Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 79/509 | < Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >

  • Making HTML5 videos stored on AWS S3 **difficult** to download (because I cant make it impossible)

    - by Jimmery
    I am building a website that hosts video's stored on AWS's S3 service. The videos are played thru a HTML5 player we have built. Ive just been asked to make sure "nobody can steal our video's". Now I know that if you really don't want something stolen, don't put it up on the internet. However I just need to secure these videos as good as possible, the videos need to at the very least resist someone going thru the source code and trying to download them manually. One option available to me is to completely rebuild the video player in flash. This is not ideal, for several reasons, notably because I would also then have to build an App for mobile devices to be able to view this site. So I am looking for other options. I have heard about using a token to make the file available only during certain times. I have heard of using a separate file to serve the videos that sits between the HTML5 page and the video file. I am also having a look at IAM, the Secure AWS Access Control, in the hopes AWS can solve this problem for me. Can anyone here recommend any of these options? Or perhaps suggest other options available to me? Any help would be greatly appreciated.

    Read the article

  • Microsoft Secret Event: New Tablet Unveiling?

    If you read the headline, you know what everyone thinks it will be: a new tablet computer, that Microsoft will manufacture from beginning to end. Apparently, the company believes it will be better able to compete against Apple if it controls both the hardware and the software. But why choose this location for the announcement? Wired thinks it makes sense if the tablet features Xbox live streaming. That would turn the humble device into something of a media machine. Speaking of the device itself, what kind of specs will this hypothetical tablet have? It's hard to say. Microsoft boasts software...

    Read the article

  • Is this buffer overflow working on Mac OSX? [migrated]

    - by cobie
    Was reading through some text and playing around with attempting to write past the size of an array in C i.e buffer overflow. The text indicates that whenever you attempt to write to say array[5] when the length of the array is 5 then you get a segmentation fault but I dont seem to be getting that When using the code below. The code actually runs. #include <stdio.h> #include <string.h> int main () { int i; int array[5] = {1, 2, 3, 4, 5}; for (i = 0; i <= 255; i++) { array[i] = 10; } int len = sizeof(array) / sizeof(int); printf("%d\n", len); printf("%d\n", array[254]); } On execution of the last statement, a 10 is printed. Am wondering whether this is a vulnerability or if there is something I am missing. I am running the code from iterm2 on a macbook pro.

    Read the article

  • Microsoft Unveils Xbox SmartGlass

    SmartGlass won't be available to consumers until the fall, and if the reviews of the feature's capability are any indication, it's going to feel like a very long wait. SmartGlass lets you switch from watching something on your TV to watching it on your tablet or smartphone, and vice versa. But that's only the beginning. SmartGlass also lets developers turn smartphones and tablets into Xbox 360 controllers. Thus, if you're playing a sports-based game with your friends, you can enter your strategic plays into your smartphone, so he can't tell what your team is about to do. Or, with a baseball ga...

    Read the article

  • Microsoft Patches Internet Explorer 9, Launches YourBrowserMatter

    Due to the critical status of the Internet Explorer 9 fix, any users with the recommended Windows Update setting of install updates automatically enabled should receive it by default. Microsoft urges users with automatic updates disabled to install the fix manually via Windows Update. IT administrators in charge of handling organizations are urged to do the same using their go-to software for managing patches in-house. Of the eight vulnerabilities targeted by the IE9 update, the most crucial make it possible for remote code execution to occur on PCs where users have visited certain affecte...

    Read the article

  • Protecting the integrity of a game state while minimizing amount of data sent

    - by espais
    I'm developing a game in PHP/jQuery, and naturally have to be wary of any sort of data coming from the client. At present, I have tables of data representing the map (2D roguelike), monsters, items, and player(s). Initially, my thought was to simply package it all in a JSON object and send it every game tick, however when actually looking at the data I realized that's quite a large packet to be sending. So, my question is what is a good approach for minimizing data sent to the client? Obviously I would need to figure out some way of validating whatever it sends back. Initially we'd hoped to do some minimal verification on the client-side, but each time we thought of one thing we could do it is immediately invalidated with tools like Firebug. Kind of an open question I realize, but we want to get this right before we move on with our implementation so we don't have to shoehorn in bugfixes later on.

    Read the article

  • Patch Tuesday Fixes, Valentine`s Scams

    Microsoft plans to release nine bulletins on Tuesday that cover 21 vulnerabilities across its wide portfolio of products. Of the nine bulletins, four have been tagged with the software giant's critical rating, meaning they should be given the utmost importance with regard to the overall patching process exercised by users and organizations. The four critical updates address vulnerabilities in Microsoft's Internet Explorer browser, its Windows operating system, and Silverlight. As for the remaining five updates, Microsoft has labeled them as being important. Those will cover issues foun...

    Read the article

  • How can robots beat CAPTCHAs?

    - by totymedli
    I have a website e-mail form. I use a custom CAPTCHA to prevent spam from robots. Despite this, I still get spam. Why? How do robots beat the CAPTCHA? Do they use some kind of advanced OCR or just get the solution from where it is stored? How can I prevent this? Should I change to another type of CAPTCHA? I am sure the e-mails are coming from the form, because it is sent from my email-sender that serves the form messages. Also the letter style is the same. For the record, I am using PHP + MySQL, but I'm not searching for a solution to this problem. I was interested in the general situation how the robots beat these technologies. I just told this situation as an example, so you can understand better what I'm asking about.

    Read the article

  • Is the php method md5() secure? Can it be used for passwords? [migrated]

    - by awiebe
    So executing a php script causes the form values to be sent to the server, and then they are processed. If you want to store a password in your db than you want it to be a cryptographic hash(so your client side is secure, can you generate an md5 using php securely( without submitting the user:password pair in the clear), or is there an alternative standard method of doing this, without having the unecrypted pasword leaving the clients machine? Sorry if this is a stupid question I'm kind of new at this. I think this can be done somehow using https, and on that note if a site's login page does not use https, does that mean that while the databse storage is secure, the transportation is not?

    Read the article

  • The server principal '<domain>\User' already exists. But it doesn’t

    - by simonsabin
    Interesting little situation occurred today, the person I was working with was trying to add a login to a server and was getting the following error. “The server principal '<domain>\User' already exists” They were using a command like this and couldn’t figure out why they were getting the error above because when they looked at the logins setup on the system the login definitely didn’t exist. CREATE LOGIN [<domain>\<user>] FROM WINDOWS WITH DEFAULT_DATABASE = [master] The...(read more)

    Read the article

  • secure offline PC storage accessible through javascript

    - by turbo2oh
    I'm attempting to build a browser-based HTML5 application that has the ability to store data locally on a PC (not mobile device) when offline. This data is sensitive and must be secure. Of course the trick is trying to find a way to be able to access the secure data with Javascript. I've ruled out browser local storage since its not secure. Could this be accomplished with a local database? If so, where could the DB credentials be stored? Javascript obviously doesn't seem like a good option to store them since its user-readable.

    Read the article

  • Good quality Secure Software Development Training [closed]

    - by Patrick
    Just had my annual appraisal and found out my company is willing to pay for training and exams etc! Woohoo (they kept that one quiet). I'm interested in doing a course on secure development techniques. Has anyone got any suggestions for good quality distance learning courses in secure development (I could probably get a couple of days off to attend a conference/ course if required)? We're mostly an MS .Net house but I have no particular allegiance to MS or any other programming language (though, obviously, C++ is the best language in the world). I have 12 years development experience working in (what are now) PCI:DSS environments, including designing and developing a key management system and I have some knowledge of basic attacks (XSS, injection etc). I would prefer a hard course I struggle with to a basic course I learn 3 things from (but hopefully get something right at my level). A quick google found these two course which look good: http://www.sans.org/course/secure-coding-net-developing-defensible-applications https://www.isc2.org/csslpedu/default.aspx I don't really know how to choose between them, and finding other courses isn't going to make that job any easier, so I thought I'd ask those who know. EDIT : Hmm, care to share the reason for your down vote, will help me learn how to use the site better...

    Read the article

  • Is having sensitive data in a PHP script secure? [closed]

    - by tkbx
    Possible Duplicate: What attributes of PHP make it insecure? I've heard that PHP is somewhat secure because Apache won't allow the download of raw PHP. Is this reliable, though? For example, if you wanted to password protect something, but didn't want to create a database, would something like $pass = "123454321"; be safe? Bottom line, is it safe to assume that nobody has access to the actual .php file?

    Read the article

  • Can a whitespace regex character be used to perform a javascript injection? [migrated]

    - by webose
    if I want to validate the input of a <textarea>, and want it to contain, for example, only numerical values, but even want to give users the possibility to insert new lines, I can selected wanted characters with a javascript regex that includes even the whitespace characters. /[0-9\s]/ The question is: do a whitecharacter can be used to perform injections, XSS,even if I think this last option is impossible, or any other type of attack ? thanks

    Read the article

  • Is the using of dirname(__FILE__) a good practice?

    - by webose
    looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the dirname(FILE) is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome. Thanks

    Read the article

  • Windows 8: Paradigm Shift

    You've probably heard a lot about the loss of the Start button in Windows 8. While it isn't completely lost - you can still get to it via a convoluted path - its disappearance is merely a sign of the rethinking that went into the operating system's creation. Window 8's designers made certain assumptions while building the new system: Users will interact with the operating system predominantly through a touch interface. Users will do their computing on mobile devices, and may in fact use several different devices for the same purposes. They may even want to get work done on devices they do n...

    Read the article

  • Using System.Security.SecureString in .NET Remoting App?

    - by Beaner
    I am developing a Remoting application where a client looks up store specific information to login to a web server. It sets the user name and passwords in a class that stores the properties as System.Security.SecureString. I then try to pass the class with the login credentials to a server object that uses it to connect to the web host, get and some information back. When I call the server method I this error:Type 'System.Security.SecureString' in Assembly 'mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' is not marked as serializable. The class that contains the SecureStrings is marked as serializeable, and this was working while developing until I added the SecureString properties. Is there something I need to do to make this work, or am I going to have to change SecureString to String?

    Read the article

  • CC.NET Dashboard Error: Could not load type 'System.Security.Authentication.ExtendedProtection.Chann

    - by Leslie
    Late last week I upgraded CC.NET locally and on the build server. The build server is still fine, but locally I am now getting the following error: Exception Details: Exortech.NetReflector.NetReflectorTypeLoadException: Unable to load types from assembly System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089: Failed to load 1 of the 3612 types defined in the assembly. Exceptions: - Unable to load type: System.Security.Authentication.ExtendedProtection.ChannelBinding Exception: System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.ChannelBinding' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. I'm afraid this started after a batch of Windows updates this morning. I had another two updates that won't run, 979909 and 982168 (I had an update that wouldn't run last month). Anyone else having any issues? Thanks!

    Read the article

  • wcf data service security configuration

    - by Daniel Pratt
    I'm in the process of setting up a WCF Data Services web service and I'm trying to sort out the security configuration. Although there's quite a lot of documentation out there for configuring WCF security, a lot of it seems to be outmoded or does not apply to my scenario. Ultimately, I am planning on managing authorization of operations via change interceptors. Thus, all I really need is the simplest way to permit a client to pass credentials along with a request and to be able to authenticate those credentials against either AD or an ASP.NET membership provider (I'd much prefer the latter unless it makes things much more complicated). I'm intending to manage encryption at the transport level (i.e. HTTPS). I'm hoping that the eventual solution does not involve a huge web.config. Likewise, I'd much prefer to avoid writing custom code for the purpose of authentication.

    Read the article

  • OCR an RSA key fob (security token)

    - by user130582
    I put together a quick WinForm/embedded IE browser control which logs into our company's bank website each morning and scrapes/exports the desired deposit information (the bank is a smallish regional bank). Since we have a few dozen "pseudoaccounts" that draw from the same master account, this actually takes 10-15 minutes to retrieve. Anyway, the only problem is that our business bank account reuires an RSA security token (http://www.rsa.com/node.aspx?id=1156)--if you are not familiar, it is a small device which shows a random 6 digit number every 15(?) seconds, so I have to prompt for this value before starting. This is on top of the website's login based security model, so even if you create a read-only account that can't do anything, you still have to put the RSA number in. We have 5 of these tokens for different people in the company. From our perspective this is nusiance security. I was joking about using a web camera to OCR the digits from the key fob so they didn't have to type it in -- mainly so that the scraping/export would be done before anyone arrives in the morning. Well, they asked if I could really do it. So now I ask you, how hard (how many hours) do you think it would take to OCR these digits reliably from a JPEG image produced by the camera? I already know I can get the JPEG easily. I think you get 3 tries to log in, so it really needs to hit a 99% accuracy rate. I could work on this on my off time, but they don't want me to put more than a few hours into it, so I want to leverage as much existing code as possible. This is a 7-segment display (like an alarm clock) so it's not exactly text that an OCR package would be used to seeing. Also--there is a countdown timer on the side of the display; typically when it is down to 1 bar, you wait until the next number appears and it starts over at 5 bars (like signal strength on your cell phone). So this would need to be OCRd as well but it is not text. Anyway the more I think about it as I type this, the less convinced I am that I can truly get this right, so maybe I should just work on it in my spare time?

    Read the article

  • Security behaviour in Adobe Air

    - by t.stamm
    Hi everyone! I am trying to load external SWFs in my Adobe AIR App. The loaded SWF is trying to access an URL to retrieve some informations via XML. When starting the SWF by itself it works fine. When loading the SWF from the File.applicationStorageDirectory i will get an Security-Error because the loaded App is executed in a local-with-filesystem Sandbox appareantly. First Question: Is there a way to change this? That the loaded SWF is running in a network Sandbox? Since that first attempt didn't worked i've moved the SWF to the app:// directory. Now i'll get a Security-Error because there is no policy file on the Server available where the XML data should be retrieved. Second Question: Why is the policy file not necessary when running the SWF by itself, but is necessary when trying to load the data from the application Sandbox? What am i doing wrong? Thanks in advance!

    Read the article

  • GoDaddy and ASP.NET Security exception thrown

    - by stighy
    Hi guys, i'm having a problem when i try to host my website on godaddy. This is what i receive from website: Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. To discover the problem, i've tried changin my web.config, adding "trust level='Medium'". But i get an error when i try to access godaddy mysql server with the mysql connector. Any ideas ? Thanks in advance !

    Read the article

  • error with Security Exception

    - by Alexander
    I am getting the following error on my page: Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. The problem is with the following code SmtpClient mailClient = new SmtpClient("smtp.gmail.com", 587); What's weird is that when testing it at my localhost, everything works fine, but when I put it on my 1and1 web host it generates the error above. I contacted their support and here's their answer. We do check the error logs and the operation require a FullTrust environment which currently fall under restriction on .NET Framewor k What should I do?

    Read the article

  • actionscript calling javascript with Security Exception

    - by Jeffrey Chee
    I have a swf hosted at domain A, and I have a html at domain B My swf is able to be loaded from accessing the html at domain B. However, the swf gets a SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://domainA.com/TrialApp.swf cannot access http://DomainB.com/. The as3 is just the below: ExternalInterface.call("javascript:_invite();"); I've also loaded the crossdomain policy file from Domain B during initialization. Security.loadPolicyFile( "http://DomainB/crossdomain.xml" ); How do I go about solving this? in my html, I have allowscriptaccess='always' Thanks in Advance

    Read the article

< Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >