Search Results

Search found 176 results on 8 pages for 'verizon'.

Page 6/8 | < Previous Page | 2 3 4 5 6 7 8  | Next Page >

  • Oracle Inroduces a New Line of Defense for Databases

    - by roxana.bradescu
    Today at the 2011 RSA Conference, we announced the immediate availability of our new Oracle Database Firewall, the latest addition to a comprehensive portfolio of database security solutions. Oracle Database Firewall is a network-based software solution that monitors database traffic, and can detect and block SQL injection and other attacks from reaching Oracle and non-Oracle databases. According to the 2010 Verizon Data Breach Investigations Report, SQL injection attacks against databases are responsible for 89% of all breached data. SQL injection attacks are a technique for controlling responses from the database server through applications. This attack exploits the inherent trust between application layer and the back-end database. Previously the only way organizations had to safeguard against SQL injection attacks was a complete overhaul of their application code. Obviously a very costly, complex, and often impossible undertaking for most organizations. Enter the new Oracle Database Firewall. It can help prevent SQL injection attacks by establishing a defensive perimeter around your databases. The Oracle Database Firewall uses an innovative SQL grammar analysis to inspect the database traffic against pre-defined policies. Normal expected traffic is allowed to pass (and can be optionally logged to demonstrate regulatory compliance), ensuring no false positives or disruption to your business. SQL statements that are explicitly forbidden or unknown SQL statements can either pass, be logged, alert, block or be substitute with pre-defined SQL statements. Being able to substitute an unknown potentially harmful SQL statement with a harmless statement is especially powerful since it foils an attack while allowing the application to operate normally and preventing DoS attacks. So, if you're at RSA, stop by our booth or attend the session with Steve Moyle, Oracle Database Firewall CTO. Or if you want to learn more immediately, please watch our on-demand webcast and download the new Oracle Database Firewall Resource Kit with everything you need to get started today.

    Read the article

  • CRM Evolution 2014: Mediocrity is the New Horrible in Customer Service

    - by Tuula Fai
    "Mediocrity is the new horrible in customer service," Blair McHaney, Gold's Gym Almost everyone knows that customers' expectations have risen. But, after listening to two days of presentations at CRM Evolution, I think it’s more accurate to say that customers' expectations have skyrocketed. Fortunately, most companies have gotten the message and are taking their customer service to a higher level. For those who've been hesitant to 'boldly go where their customer service organization has not gone before,' take heart. I’ve got some statistics that will encourage you to take those first few steps. Why should I change? By engaging customers online, ancestry.com achieved a 99.5% customer satisfaction score (CSAT) while improving retention and saving millions on greater efficiency, including a 38%-50% drop in inbound calls and emails.1 By empowering employees to delight customers, Gold’s Gym achieved a 77.5% Net Promoter Score (NPS) and 22% customer churn rate. No small feat when you consider the industry averages are 40% NPS and 45% churn.2 By adapting quickly to social media, brands like Verizon have benefited from social community members spending 2.5x-10x more than average customers.3 ‘The fierce urgency of now’ is upon us in customer service. You can take your customer service to a higher level! To find out more, click here CRM Evolution Customer Service Experience Footnotes: 1. Arvindh Balakrishnan, Is Your Customer Service Modern?2. Blair McHaney, Wire Your Organization with Customer Feedback3. Becky Carroll, The Power of Communities for Improving the Service Experience and Building Advocates

    Read the article

  • More on Oracle OpenWorld 2012

    - by Maria Colgan
    With only two weeks to go until Oracle OpenWorld, it is time to start planning your schedule. Every year folks ask me what Optimizer related sessions they should go and see at OpenWorld. Below are my top two picks for each day of the conference, to get your schedule started. Sunday, September 30th at 9am Beginning performance tuning Session UGF 3320 in Moscone West, room 2022 Sunday September 30th at 12:30pm Ten Surprising Performance Tactics Session UGF10426 in Moscone West, room 2016 Monday October 1st at 12:15pm The Evolution of Histograms in Oracle Database Session CON2803 in Moscone south, room 302 Monday October 1st at 1:45pm A Day in the Life of a Real-World Performance Engineer Session CON8404 in Moscone south, room 303 Tuesday October 2nd at 11:45am Oracle Partitioning: It’s Getting Even Better Session CON8321 in Moscone South, room 101 Tuesday October 2nd at 1:15pm Oracle Optimizer: Harnessing the Power of Optimizer Hints  Session CON8455 in Moscone South, room 103 Wednesday October 3rd at 3:30pm SQL Plan Stability: Post 11g Upgrade—Verizon Wireless’ Experience Session CON4485 in Moscone South, room 302 Wednesday October 3rd at 5pm Five SQL and PL/SQL Things in the Latest Generation of Database Technology Session CON8432 Moscone South, room 103 Thursday, October 4th at 11:15pm How the Query Optimizer Learns from Its Mistakes  Session CON3330 in Moscone west, room 3016 Thursday, October 4th at 12:45pm Oracle Optimizer: An Insider’s View of How the Optimizer Works Session CON8457 in Moscone South, room 104 Don't forget to pickup an Optimizer bumper sticker at the Optimizer demo booth. This year we are located in booth 3157, in the Database area of the demogrounds, in Moscone South. Members of the Optimizer development team will be there Monday through Wednesday from 9:45 am until 6pm.

    Read the article

  • Kindle App for WP7 arrives

    - by dotgeek
    If you had asked me if I was interested in owning a Kindle device, then my response a couple months back would have been a flat out no back then. So what has changed between now on then you might be asking me then? I would have to say watching my wife enjoy the many books in digital form has peeked my interest to start with now. Was that enough for me to buy a Kindle though? Not just yet, but that is where the Windows Phone 7 comes in for me once again. It’s no secret that I’ve wanted this device and yes it does have a number of Apps that I think I’ll really enjoy. The latest must have App for me, will most certainly be the Kindle App for Windows Phone 7, released from Amazon today. I’ve already started playing around with the PC version of Kindle software and I’m looking at purchasing any future books in digital form now. So it’s a given once I have a Windows Phone 7 device, that I’ll be enjoying some of my favorite books, while I’m on the go I think and via this App. Tonight I actually had a chance to check out the WP7 Kindle App on a friends device and I was really pleased with how it looked and performed. Now if the planets could only manage to lineup for me and allow Verizon and Microsoft to come to terms on the releasing of WP7 CDMA devices, I just might be able to really enjoy some of this on my own. Do I rule out ever having an actual Kindle device? Not at all, but I do plan on having the WP7 device well before that day ever comes though.

    Read the article

  • Wireless does not work 12.10

    - by superkoop
    My primary issue is that my wireless does not work after I installed 12.10. The output to rfkill list all: 5: hci0: Bluetooth Soft blocked: no Hard blocked: no The output to lshw -class network is: *-network description: Ethernet interface product: 88E8040 PCI-E Fast Ethernet Controller vendor: Marvell Technology Group Ltd. physical id: 0 bus info: pci@0000:09:00.0 logical name: eth0 version: 12 serial: 00:21:9b:d6:46:51 size: 100Mbit/s capacity: 100Mbit/s width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=sky2 driverversion=1.30 duplex=full ip=192.168.1.102 latency=0 link=yes multicast=yes port=twisted pair speed=100Mbit/s resources: irq:44 memory:fe8fc000-fe8fffff ioport:de00(size=256) *-network description: Network controller product: BCM4312 802.11b/g LP-PHY vendor: Broadcom Corporation physical id: 0 bus info: pci@0000:0b:00.0 version: 01 width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list configuration: driver=b43-pci-bridge latency=0 resources: irq:17 memory:fe7fc000-fe7fffff The output to lspci -nn for the pertinent information is: 0b:00.0 Network controller [0280]: Broadcom Corporation BCM4312 802.11b/g LP-PHY [14e4:4315] (rev 01) Thus, it seems the solution would be to run: sudo apt-get install linux-headers-generic sudo apt-get install --reinstall bcmwl-kernel-source sudo modprobe wl However, I do not currently have access to an ethernet connection, as I am currently only able to use verizon wireless 3g internet. Thus, is there a way to set up ICS with a Vista machine so that I can access the internet by using the Vista machine as the host? Or, is it possible to fix this by downloading the important packages in vista and moving them to ubuntu via USB drive?

    Read the article

  • Removing malware of a particular kind

    - by Cyclone
    I need to remove some malware from my computer. It is a trojan, and very annoying. It blocks access to Google and search sites. The trojan, with its name spelled out on each line cause it seems to block sites when i reference it in a url, is a r t (some text to mess it up) e m (more text i s First off, what is it, what does it do? Second, why can't I access google or yahoo or any other search sites at all? Third, can it be removed via McAffee? It says it quarantined it when I scanned I found a suspicious process "c"s"r"s"s".exe and it will not let me terminate it, and this is what Mcaffee says it is. Why on earth isn't Mcaffee getting rid of it? I even blocked internet access for this program. Thanks so much, I get kinda freaked out with things like this... Here is my entire Hosts file: 127.0.0.1 go.mail.ru 127.0.0.1 nova.rambler.ru 127.0.0.1 google.ad 127.0.0.1 www.google.ad 127.0.0.1 google.ae 127.0.0.1 www.google.ae 127.0.0.1 google.am 127.0.0.1 www.google.am 127.0.0.1 google.com.ar 127.0.0.1 www.google.com.ar 127.0.0.1 google.as 127.0.0.1 www.google.as 127.0.0.1 google.at 127.0.0.1 www.google.at 127.0.0.1 google.com.au 127.0.0.1 www.google.com.au 127.0.0.1 google.az 127.0.0.1 www.google.az 127.0.0.1 google.ba 127.0.0.1 www.google.ba 127.0.0.1 google.be 127.0.0.1 www.google.be 127.0.0.1 google.bg 127.0.0.1 www.google.bg 127.0.0.1 google.bs 127.0.0.1 www.google.bs 127.0.0.1 google.com.by 127.0.0.1 www.google.com.by 127.0.0.1 google.ca 127.0.0.1 www.google.ca 127.0.0.1 google.ch 127.0.0.1 www.google.ch 127.0.0.1 google.cn 127.0.0.1 www.google.cn 127.0.0.1 google.cz 127.0.0.1 www.google.cz 127.0.0.1 google.de 127.0.0.1 www.google.de 127.0.0.1 google.dk 127.0.0.1 www.google.dk 127.0.0.1 google.ee 127.0.0.1 www.google.ee 127.0.0.1 google.es 127.0.0.1 www.google.es 127.0.0.1 google.fi 127.0.0.1 www.google.fi 127.0.0.1 google.fr 127.0.0.1 www.google.fr 127.0.0.1 google.gr 127.0.0.1 www.google.gr 127.0.0.1 google.com.hk 127.0.0.1 www.google.com.hk 127.0.0.1 google.hr 127.0.0.1 www.google.hr 127.0.0.1 google.hu 127.0.0.1 www.google.hu 127.0.0.1 google.ie 127.0.0.1 www.google.ie 127.0.0.1 google.co.il 127.0.0.1 www.google.co.il 127.0.0.1 google.co.in 127.0.0.1 www.google.co.in 127.0.0.1 google.is 127.0.0.1 www.google.is 127.0.0.1 google.it 127.0.0.1 www.google.it 127.0.0.1 google.co.jp 127.0.0.1 www.google.co.jp 127.0.0.1 google.kg 127.0.0.1 www.google.kg 127.0.0.1 google.co.kr 127.0.0.1 www.google.co.kr 127.0.0.1 google.li 127.0.0.1 www.google.li 127.0.0.1 google.lt 127.0.0.1 www.google.lt 127.0.0.1 google.lu 127.0.0.1 www.google.lu 127.0.0.1 google.lv 127.0.0.1 www.google.lv 127.0.0.1 google.md 127.0.0.1 www.google.md 127.0.0.1 google.com.mx 127.0.0.1 www.google.com.mx 127.0.0.1 google.nl 127.0.0.1 www.google.nl 127.0.0.1 google.no 127.0.0.1 www.google.no 127.0.0.1 google.co.nz 127.0.0.1 www.google.co.nz 127.0.0.1 google.com.pe 127.0.0.1 www.google.com.pe 127.0.0.1 google.com.ph 127.0.0.1 www.google.com.ph 127.0.0.1 google.pl 127.0.0.1 www.google.pl 127.0.0.1 google.pt 127.0.0.1 www.google.pt 127.0.0.1 google.ro 127.0.0.1 www.google.ro 127.0.0.1 google.ru 127.0.0.1 www.google.ru 127.0.0.1 google.com.ru 127.0.0.1 www.google.com.ru 127.0.0.1 google.com.sa 127.0.0.1 www.google.com.sa 127.0.0.1 google.se 127.0.0.1 www.google.se 127.0.0.1 google.com.sg 127.0.0.1 www.google.com.sg 127.0.0.1 google.si 127.0.0.1 www.google.si 127.0.0.1 google.sk 127.0.0.1 www.google.sk 127.0.0.1 google.co.th 127.0.0.1 www.google.co.th 127.0.0.1 google.com.tj 127.0.0.1 www.google.com.tj 127.0.0.1 google.tm 127.0.0.1 www.google.tm 127.0.0.1 google.com.tr 127.0.0.1 www.google.com.tr 127.0.0.1 google.com.tw 127.0.0.1 www.google.com.tw 127.0.0.1 google.com.ua 127.0.0.1 www.google.com.ua 127.0.0.1 google.co.uk 127.0.0.1 www.google.co.uk 127.0.0.1 google.co.vi 127.0.0.1 www.google.co.vi 127.0.0.1 google.com 127.0.0.1 www.google.com 127.0.0.1 google.us 127.0.0.1 www.google.us 127.0.0.1 google.com.pl 127.0.0.1 www.google.com.pl 127.0.0.1 google.co.hu 127.0.0.1 www.google.co.hu 127.0.0.1 google.ge 127.0.0.1 www.google.ge 127.0.0.1 google.kz 127.0.0.1 www.google.kz 127.0.0.1 google.co.uz 127.0.0.1 www.google.co.uz 127.0.0.1 bing.com 127.0.0.1 www.bing.com 127.0.0.1 search.yahoo.com 127.0.0.1 ca.search.yahoo.com 127.0.0.1 ar.search.yahoo.com 127.0.0.1 cl.search.yahoo.com 127.0.0.1 co.search.yahoo.com 127.0.0.1 mx.search.yahoo.com 127.0.0.1 espanol.search.yahoo.com 127.0.0.1 qc.search.yahoo.com 127.0.0.1 ve.search.yahoo.com 127.0.0.1 pe.search.yahoo.com 127.0.0.1 at.search.yahoo.com 127.0.0.1 ct.search.yahoo.com 127.0.0.1 dk.search.yahoo.com 127.0.0.1 fi.search.yahoo.com 127.0.0.1 fr.search.yahoo.com 127.0.0.1 de.search.yahoo.com 127.0.0.1 it.search.yahoo.com 127.0.0.1 nl.search.yahoo.com 127.0.0.1 no.search.yahoo.com 127.0.0.1 ru.search.yahoo.com 127.0.0.1 es.search.yahoo.com 127.0.0.1 se.search.yahoo.com 127.0.0.1 ch.search.yahoo.com 127.0.0.1 uk.search.yahoo.com 127.0.0.1 asia.search.yahoo.com 127.0.0.1 au.search.yahoo.com 127.0.0.1 one.cn.yahoo.com 127.0.0.1 hk.search.yahoo.com 127.0.0.1 in.search.yahoo.com 127.0.0.1 id.search.yahoo.com 127.0.0.1 search.yahoo.co.jp 127.0.0.1 kr.search.yahoo.com 127.0.0.1 malaysia.search.yahoo.com 127.0.0.1 nz.search.yahoo.com 127.0.0.1 ph.search.yahoo.com 127.0.0.1 sg.search.yahoo.com 127.0.0.1 tw.search.yahoo.com 127.0.0.1 th.search.yahoo.com 127.0.0.1 vn.search.yahoo.com 127.0.0.1 images.google.com 127.0.0.1 images.google.ca 127.0.0.1 images.google.co.uk 127.0.0.1 news.google.com 127.0.0.1 news.google.ca 127.0.0.1 news.google.co.uk 127.0.0.1 video.google.com 127.0.0.1 video.google.ca 127.0.0.1 video.google.co.uk 127.0.0.1 blogsearch.google.com 127.0.0.1 blogsearch.google.ca 127.0.0.1 blogsearch.google.co.uk 127.0.0.1 searchservice.myspace.com 127.0.0.1 ask.com 127.0.0.1 www.ask.com 127.0.0.1 search.aol.com 127.0.0.1 search.netscape.com 127.0.0.1 yandex.ru 127.0.0.1 www.yandex.ru 127.0.0.1 yandex.ua 127.0.0.1 www.yandex.ua 127.0.0.1 search.about.com 127.0.0.1 www.verizon.net 127.0.0.1 verizon.net

    Read the article

  • Android AVD With GoogleApi, Not Getting Network Connection

    - by Chris
    I am working on a Windows XP Machine. When running AVDs out of Eclipse, I am getting "No Network Connection" when I am plugged into my company's network and using an AVD that was built with the "Google APIs by Google Inc., Android API 7, revision 1". If I use this same AVD (Google API) and connect to the internet through a Verizon Wireless card, the AVD gets an Internet Connection. If I use an AVD built with "SDK Platform Android 2.1, API 7, revision 1", and connect through my company's network, the AVD gets an Internet Connection. Any ideas what might be blocking this? I am guessing it is something in my company's network, but why only with the AVD created with the Google API?

    Read the article

  • Django | Save model's choice list values

    - by MMRUser
    I have a form that has a choice list: <select name="cellSerpro" id="idcellserpro" class="field text" > <option value="">---</option> <option value="option1">Verizon</option> <option value="option2">AT&T</option> <option value="option3">T-Mobile</option> <option value="option4">Sprint</option> </select> So how do I get the selected value of it from the Django's model class in order to save it in the database, I have search through the net but couldn't find any way of doing it.. Thanks..

    Read the article

  • Alternative to WhitePages API?

    - by Oscar Godson
    I'm using the WhitePages API ( developer.whitepages.com ) to get a phone type (landline or cellular) and the phone's service provider (Verizon, T-Mobile, etc), but they only have a personal API which limits you to 2 calls a second and/or 1,500 calls a day. The paid version, or "Pro", is a minimum of $500 a month and/or $0.10 a call. Does anyone know another service where I can get that information for free or cheaper than $500 / $0.10 a call? If not I'll have to try to cache everything and it'll technically be against their TOS...

    Read the article

  • What is "=C2=A0" in MIME encoded, quoted-printable text?

    - by TheSoftwareJedi
    This is an example raw email I am trying to parse: MIME-version: 1.0 Content-type: text/html; charset=UTF-8 Content-transfer-encoding: quoted-printable X-Mailer: Verizon Webmail X-Originating-IP: [x.x.x.x] =C2=A0test testing testing 123 What is =C2=A0? I have tried a half dozen quoted-printable parsers, but none handle this correctly. Honestly, for now, I'm coding: //TODO WTF encoded = encoded.Replace("=C2=A0", ""); Because I can't figure out why that text is there randomly within the MIME content, and isn't supposed to be rendered into anything. By just removing it, I'm getting the desired effect - but WHY?!

    Read the article

  • How to get the SMTP response in CACHE

    - by praveenjayapal
    Hi friends, I want to retrive the SMTP response after sending the mail. I need to fetch the response for the send mail (whether its send properly or not) The response must be like this Return-path: itgigs@4wtech.com Envelope-to: [email protected] Delivery-date: Fri, 12 Dec 2008 23:54:57 -0500 Received: from pool-98-109-89-94.nwrknj.fios.verizon.net ([98.109.89.94] helo=Andy-PC) by server.4wtech.com with esmtp (Exim 4.69) (envelope-from itgigs@4wtech.com) id 1LBMWn-0005BH-7u for [email protected]; Fri, 12 Dec 2008 23:54:57 -0500 Date: Sat, 13 Dec 2008 04:55:09 UT From: [email protected] Subject: Web Deverloper Internship (SoHo) (955259288 ) To: [email protected] MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable How can i retrieve the SMTP response? Please help me

    Read the article

  • How do I include a newline in a text message sent as email from an ASP.Net application?

    - by Tim Goodman
    I have an ASP.Net Application that sends text messages to mobile phones. It does this by sending an email. For instance, if your phone number is 555-555-5555 and your wireless carrier is Verizon, you can send an email to [email protected] and it will show up as a text message. I want to be able to include a newline in the body of the message. How do I do this? Also please note that my ASP.Net program gets the message from a database (MS SQL Server) so what I really need to know is what characters to include in the message body when I store it in my database. I already tried \n but it just showed up in the text message as \n

    Read the article

  • Is there a global inbox for android?

    - by Loony2nz
    I'm a Blackberry fan and I have been aching to get a phone with a better UI (and not the jesusPhone). I was looking at the Android platform and find it quite fun to play with. However, one of the crucial elements of my BB that I love to death is the global inbox of all my email accounts. (not to mention the BB messenger, but I can live without that). Is there an addon or does the android have this feature natively? I played with my friend's Verizon Droid, and she couldn't tell me. Thanks!

    Read the article

  • PHP: Parsing of a given form input variable

    - by Jaime Cross
    How would I go about parsing incoming form data where the name changes based on section of site like: <input type="radio" name="Motorola section" value="Ask a question"> where 'Motorola section may be that, or Verizon section, or Blackberry section, etc. I do not have any control over changing the existing forms unfortunately, so must find a way to work with what is there. Basically, I need to be able to grab both the name="" data as well as its coresponding value="" data to be able to populate the email that gets sent properly.

    Read the article

  • Toorcon14

    - by danx
    Toorcon 2012 Information Security Conference San Diego, CA, http://www.toorcon.org/ Dan Anderson, October 2012 It's almost Halloween, and we all know what that means—yes, of course, it's time for another Toorcon Conference! Toorcon is an annual conference for people interested in computer security. This includes the whole range of hackers, computer hobbyists, professionals, security consultants, press, law enforcement, prosecutors, FBI, etc. We're at Toorcon 14—see earlier blogs for some of the previous Toorcon's I've attended (back to 2003). This year's "con" was held at the Westin on Broadway in downtown San Diego, California. The following are not necessarily my views—I'm just the messenger—although I could have misquoted or misparaphrased the speakers. Also, I only reviewed some of the talks, below, which I attended and interested me. MalAndroid—the Crux of Android Infections, Aditya K. Sood Programming Weird Machines with ELF Metadata, Rebecca "bx" Shapiro Privacy at the Handset: New FCC Rules?, Valkyrie Hacking Measured Boot and UEFI, Dan Griffin You Can't Buy Security: Building the Open Source InfoSec Program, Boris Sverdlik What Journalists Want: The Investigative Reporters' Perspective on Hacking, Dave Maas & Jason Leopold Accessibility and Security, Anna Shubina Stop Patching, for Stronger PCI Compliance, Adam Brand McAfee Secure & Trustmarks — a Hacker's Best Friend, Jay James & Shane MacDougall MalAndroid—the Crux of Android Infections Aditya K. Sood, IOActive, Michigan State PhD candidate Aditya talked about Android smartphone malware. There's a lot of old Android software out there—over 50% Gingerbread (2.3.x)—and most have unpatched vulnerabilities. Of 9 Android vulnerabilities, 8 have known exploits (such as the old Gingerbread Global Object Table exploit). Android protection includes sandboxing, security scanner, app permissions, and screened Android app market. The Android permission checker has fine-grain resource control, policy enforcement. Android static analysis also includes a static analysis app checker (bouncer), and a vulnerablity checker. What security problems does Android have? User-centric security, which depends on the user to grant permission and make smart decisions. But users don't care or think about malware (the're not aware, not paranoid). All they want is functionality, extensibility, mobility Android had no "proper" encryption before Android 3.0 No built-in protection against social engineering and web tricks Alternative Android app markets are unsafe. Simply visiting some markets can infect Android Aditya classified Android Malware types as: Type A—Apps. These interact with the Android app framework. For example, a fake Netflix app. Or Android Gold Dream (game), which uploads user files stealthy manner to a remote location. Type K—Kernel. Exploits underlying Linux libraries or kernel Type H—Hybrid. These use multiple layers (app framework, libraries, kernel). These are most commonly used by Android botnets, which are popular with Chinese botnet authors What are the threats from Android malware? These incude leak info (contacts), banking fraud, corporate network attacks, malware advertising, malware "Hackivism" (the promotion of social causes. For example, promiting specific leaders of the Tunisian or Iranian revolutions. Android malware is frequently "masquerated". That is, repackaged inside a legit app with malware. To avoid detection, the hidden malware is not unwrapped until runtime. The malware payload can be hidden in, for example, PNG files. Less common are Android bootkits—there's not many around. What they do is hijack the Android init framework—alteering system programs and daemons, then deletes itself. For example, the DKF Bootkit (China). Android App Problems: no code signing! all self-signed native code execution permission sandbox — all or none alternate market places no robust Android malware detection at network level delayed patch process Programming Weird Machines with ELF Metadata Rebecca "bx" Shapiro, Dartmouth College, NH https://github.com/bx/elf-bf-tools @bxsays on twitter Definitions. "ELF" is an executable file format used in linking and loading executables (on UNIX/Linux-class machines). "Weird machine" uses undocumented computation sources (I think of them as unintended virtual machines). Some examples of "weird machines" are those that: return to weird location, does SQL injection, corrupts the heap. Bx then talked about using ELF metadata as (an uintended) "weird machine". Some ELF background: A compiler takes source code and generates a ELF object file (hello.o). A static linker makes an ELF executable from the object file. A runtime linker and loader takes ELF executable and loads and relocates it in memory. The ELF file has symbols to relocate functions and variables. ELF has two relocation tables—one at link time and another one at loading time: .rela.dyn (link time) and .dynsym (dynamic table). GOT: Global Offset Table of addresses for dynamically-linked functions. PLT: Procedure Linkage Tables—works with GOT. The memory layout of a process (not the ELF file) is, in order: program (+ heap), dynamic libraries, libc, ld.so, stack (which includes the dynamic table loaded into memory) For ELF, the "weird machine" is found and exploited in the loader. ELF can be crafted for executing viruses, by tricking runtime into executing interpreted "code" in the ELF symbol table. One can inject parasitic "code" without modifying the actual ELF code portions. Think of the ELF symbol table as an "assembly language" interpreter. It has these elements: instructions: Add, move, jump if not 0 (jnz) Think of symbol table entries as "registers" symbol table value is "contents" immediate values are constants direct values are addresses (e.g., 0xdeadbeef) move instruction: is a relocation table entry add instruction: relocation table "addend" entry jnz instruction: takes multiple relocation table entries The ELF weird machine exploits the loader by relocating relocation table entries. The loader will go on forever until told to stop. It stores state on stack at "end" and uses IFUNC table entries (containing function pointer address). The ELF weird machine, called "Brainfu*k" (BF) has: 8 instructions: pointer inc, dec, inc indirect, dec indirect, jump forward, jump backward, print. Three registers - 3 registers Bx showed example BF source code that implemented a Turing machine printing "hello, world". More interesting was the next demo, where bx modified ping. Ping runs suid as root, but quickly drops privilege. BF modified the loader to disable the library function call dropping privilege, so it remained as root. Then BF modified the ping -t argument to execute the -t filename as root. It's best to show what this modified ping does with an example: $ whoami bx $ ping localhost -t backdoor.sh # executes backdoor $ whoami root $ The modified code increased from 285948 bytes to 290209 bytes. A BF tool compiles "executable" by modifying the symbol table in an existing ELF executable. The tool modifies .dynsym and .rela.dyn table, but not code or data. Privacy at the Handset: New FCC Rules? "Valkyrie" (Christie Dudley, Santa Clara Law JD candidate) Valkyrie talked about mobile handset privacy. Some background: Senator Franken (also a comedian) became alarmed about CarrierIQ, where the carriers track their customers. Franken asked the FCC to find out what obligations carriers think they have to protect privacy. The carriers' response was that they are doing just fine with self-regulation—no worries! Carriers need to collect data, such as missed calls, to maintain network quality. But carriers also sell data for marketing. Verizon sells customer data and enables this with a narrow privacy policy (only 1 month to opt out, with difficulties). The data sold is not individually identifiable and is aggregated. But Verizon recommends, as an aggregation workaround to "recollate" data to other databases to identify customers indirectly. The FCC has regulated telephone privacy since 1934 and mobile network privacy since 2007. Also, the carriers say mobile phone privacy is a FTC responsibility (not FCC). FTC is trying to improve mobile app privacy, but FTC has no authority over carrier / customer relationships. As a side note, Apple iPhones are unique as carriers have extra control over iPhones they don't have with other smartphones. As a result iPhones may be more regulated. Who are the consumer advocates? Everyone knows EFF, but EPIC (Electrnic Privacy Info Center), although more obsecure, is more relevant. What to do? Carriers must be accountable. Opt-in and opt-out at any time. Carriers need incentive to grant users control for those who want it, by holding them liable and responsible for breeches on their clock. Location information should be added current CPNI privacy protection, and require "Pen/trap" judicial order to obtain (and would still be a lower standard than 4th Amendment). Politics are on a pro-privacy swing now, with many senators and the Whitehouse. There will probably be new regulation soon, and enforcement will be a problem, but consumers will still have some benefit. Hacking Measured Boot and UEFI Dan Griffin, JWSecure, Inc., Seattle, @JWSdan Dan talked about hacking measured UEFI boot. First some terms: UEFI is a boot technology that is replacing BIOS (has whitelisting and blacklisting). UEFI protects devices against rootkits. TPM - hardware security device to store hashs and hardware-protected keys "secure boot" can control at firmware level what boot images can boot "measured boot" OS feature that tracks hashes (from BIOS, boot loader, krnel, early drivers). "remote attestation" allows remote validation and control based on policy on a remote attestation server. Microsoft pushing TPM (Windows 8 required), but Google is not. Intel TianoCore is the only open source for UEFI. Dan has Measured Boot Tool at http://mbt.codeplex.com/ with a demo where you can also view TPM data. TPM support already on enterprise-class machines. UEFI Weaknesses. UEFI toolkits are evolving rapidly, but UEFI has weaknesses: assume user is an ally trust TPM implicitly, and attached to computer hibernate file is unprotected (disk encryption protects against this) protection migrating from hardware to firmware delays in patching and whitelist updates will UEFI really be adopted by the mainstream (smartphone hardware support, bank support, apathetic consumer support) You Can't Buy Security: Building the Open Source InfoSec Program Boris Sverdlik, ISDPodcast.com co-host Boris talked about problems typical with current security audits. "IT Security" is an oxymoron—IT exists to enable buiness, uptime, utilization, reporting, but don't care about security—IT has conflict of interest. There's no Magic Bullet ("blinky box"), no one-size-fits-all solution (e.g., Intrusion Detection Systems (IDSs)). Regulations don't make you secure. The cloud is not secure (because of shared data and admin access). Defense and pen testing is not sexy. Auditors are not solution (security not a checklist)—what's needed is experience and adaptability—need soft skills. Step 1: First thing is to Google and learn the company end-to-end before you start. Get to know the management team (not IT team), meet as many people as you can. Don't use arbitrary values such as CISSP scores. Quantitive risk assessment is a myth (e.g. AV*EF-SLE). Learn different Business Units, legal/regulatory obligations, learn the business and where the money is made, verify company is protected from script kiddies (easy), learn sensitive information (IP, internal use only), and start with low-hanging fruit (customer service reps and social engineering). Step 2: Policies. Keep policies short and relevant. Generic SANS "security" boilerplate policies don't make sense and are not followed. Focus on acceptable use, data usage, communications, physical security. Step 3: Implementation: keep it simple stupid. Open source, although useful, is not free (implementation cost). Access controls with authentication & authorization for local and remote access. MS Windows has it, otherwise use OpenLDAP, OpenIAM, etc. Application security Everyone tries to reinvent the wheel—use existing static analysis tools. Review high-risk apps and major revisions. Don't run different risk level apps on same system. Assume host/client compromised and use app-level security control. Network security VLAN != segregated because there's too many workarounds. Use explicit firwall rules, active and passive network monitoring (snort is free), disallow end user access to production environment, have a proxy instead of direct Internet access. Also, SSL certificates are not good two-factor auth and SSL does not mean "safe." Operational Controls Have change, patch, asset, & vulnerability management (OSSI is free). For change management, always review code before pushing to production For logging, have centralized security logging for business-critical systems, separate security logging from administrative/IT logging, and lock down log (as it has everything). Monitor with OSSIM (open source). Use intrusion detection, but not just to fulfill a checkbox: build rules from a whitelist perspective (snort). OSSEC has 95% of what you need. Vulnerability management is a QA function when done right: OpenVas and Seccubus are free. Security awareness The reality is users will always click everything. Build real awareness, not compliance driven checkbox, and have it integrated into the culture. Pen test by crowd sourcing—test with logging COSSP http://www.cossp.org/ - Comprehensive Open Source Security Project What Journalists Want: The Investigative Reporters' Perspective on Hacking Dave Maas, San Diego CityBeat Jason Leopold, Truthout.org The difference between hackers and investigative journalists: For hackers, the motivation varies, but method is same, technological specialties. For investigative journalists, it's about one thing—The Story, and they need broad info-gathering skills. J-School in 60 Seconds: Generic formula: Person or issue of pubic interest, new info, or angle. Generic criteria: proximity, prominence, timeliness, human interest, oddity, or consequence. Media awareness of hackers and trends: journalists becoming extremely aware of hackers with congressional debates (privacy, data breaches), demand for data-mining Journalists, use of coding and web development for Journalists, and Journalists busted for hacking (Murdock). Info gathering by investigative journalists include Public records laws. Federal Freedom of Information Act (FOIA) is good, but slow. California Public Records Act is a lot stronger. FOIA takes forever because of foot-dragging—it helps to be specific. Often need to sue (especially FBI). CPRA is faster, and requests can be vague. Dumps and leaks (a la Wikileaks) Journalists want: leads, protecting ourselves, our sources, and adapting tools for news gathering (Google hacking). Anonomity is important to whistleblowers. They want no digital footprint left behind (e.g., email, web log). They don't trust encryption, want to feel safe and secure. Whistleblower laws are very weak—there's no upside for whistleblowers—they have to be very passionate to do it. Accessibility and Security or: How I Learned to Stop Worrying and Love the Halting Problem Anna Shubina, Dartmouth College Anna talked about how accessibility and security are related. Accessibility of digital content (not real world accessibility). mostly refers to blind users and screenreaders, for our purpose. Accessibility is about parsing documents, as are many security issues. "Rich" executable content causes accessibility to fail, and often causes security to fail. For example MS Word has executable format—it's not a document exchange format—more dangerous than PDF or HTML. Accessibility is often the first and maybe only sanity check with parsing. They have no choice because someone may want to read what you write. Google, for example, is very particular about web browser you use and are bad at supporting other browsers. Uses JavaScript instead of links, often requiring mouseover to display content. PDF is a security nightmare. Executible format, embedded flash, JavaScript, etc. 15 million lines of code. Google Chrome doesn't handle PDF correctly, causing several security bugs. PDF has an accessibility checker and PDF tagging, to help with accessibility. But no PDF checker checks for incorrect tags, untagged content, or validates lists or tables. None check executable content at all. The "Halting Problem" is: can one decide whether a program will ever stop? The answer, in general, is no (Rice's theorem). The same holds true for accessibility checkers. Language-theoretic Security says complicated data formats are hard to parse and cannot be solved due to the Halting Problem. W3C Web Accessibility Guidelines: "Perceivable, Operable, Understandable, Robust" Not much help though, except for "Robust", but here's some gems: * all information should be parsable (paraphrasing) * if not parsable, cannot be converted to alternate formats * maximize compatibility in new document formats Executible webpages are bad for security and accessibility. They say it's for a better web experience. But is it necessary to stuff web pages with JavaScript for a better experience? A good example is The Drudge Report—it has hand-written HTML with no JavaScript, yet drives a lot of web traffic due to good content. A bad example is Google News—hidden scrollbars, guessing user input. Solutions: Accessibility and security problems come from same source Expose "better user experience" myth Keep your corner of Internet parsable Remember "Halting Problem"—recognize false solutions (checking and verifying tools) Stop Patching, for Stronger PCI Compliance Adam Brand, protiviti @adamrbrand, http://www.picfun.com/ Adam talked about PCI compliance for retail sales. Take an example: for PCI compliance, 50% of Brian's time (a IT guy), 960 hours/year was spent patching POSs in 850 restaurants. Often applying some patches make no sense (like fixing a browser vulnerability on a server). "Scanner worship" is overuse of vulnerability scanners—it gives a warm and fuzzy and it's simple (red or green results—fix reds). Scanners give a false sense of security. In reality, breeches from missing patches are uncommon—more common problems are: default passwords, cleartext authentication, misconfiguration (firewall ports open). Patching Myths: Myth 1: install within 30 days of patch release (but PCI §6.1 allows a "risk-based approach" instead). Myth 2: vendor decides what's critical (also PCI §6.1). But §6.2 requires user ranking of vulnerabilities instead. Myth 3: scan and rescan until it passes. But PCI §11.2.1b says this applies only to high-risk vulnerabilities. Adam says good recommendations come from NIST 800-40. Instead use sane patching and focus on what's really important. From NIST 800-40: Proactive: Use a proactive vulnerability management process: use change control, configuration management, monitor file integrity. Monitor: start with NVD and other vulnerability alerts, not scanner results. Evaluate: public-facing system? workstation? internal server? (risk rank) Decide:on action and timeline Test: pre-test patches (stability, functionality, rollback) for change control Install: notify, change control, tickets McAfee Secure & Trustmarks — a Hacker's Best Friend Jay James, Shane MacDougall, Tactical Intelligence Inc., Canada "McAfee Secure Trustmark" is a website seal marketed by McAfee. A website gets this badge if they pass their remote scanning. The problem is a removal of trustmarks act as flags that you're vulnerable. Easy to view status change by viewing McAfee list on website or on Google. "Secure TrustGuard" is similar to McAfee. Jay and Shane wrote Perl scripts to gather sites from McAfee and search engines. If their certification image changes to a 1x1 pixel image, then they are longer certified. Their scripts take deltas of scans to see what changed daily. The bottom line is change in TrustGuard status is a flag for hackers to attack your site. Entire idea of seals is silly—you're raising a flag saying if you're vulnerable.

    Read the article

  • Why You Should Attend MySQL Connect, and Register Now

    - by Bertrand Matthelié
    MySQL Connect is taking place on September 29 and 30 in San Francisco. The early bird discount enabling you to save US$ 500 is only running for a few more days, until July 13. Are you still wondering if you should sign up? Here are 10 reasons why you definitely should: Learn from other companies how they tackled similar challenges to the ones you’re facing. Find out what they learned along the way, and how you can save time, money and a lot of troubles by avoiding repeating the same mistakes and applying the best practices they’ve developed. You’ll get the chance to hear from organizations including PayPal, Verizon, Twitter, Facebook, Ticketmaster, Ning, Mozilla, CERN, Yahoo! and more! Don’t miss this unique opportunity to meet the engineers developing and supporting the MySQL products in a single location. You’ll be able to ask them all your questions, which can represent a huge time and money saver. Acquire detailed knowledge about InnoDB, the MySQL Optimizer, High Availability strategies, improving performance and scalability, enhancing security and numerous other topics. You’ll hear it straight "from the horse’s mouth" as well as from other MySQL experts in the ecosystem. Get a better understanding about Oracle’s MySQL strategy and about the MySQL roadmap, so you can better plan where to use the MySQL database and MySQL Cluster for your next web, cloud-based and other applications. Get hands-on experience about improving performance with the MySQL Performance Schema, about using MySQL Utilities, MySQL Cluster and a lot more with eight different Hands-On Labs. Express your ideas, engage into discussions and help influence the MySQL roadmap during Birds-of-a-feather sessions about replication, backup, query optimizations and other topics. Meet partners and learn about third party tools that could be useful in your architecture. Immerse yourself into the MySQL universe and hang out with MySQL experts for two days. The discussions as well as the relationships you will create can be priceless and help you execute on your next projects in a much better and faster way. Register Now to save US$500 by taking advantage of the Early bird discount running until July 13. We’ll have parallel tracks so you should consider sending a few team members to make the most of the event. Are you attending or planning to attend Oracle OpenWorld or JavaOne? You can add MySQL Connect to your registration for only US$100! Finally, it’s always a lot of fun to attend a MySQL conference. The passion and the energy are contagious…and you’ll likely get plenty of new ideas. You will find all information about the program in the MySQL Connect Content Catalog. We look forward to seeing you there! You can also read interviews with Tomas Ulin and Ronald Bradford about MySQL Connect. Sponsorship and exhibit opportunities are still available for the conference. You will find more information here.

    Read the article

  • Database Security: The First Step in Pre-Emptive Data Leak Prevention

    - by roxana.bradescu
    With WikiLeaks raising awareness around information leaks and the harm they can cause, many organization are taking stock of their own information leak protection (ILP) strategies in 2011. A report by IDC on data leak prevention stated: Increasing database security is one of the most efficient and cost-effective measures an organization can take to prevent data leaks. By utilizing the data protection, access control, account management, encryption, log management, and other security controls inherent in the database management system, entities can institute first-level control over the widest range of protected information. As a central repository for unstructured data, which is growing at leaps and bounds, the database should be the first layer providing information leakage protection. Unfortunately, most organizations are not taking sufficient steps to protect their databases according to a survey of the Independent Oracle User Group. For example, any operating system administrator or database administrator can access the all the data stored in the database in most organizations. Without any kind of auditing or monitoring. And it's not just administrators, database users can typically access the database with ad-hoc query tools from their desktop and by-pass any application level controls. Despite numerous regulations calling for controls to limit the powers of insiders, most organizations still put too many privileges in the hands of their employees. Time and time again these excess privileges have backfired. Internal agents were implicated in almost half of data breaches according to the Verizon Data Breach Investigations Report and the rate is rising. Hackers also took advantage of these excess privileges very successfully using stolen credentials and SQL injection attacks. But back to the insiders. Who are these insiders and why do they do it? In 2002, the U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts formed the Insider Threat Study team to examine insider threat cases that occurred in US critical infrastructure sectors, and examined them from both a technical and a behavioral perspective. A series of fascinating reports has been published as a result of this work. You can learn more by watching the ISSA Insider Threat Web Conference. So as your organization starts to look at data leak prevention over the coming year, start off by protecting your data at the source - your databases. IDC went on to say: Any enterprise looking to improve its competitiveness, regulatory compliance, and overall data security should consider Oracle's offerings, not only because of their database management capabilities but also because they provide tools that are the first layer of information leak prevention. Learn more about Oracle Database Security solutions and get the whitepapers, demos, tutorials, and more that you need to protect data privacy from internal and external threats.

    Read the article

  • MySQL Connect Keynotes and Presentations Available Online

    - by Bertrand Matthelié
    72 1024x768 Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Following the tremendous success of MySQL Connect, you can now watch some of the keynotes online: The State of the Dolphin – by Oracle Chief Corporate Architect Edward Screven and MySQL Vice President of Engineering Tomas Ulin 72 1024x768 Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Cambria","serif";} MySQL Perspectives – featuring power users of MySQL who share their experiences and perspectives: Jeremy Cole, DBA Team Manager, Twitter Daniel Austin, Chief Architect, PayPal Ash Kanagat, IT Director; and Shivinder Singh, Database Architect, Verizon Wireless You can also access slides from a number of MySQL Connect presentations in the Content Catalog. Missing ones will be added shortly (provided the speakers consented to it). Enjoy!

    Read the article

  • Easy solution to monitoring & blocking connections to non-malicious services, IP's, and tracking companies

    - by binarybunny
    Our family lives in the middle of nowhere, so the only high-speed internet available is Verizon's 3G mobile broadband. We have the highest package available, yet continually go over the 10GB limit and get charged $10 every 1GB we go over. We run a business from home, so stopping when we hit the limit is not an option. I've found the majority of connections are to Google, Microsoft, Akamai, Facebook, and other web service companies (mainly google). I know these are harmless connections, but when it costs money for them to monitor our web activity it becomes a serious problem. Here's some things I've done, but I'm sure there's something else that could help before blocking a huge set of IP ranges: stopped using windows (on my machine) use MVPS host file on all computers use firefox on all computers (with don't track me option) ad block plugin on all browsers blocking google updates blocking windows updates block images in browsers (when possible) use comodo (paranoia-level style of blocking..) virus-free computers with ESET NOD32 bought router and installed dd-wrt in attempt to block connections more diligently (and throttle bandwidth if it comes to that) Anything I'm missing? I know Google analytics is on almost all websites, as well as FB like buttons but I would like to be able to stop these connections without blocking use of google services like gmail, etc. Any ideas?

    Read the article

  • Split Tunnel VPN using incorrect Tunnel

    - by Brian Schmeltz
    Our company has a handful of field offices that have recently been setup with a regular internet connection after we removed the T1 and router that connected them directly to our network. Now, when the users are in the office, they log in to the VPN to be able to connect to the network. For the sake of them being able to print and scan from the local multi-function we have setup a split tunnel VPN. We currently have about 15-20 users using this setup around the country without any problems. Recently one of our users started having problems accessing internal programs/sites when connecting from both home and the office. There are three other users in the same office and they do not have this problem. I assumed that it was something with the computer and went ahead and replaced it with another of the same model. The computer worked fine in our home office; however, when the user received it, she had the exact same problem both at home and in the field office. Thinking it may be a NIC driver issue I sent her another computer, this time a different model, same problem occurred. If I update the host file to point to the correct paths, things will work, and if I connect via a normal VPN connection everything works, but the user cannot scan or print - which is a problem. Have tried to find ways to create another tunnel on a normal VPN and have tried to find ways to force the correct tunnel on the split tunnel VPN. It appears that there is something related to the ISP because if I connect to Comcast or Verizon it is fine but once she connects to Insite then she has problems. I have been unable to get any support from Insite as they don't feel the issue is with them. We use a Nortel VPN client. Any thoughts or ideas would be appreciated.

    Read the article

  • Computer causing WiFi interference?

    - by Mannimarco
    I came back from college and brought my desktop computer. Family recently switched to Verizon FIOS and got a new router because of it. Unfortunately, my connection to the new wifi network is awful, with the download speeds (tested through speedtest.net) fluctuating wildly and often dropping below 1.5 Mbps. A laptop in the same room gets 20 Mbps. I've tried a new wireless card, thinking that mine got damaged in the move home but no luck. Here's where it gets weird: if I place the laptop near the computer, the laptop's download speeds often suffer greatly. Pulling the laptop away always fixes this. So now I'm under the impression that there's something in the computer (which I built a year ago and has had 0 issues up to this point) is causing an insane amount of wireless interference. Also bizarre: the upload speeds seem unaffected by this problem. On the laptop and desktop, upload speeds are generally around 5 Mpbs. Any ideas as to what could be causing this and how to test said theories would be fantastic.

    Read the article

  • Split Tunnel VPN using incorrect Tunnel

    - by Brian Schmeltz
    Our company has a handful of field offices that have recently been setup with a regular internet connection after we removed the T1 and router that connected them directly to our network. Now, when the users are in the office, they log in to the VPN to be able to connect to the network. For the sake of them being able to print and scan from the local multi-function we have setup a split tunnel VPN. We currently have about 15-20 users using this setup around the country without any problems. Recently one of our users started having problems accessing internal programs/sites when connecting from both home and the office. There are three other users in the same office and they do not have this problem. I assumed that it was something with the computer and went ahead and replaced it with another of the same model. The computer worked fine in our home office; however, when the user received it, she had the exact same problem both at home and in the field office. Thinking it may be a NIC driver issue I sent her another computer, this time a different model, same problem occurred. If I update the host file to point to the correct paths, things will work, and if I connect via a normal VPN connection everything works, but the user cannot scan or print - which is a problem. Have tried to find ways to create another tunnel on a normal VPN and have tried to find ways to force the correct tunnel on the split tunnel VPN. It appears that there is something related to the ISP because if I connect to Comcast or Verizon it is fine but once she connects to Insite then she has problems. I have been unable to get any support from Insite as they don't feel the issue is with them. We use a Nortel VPN client. Any thoughts or ideas would be appreciated.

    Read the article

  • Wiring my internet

    - by u8sand
    I have Verizon internet service and am currently using wifi. My router is in the basement and my desktop computer is 2 floors and on the other side of the house above it... Worst possible positioning but that's just how things worked out. My wireless currently is extremely unstable so I've decide to correct the problem by wiring my computer directly. The problem lies here: when redoing the room next to it (when the wall was open) we went ahead and wired some coaxial cable from our attic to our basement (with plenty of slack on both ends, don't ask me why we didn't go ahead and wire a CAT6 cable). The question is: Can I use the coaxial cable to bring me internet connection? Naturally the router (which needs to stay where it is) takes a coaxial cable input and has Ethernet outputs. So maybe I would have to take a ethernet cable, convert to coaxial-coaxial to my computer, convert back to ethernet. Is this even possible to convert from coaxial to ethernet? Or do I have to attempt to go ahead and fish a cat6 cable through my house. I cannot just split the signal because that would require two routers and two networks (which I don't believe would work with one cable-one ISP correct me if I'm wrong). Thanks

    Read the article

  • Strange Internet Connection issues

    - by Nodren
    I'm attempting to troubleshoot problems with a laptop computer(HP 8510w) while it's connected to a server of mine via Remote Desktop. I double checked all the settings on the win2k3 server for remote desktop to verify that remote desktop isn't what's causing the disconnect issues, and other people using different computers/laptops can all connect to remote desktop correctly with no issues. These problems happen specifically when the laptop is connected via wifi(several different wifi sources, so it's not an ISP issue) as well as connected via a Verizon data card. However there's no network downtime when the laptop is resting in the docking station and plugged into the network with the remote desktop server. These problems have also only recently occurred since a recent hard drive failure in which a new hard drive was purchased and the laptop had a fresh install of windows xp professional. There's no special software used on this machine, just office 2003. So my question is, what could cause two types of internet access to fail while other types do not? If it is infact related to the win2k3 server, why is this particular laptop getting disconnected when others are not and are all on at the same time?

    Read the article

  • Unable to browse to apache service, Service is running

    - by Jeff
    Summary I have a very peculiar problem. I am not able to open the "It Works!" page after installing a fresh server with apache. I am able to ssh to the box (from outside the network). Apache seems to be running on my Centos6.4x86_64 box just fine. Nothing useful in /var/logs/httpd/*. What am I missing? The setup I am outside the network right now. The "server" is a VM on my home computer running bridged mode. public ip: A.B.C.D Host: 192.168.1.5 VM: 192.168.1.8 I have a verizon fios router that is forwarding ports 22, 80, and 8888 to the VM. I am able to ssh over port 22, but I am not able to browse to the public URL over port 80. so A.B.C.D:22 is working, but http://A.B.C.D:80 is not. What I've tried nmap to see if it is listening: nmap -sT -O localhost Starting Nmap 5.51 ( http://nmap.org ) at 2013-10-25 11:10 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000040s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 3306/tcp open mysql I tried going to it locally (lynx) and it does work. So, is the problem in my ports?

    Read the article

< Previous Page | 2 3 4 5 6 7 8  | Next Page >