Search Results

Search found 12717 results on 509 pages for 'ouaf security'.

Page 6/509 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • chrome extension login security with iframe

    - by Weaver
    I should note, I'm not a chrome extension expert. However, I'm looking for some advice or high level solution to a security concern I have with my chrome extension. I've searched quite a bit but can't seem to find a concrete answer. The situation I have a chrome extension that needs to have the user login to our backend server. However, it was decided for design reasons that the default chrome popup balloon was undesirable. Thus I've used a modal dialog and jquery to make a styled popup that is injected with content scripts. Hence, the popup is injected into the DOM o the page you are visiting. The Problem Everything works, however now that I need to implement login functionality I've noticed a vulnerability: If the site we've injected our popup into knows the password fields ID they could run a script to continuously monitor the password and username field and store that data. Call me paranoid, but I see it as a risk. In fact,I wrote a mockup attack site that can correctly pull the user and password when entered into the given fields. My devised solution I took a look at some other chrome extensions, like Buffer, and noticed what they do is load their popup from their website and, instead, embed an iFrame which contains the popup in it. The popup would interact with the server inside the iframe. My understanding is iframes are subject to same-origin scripting policies as other websites, but I may be mistaken. As such, would doing the same thing be secure? TLDR To simplify, if I embedded an https login form from our server into a given DOM, via a chrome extension, are there security concerns to password sniffing? If this is not the best way to deal with chrome extension logins, do you have suggestions with what is? Perhaps there is a way to declare text fields that javascript can simply not interact with? Not too sure! Thank you so much for your time! I will happily clarify anything required.

    Read the article

  • Custom Glassfish Security Realm does not work (unable to find LoginModule)

    - by ifischer
    I'm trying to get a Custom Security Realm in Glassfish working (i tried 3.0.1 final and 3.1 B33). I read nearly all tutorials about this, but it doesn not work on my System. I'm getting the error Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule when trying to login. Here is what i did: I created a little Maven project, which contains the needed Realm class, CustomRealm, and the corresponding LoginModule, CustomLoginModule. My pom.xml: <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany</groupId> <artifactId>CustomJDBCRealm</artifactId> <version>1.0-SNAPSHOT</version> <packaging>jar</packaging> <name>Custom JDBCRealm</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.glassfish.security</groupId> <artifactId>security</artifactId> <version>3.1-b33</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.6</source> <target>1.6</target> <optimise>true</optimise> <debug>true</debug> <encoding>UTF-8</encoding> </configuration> </plugin> </plugins> </build> </project> My Custom Realm class: package de.company.security.utility; import com.sun.appserv.security.AppservRealm; import com.sun.enterprise.security.auth.realm.BadRealmException; import com.sun.enterprise.security.auth.realm.InvalidOperationException; import com.sun.enterprise.security.auth.realm.NoSuchRealmException; import com.sun.enterprise.security.auth.realm.NoSuchUserException; import java.util.Enumeration; import java.util.Properties; import java.util.Vector; /** * * @author ifischer */ public class CustomRealm extends AppservRealm { Vector<String> groups = new Vector<String>(); private String jaasCtxName; private String startWith; @Override public void init(Properties properties) throws BadRealmException, NoSuchRealmException { jaasCtxName = properties.getProperty("jaas-context", "customRealm"); startWith = properties.getProperty("startWith", "z"); groups.add("dummy"); } @Override public String getAuthType() { return "Custom Realm"; } public String[] authenticate(String username, char[] password) { // if (isValidLogin(username, password)) return (String[]) groups.toArray(); } @Override public Enumeration getGroupNames(String username) throws InvalidOperationException, NoSuchUserException { return groups.elements(); } @Override public String getJAASContext() { return jaasCtxName; } public String getStartWith() { return startWith; } } My LoginModule class: /* * Copyright (c) 2010 ProfitBricks GmbH. All Rights Reserved. */ package de.company.security.utility; import com.sun.appserv.security.AppservPasswordLoginModule; import com.sun.enterprise.security.auth.login.common.LoginException; import java.util.Set; import org.glassfish.security.common.PrincipalImpl; /** * * @author ifischer */ public class CustomLoginModule extends AppservPasswordLoginModule { @Override protected void authenticateUser() throws LoginException { _logger.info("CustomRealm : authenticateUser for " + _username); final CustomRealm realm = (CustomRealm)_currentRealm; if ( (_username == null) || (_username.length() == 0) || !_username.startsWith(realm.getStartWith())) throw new LoginException("Invalid credentials"); String[] grpList = realm.authenticate(_username, getPasswordChar()); if (grpList == null) { throw new LoginException("User not in groups"); } _logger.info("CustomRealm : authenticateUser for " + _username); Set principals = _subject.getPrincipals(); principals.add(new PrincipalImpl(_username)); this.commitUserAuthentication(grpList); } } I compiled this Maven project and copyied the resulting JAR-file to the Glassfish/lib directory. Then i added the Security Realm "customRealm" to my Glassfish with asadmin: asadmin create-auth-realm --classname de.company.security.utility.CustomRealm --property jaas-context=customRealm:startWith=a customRealm I even referenced the LoginModule class for the JAAS context of my Custom Realm, therefore i inserted this into the login.conf of my domain: customRealm { de.company.security.utility.CustomLoginModule required; }; Although this LoginModule SHOULD BE on the Glassfish classpath, as it's classfiled is packaged in the JAR that i put into the Glassfish/lib-dir, it cannot be found when i try to login. For login, i build a really simple JSF-project, which calls the HttpServletRequest-login-method of Servlet 3.0. When trying to login i'm getting the following Exception: 2010-12-24T14:41:31.613+0100|WARNING|glassfish3.0.1| javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=25; _ThreadName=Thread-1;|Web login failed: Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: de.company.security.utility.CustomLoginModule Anybody got an idea what i can do that Glassfish loads the LoginModule-class?

    Read the article

  • Spring security with GAE

    - by xybrek
    I'm trying to implement Spring security for my GAE application however I'm getting this error: No bean named 'springSecurityFilterChain' is defined I added this configuration on my application web.xml: <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> And in the servlet-context: <!-- Configure security --> <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="jimi" password="jimi" authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bob" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> What could be causing the error?

    Read the article

  • Could someone explain Spring Security BasePermission.Create?

    - by Matthew Sowders
    I am working on a project that involves Spring Security ACL and I came across the create permission BasePermission.CREATE. Would someone please explain how this is supposed to work or what it allows someone to do? It is my understanding that each object has an acl, and each acl has many ace's, and each ace has an sid and a permission. How can you grant permission on an object to create it, if it must be created in order to attach the acl to it?

    Read the article

  • Can't work out security

    - by user215351
    I installed Ubuntu on puter I am the only user I alone use. I was trying a to find out how to repair hardware faults. Surprised to find I was not the owner and that there is a password that locks me out. I only set one password during set up so what is this mysterious password. As far as I'm concerned it is overdone on security, Im sick of authenticating every 3 seconds. I need a simpler system

    Read the article

  • Worst security hole you've seen?

    - by Si
    Subject says it all, probably a good idea to keep details basic to protect the guilty. FWIW, here's a question about what to do if you find a security hole, and another with some useful answers if a company doesn't (seem to) respond.

    Read the article

  • Security risks posed by specifying technologies used

    - by SabreWolfy
    I am developing online tools for non-commercial use, which are hosted on dedicated hardware. I would like to include logos indicating the technologies I used (Apache or Python for example), at the bottom of the page. What are the security risks/implications, if any, of "advertizing" this information? It is better not to reveal that the web server is Apache, and that I used Pyhton and jQuery, for example?

    Read the article

  • Microsoft Blacklists Google, Windows 8 Integrated Security

    According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

    Read the article

  • Update packages on very old ubuntu

    - by meewoK
    I want to add Mysqli support to a machine running: Server Version: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 I would rather not update more things then I need to. I run the following: sudo apt-get install php5-mysql However, as the ubuntu version is old I get the following. WARNING: The following packages cannot be authenticated! php5-cli php5-mysql php5-mhash php5-xsl php5-pspell php5-snmp php5-curl php5-xmlrpc php5-sqlite php5-gd libapache2-mod-php5 php5-common Install these packages without verification [y/N]? Y Err http://gr.archive.ubuntu.com gutsy-updates/main php5-cli 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-cli 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-mysql 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-mhash 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-xsl 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-pspell 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-snmp 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-curl 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-xmlrpc 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-sqlite 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-gd 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main libapache2-mod-php5 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-common 5.2.3-1ubuntu6.4 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.3-1ubuntu6.4_i386.deb 404 Not Found E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? Questions Can I add mysqli feature using another method instead of sudo-apt get? Even if successful can this break something on the system? Update: I have tried to add additional sources using the instructions from: http://superuser.com/questions/339537/where-can-i-get-therepositories-for-old-ubuntu-versions I have the following in the /etc/apt/sources.list file: # deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted #deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## universe WILL NOT receive any review or updates from the Ubuntu security ## team. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates universe deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. #deb http://gr.archive.ubuntu.com/ubuntu/ gutsy multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy multiverse deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse # deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. This software is not part of Ubuntu, but is ## offered by Canonical and the respective vendors as a service to Ubuntu ## users. # deb http://archive.canonical.com/ubuntu gutsy partner # deb-src http://archive.canonical.com/ubuntu gutsy partner deb http://security.ubuntu.com/ubuntu gutsy-security main restricted deb-src http://security.ubuntu.com/ubuntu gutsy-security main restricted deb http://security.ubuntu.com/ubuntu gutsy-security universe deb-src http://security.ubuntu.com/ubuntu gutsy-security universe deb http://security.ubuntu.com/ubuntu gutsy-security multiverse deb-src http://security.ubuntu.com/ubuntu gutsy-security multiverse # Required deb http://old-releases.ubuntu.com/ubuntu/gutsy main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/gutsy-updates main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/gutsy-security main restricted universe multiverse

    Read the article

  • Managing User & Role Security with Oracle SQL Developer

    - by thatjeffsmith
    With the advent of SQL Developer v3.0, users have had access to some powerful database administration features. Version 3.1 introduced more powerful features such as an interface to Data Pump and RMAN. Today I want to talk about some very simple but frequently ran tasks that SQL Developer can assist with, like: identifying privs granted to users managing role privs assigning new roles and privs to users & roles Before getting started, you’ll need a connection to the database with the proper privileges. The common ROLE used to accomplish this is the ‘DBA‘ role. Curious as to what the DBA role is actually comprised of? Let’s find out! Open the DBA Console First make sure you’re connected to the database you want to manage security on with a privileged administrator account. Then open the View menu and select ‘DBA.’ Accessing the DBA panel ‘Create’ a Connection Click on the green ‘+’ button in the DBA panel. It will ask you to choose a previously defined SQL Developer connection. Defining a DBA connection in Oracle SQL Developer Once connected you will see a tree list of DBA features you can start interacting with. Expand the ‘Security’ Tree Node As you click on an object in the DBA panel, the ‘viewer’ will open on the right-hand-side, just like you are accustomed to seeing when clicking on a table or stored procedure. Accessing the DBA role If I’m a newly hired Oracle DBA, the first thing I might want to do is become very familiar with the DBA role. People will be asking you to grant them this role or a subset of its privileges. Once you see what the role can do, you will become VERY protective of it. My favorite 3-letter 4-letter word is ‘ANY’ and the DBA role is littered with privileges like this: ANY TABLE privs granted to DBA role So if this doesn’t freak you out, then maybe you should re-consider your career path. Or in other words, don’t be granting this role to ANYONE you don’t completely trust to take care of your database. If I’m just assigned a new database to manage, the first thing I might want to look at is just WHO has been assigned the DBA role. SQL Developer makes this easy to ascertain, just click on the ‘User Grantees’ panel. Who has the keys to your car? Making Changes to Roles and Users If you mouse-right-click on a user in the Tree, you can do individual tasks like grant a sys priv or expire an account. But, you can also use the ‘Edit User’ dialog to do a lot of work in one pass. As you click through options in these dialogs, it will build the ‘ALTER USER’ script in the SQL panel, which can then be executed or copied to the worksheet or to your .SQL file to be ran at your discretion. A Few Clicks vs a Lot of Typing These dialogs won’t make you a DBA, but if you’re pressed for time and you’re already in SQL Developer, they can sure help you make up for lost time in just a few clicks!

    Read the article

  • Jersey, Apache HTTPD, and javax.annotation.security usage

    - by Nick Klauer
    So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin could do that a User could not. I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed.

    Read the article

  • Database independent row level security solution

    - by Filip
    Hi, does anybody knows about Java/C# database independent authorization library. This library should support read, write, delete, insert actions across company organizational structure. Something like this: - user can see all documents - user can enter new document assigned to his unit - user can change all documents assigned to his unit and all subordinate units. - user can delete documents that are assigned to him I should also be able to create custom actions (besides read, write,...) connect them to certain class and assign that "security token" to user (e.g. document.expire). If there aren't any either free or commercial libraries, is there a book that could be useful in implementing this functionality? Thanks.

    Read the article

  • Security considerations for my first eStore.

    - by RPK
    I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

    Read the article

  • Oracle Security Webcast - today

    - by Alex Blyth
    Hi AllHere are the details for today's (12th May 2010) webcast on "Oracle Database Security"  -  beginning at 1.30pm (Sydney, Australia Time) :Webcast is at http://strtc.oracle.com (IE6, 7 & 8 supported only)Conference ID for the webcast is 6690429Conference Key: securityEnrollment is required. Please click here to enroll.Please use your real name in the name field (just makes it easier for us to help you out if we can't answer your questions on the call)Audio details:NZ Toll Free - 0800 888 157 orAU Toll Free - 1800420354 (or +61 2 8064 0613Meeting ID: 7914841Meeting Passcode: 12052010Talk to you all at 1.30CheersAlex

    Read the article

  • Wine Security - Improvement by second user account?

    - by F. K.
    Team, I'm considering installing wine - but still hesitant for security reasons. As far as I found out, malicious code could reach ~/.wine and all my personal data with my user-priviledges - but not farther than that. So - would it be any safer to create a second user account on my machine and install wine there? That way, the second user would only have reading rights to my files. Is there a way to install wine totally confined to that user - so that I can't execute .exe files from my original account? Thanks in advance! PS - I'm running Ubuntu 11.10 64bit if that matters.

    Read the article

  • Security considerations for a default install?

    - by cpedros
    So with an old burned install CD of Feisty Fawn I went through the process of completely formatting the Windows OS and installing Ubuntu on an old XP laptop. I then went through the online upgrade to 10.4 LTS, only installing the gnome desktop environment package in the process. My (admittedly very open) question is that in this state and online, what security considerations do I have to immediately make for the default install? I understand that a lot of this swings on my intended use of the server, but just sitting there online what risks is it exposed to (this obviously goes far beyond the realm of linux, but I am not sure how these risks are accommodated in the default install). For example, I believe there is a firewall installed with Ubuntu but by default it allows all traffic. Any other guidelines would be much appreciated. Thanks

    Read the article

  • How to manage security cameras in Ubuntu?

    - by Josh
    I am setting up a server of sorts and chose ubuntu for the OS as my dad has it on a few computers. I am unimpressed with Windows or MAC due to all the add-ons and complexity of it when all I want is something simple. The system will have 3 purposes, storing my wife's photography work (she is a professional photographer) storing music for quick access to our entertainment system (will be running the system through the tv in our living room and thus through our surround sound) and will also serve as a DVR unit for a home security system I am going to put together. My question is what sort of software options are there for the Ubuntu system as far as a DVR with frame by frame playback. It does not need to be fancy but of course a variety of options are a nice touch.

    Read the article

  • Security considerations for default install of Ubuntu

    - by cpedros
    So with an old burned install CD of Feisty Fawn I went through the process of completely formatting the Windows OS and installing Ubuntu on an old XP laptop. I then went through the online upgrade to 10.4 LTS, only installing the gnome desktop environment package in the process. My (admittedly very open) question is that in this state and online, what security considerations do I have to immediately make for the default install? I understand that a lot of this swings on my intended use of the server, but just sitting there online what risks is it exposed to (this obviously goes far beyond the realm of linux, but I am not sure how these risks are accommodated in the default install). For example, I believe there is a firewall installed with Ubuntu but by default it allows all traffic. Any other guidelines would be much appreciated. Thanks

    Read the article

  • Security of keyctl

    - by ftiaronsem
    Hello alltogether Today I set up an ecryptfs directory, which is automatically mounted at login via pam. To do so i followed the guide in the ecryptfs readme ecryptfs-readme To sum up, I now have a key stored in the usser session keyring. The first thing I do not understand is why this key is only showing up via keyctl show and not with the gnome-gui "Passwords and encryption keys". The second thing I am curious about is the security. I assume that my passphrase is somehow stored on the harddisk. But how exactly and how secure is this? Thanks in advance

    Read the article

  • Where can I safely learn about computer security?

    - by Ammar Ahmed
    I find it really hard to find resources about computer security. I asked questions on message boards about key loggers and viruses and I got negative assumption from people assuming the the worse. Also, I don't think that I can trust random message boards. I know that it is a broad topic, but are there any good websites that I can follow and learn from that are targeted to beginner with some samples? I am a developer (or at least want to be one) and I have a CS degree if that helps.

    Read the article

  • How to Configure Microsoft Security Essentials

    Microsoft Security Essentials is the software giant's free solution for home users as well as small businesses. As long as you have a genuine copy of Windows running on your PC, you can enjoy all it has to offer. The program is characterized by easy installation and a user interface that is intuitive and rather simple to navigate. With so many viruses, spyware, and other malicious items floating all around the Web, keeping your PC secure should be of utmost importance. After all, you want to protect your investment and your sanity at the same time. Having a solid program such as Microsof...

    Read the article

  • security cameras and Ubuntu

    - by Josh
    I am setting up a server of sorts and chose ubuntu for the OS as my dad has it on a few computers. I am unimpressed with Windows or MAC due to all the add-ons and complexity of it when all I want is something simple. The system will have 3 purposes, storing my wife's photography work (she is a professional photographer) storing music for quick access to our entertainment system (will be running the system thru the tv in our living room and thus though our surround sound) and will also serve as a DVR unit for a home security system I am going to put together. My question is what sort of software options are there for the Ubuntu system as far as a DVR with frame by frame playback. It does not need to be fancy but of course a variety of options are a nice touch.

    Read the article

  • Antivirus Poses as Windows Security Alert, March Patch

    The campaign's attacks are said to begin when a Web user attempts to visit a WordPress blogger's site. Instead of seeing the intended website, the user is redirected to a site hosting the rogue antivirus. The blogger will see that user's traffic, however, even though they never get to see any actual content. The site performs a phony scan on the user's computer and displays what appear to be existing Trojans found on the computer. In an attempt to look authentic, the rogue antivirus software carries the appearance of a typical Windows Explorer window and also employs a Windows Security Ale...

    Read the article

  • Learning about security and finding exploits

    - by Jayraj
    First things first: I have absolutely no interest in learning how to crack systems for personal enrichment, hurting other people or doing anything remotely malicious. I understand the basis of many exploits (XSS, SQL injection, use after free etc.), though I've never performed any myself. I even have some idea about how to guard web applications from common exploits (like the aforementioned XSS and SQL injection) Reading this question about the Internet Explorer zero-day vulnerability from the Security SE piqued my curiosity and made me wonder: how did someone even find out about this exploit? What tools did they use? How did they know what to look for? I'm wary about visiting hacker dens online for fear of getting my own system infected (the Defcon stories make me paranoid). So what's a good, safe place to start learning?

    Read the article

  • cPanel's Web Disk - Security issues?

    - by Tim Sparks
    I'm thinking of using Web Disk (built into the later versions of cPanel) to allow a Windows or Mac computer to map a network drive that is actually a folder on our website (above the public_html folder). We currently use an antiquated local server to store information, but it is only accessible from one location - we would like to be able to access it from other locations as well. I understand that folders above public_html are not accessible via http, but I want to know how secure is the access to these folders as a network drive? There is potentially sensitive information that we need to decide whether it is appropriate to store here. The map network drive option seems to work well as it behaves as if the files are on your own computer (i.e. you can open and save files without then having to upload them - as it happens automatically). We have used Dropbox for similar purposes, but space is a issue with them, as is accountability and so we haven't used it for sensitive information. Are there any notable security concerns with using Web Disk as a secure file server?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >