you :)

    Read the article

  • Cannot access Nagios Web Interface

    - by Dominiqs
    After successfully installing Nagios core 3.4.1 (i also installed plug-in1.4.11) on our linux rhel 5.3 server i cannot login to the nagios web interface.I am running apache 2.2.3 I am using internet explorer 8 and also firefox 3.6.3 When i try to enter the url http//localhost/nagios/ on a desktop (on the same network as the Nagios server)it does seem to like it but if i try http//x.x.x.x/nagios/ (where x.x.x.x is the IP address of my nagios server) it likes it but then the authentication popup appears after entering the password and username(nagiosadmin) it throws the errors below The server x.x.x.x at Nagios access requires a username and password Warning this server is requesting that your username and password be sent in an insecure manner(basic authentication without a secure connection) After a few attempts i get error 401 authentication required error from internet explorer ;this server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials or your browser doesnt understand how to supply the credentials required. Help Please anyone..seems like an authentication issue

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12  | Next Page >