Search Results

Search found 27912 results on 1117 pages for 'computer security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 8/1117 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Security risks posed by specifying technologies used

    - by SabreWolfy
    I am developing online tools for non-commercial use, which are hosted on dedicated hardware. I would like to include logos indicating the technologies I used (Apache or Python for example), at the bottom of the page. What are the security risks/implications, if any, of "advertizing" this information? It is better not to reveal that the web server is Apache, and that I used Pyhton and jQuery, for example?

    Read the article

  • Microsoft Blacklists Google, Windows 8 Integrated Security

    According to researcher Brian Krebs, millions of surfers were affected by the error which was caused by two of Microsoft's antivirus solutions in the form of Microsoft Security Essentials and the business-related Microsoft Forefront. Both received updates as part of Microsoft's traditional Patch Tuesday on February 14, and those patches are believed to be the cause behind Google's incorrect blacklisting. The false positive alert specifically tagged the search site as being infected with the infamous Blackhole Exploit Kit, which reportedly gives cybercriminals the power to create their own bo...

    Read the article

  • Update packages on very old ubuntu

    - by meewoK
    I want to add Mysqli support to a machine running: Server Version: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 I would rather not update more things then I need to. I run the following: sudo apt-get install php5-mysql However, as the ubuntu version is old I get the following. WARNING: The following packages cannot be authenticated! php5-cli php5-mysql php5-mhash php5-xsl php5-pspell php5-snmp php5-curl php5-xmlrpc php5-sqlite php5-gd libapache2-mod-php5 php5-common Install these packages without verification [y/N]? Y Err http://gr.archive.ubuntu.com gutsy-updates/main php5-cli 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-cli 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-mysql 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-mhash 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-xsl 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-pspell 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-snmp 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-curl 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-xmlrpc 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-sqlite 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-gd 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main libapache2-mod-php5 5.2.3-1ubuntu6.4 404 Not Found Err http://security.ubuntu.com gutsy-security/main php5-common 5.2.3-1ubuntu6.4 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pspell_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.2.3-1ubuntu6.4_i386.deb 404 Not Found Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.2.3-1ubuntu6.4_i386.deb 404 Not Found E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? Questions Can I add mysqli feature using another method instead of sudo-apt get? Even if successful can this break something on the system? Update: I have tried to add additional sources using the instructions from: http://superuser.com/questions/339537/where-can-i-get-therepositories-for-old-ubuntu-versions I have the following in the /etc/apt/sources.list file: # deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted #deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## universe WILL NOT receive any review or updates from the Ubuntu security ## team. deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates universe deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. #deb http://gr.archive.ubuntu.com/ubuntu/ gutsy multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy multiverse deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse # deb-src http://gr.archive.ubuntu.com/ubuntu/ gutsy-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. This software is not part of Ubuntu, but is ## offered by Canonical and the respective vendors as a service to Ubuntu ## users. # deb http://archive.canonical.com/ubuntu gutsy partner # deb-src http://archive.canonical.com/ubuntu gutsy partner deb http://security.ubuntu.com/ubuntu gutsy-security main restricted deb-src http://security.ubuntu.com/ubuntu gutsy-security main restricted deb http://security.ubuntu.com/ubuntu gutsy-security universe deb-src http://security.ubuntu.com/ubuntu gutsy-security universe deb http://security.ubuntu.com/ubuntu gutsy-security multiverse deb-src http://security.ubuntu.com/ubuntu gutsy-security multiverse # Required deb http://old-releases.ubuntu.com/ubuntu/gutsy main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/gutsy-updates main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/gutsy-security main restricted universe multiverse

    Read the article

  • Managing User & Role Security with Oracle SQL Developer

    - by thatjeffsmith
    With the advent of SQL Developer v3.0, users have had access to some powerful database administration features. Version 3.1 introduced more powerful features such as an interface to Data Pump and RMAN. Today I want to talk about some very simple but frequently ran tasks that SQL Developer can assist with, like: identifying privs granted to users managing role privs assigning new roles and privs to users & roles Before getting started, you’ll need a connection to the database with the proper privileges. The common ROLE used to accomplish this is the ‘DBA‘ role. Curious as to what the DBA role is actually comprised of? Let’s find out! Open the DBA Console First make sure you’re connected to the database you want to manage security on with a privileged administrator account. Then open the View menu and select ‘DBA.’ Accessing the DBA panel ‘Create’ a Connection Click on the green ‘+’ button in the DBA panel. It will ask you to choose a previously defined SQL Developer connection. Defining a DBA connection in Oracle SQL Developer Once connected you will see a tree list of DBA features you can start interacting with. Expand the ‘Security’ Tree Node As you click on an object in the DBA panel, the ‘viewer’ will open on the right-hand-side, just like you are accustomed to seeing when clicking on a table or stored procedure. Accessing the DBA role If I’m a newly hired Oracle DBA, the first thing I might want to do is become very familiar with the DBA role. People will be asking you to grant them this role or a subset of its privileges. Once you see what the role can do, you will become VERY protective of it. My favorite 3-letter 4-letter word is ‘ANY’ and the DBA role is littered with privileges like this: ANY TABLE privs granted to DBA role So if this doesn’t freak you out, then maybe you should re-consider your career path. Or in other words, don’t be granting this role to ANYONE you don’t completely trust to take care of your database. If I’m just assigned a new database to manage, the first thing I might want to look at is just WHO has been assigned the DBA role. SQL Developer makes this easy to ascertain, just click on the ‘User Grantees’ panel. Who has the keys to your car? Making Changes to Roles and Users If you mouse-right-click on a user in the Tree, you can do individual tasks like grant a sys priv or expire an account. But, you can also use the ‘Edit User’ dialog to do a lot of work in one pass. As you click through options in these dialogs, it will build the ‘ALTER USER’ script in the SQL panel, which can then be executed or copied to the worksheet or to your .SQL file to be ran at your discretion. A Few Clicks vs a Lot of Typing These dialogs won’t make you a DBA, but if you’re pressed for time and you’re already in SQL Developer, they can sure help you make up for lost time in just a few clicks!

    Read the article

  • Jersey, Apache HTTPD, and javax.annotation.security usage

    - by Nick Klauer
    So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jersey service through Headers. I've created a servlet filter to parse the header and tease out the roles the request came from, which works fine globally to the app, but isn't fine-grained enough to dictate what an Admin could do that a User could not. I'm thinking I could use the javax.annotation.security annotations that JAX-RS supports, but I don't know how to take what I've parsed out using a servlet filter to set or instantiate the SecurityContext necessary for the roles @RolesAllowed.

    Read the article

  • Database independent row level security solution

    - by Filip
    Hi, does anybody knows about Java/C# database independent authorization library. This library should support read, write, delete, insert actions across company organizational structure. Something like this: - user can see all documents - user can enter new document assigned to his unit - user can change all documents assigned to his unit and all subordinate units. - user can delete documents that are assigned to him I should also be able to create custom actions (besides read, write,...) connect them to certain class and assign that "security token" to user (e.g. document.expire). If there aren't any either free or commercial libraries, is there a book that could be useful in implementing this functionality? Thanks.

    Read the article

  • Security considerations for my first eStore.

    - by RPK
    I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

    Read the article

  • Oracle Security Webcast - today

    - by Alex Blyth
    Hi AllHere are the details for today's (12th May 2010) webcast on "Oracle Database Security"  -  beginning at 1.30pm (Sydney, Australia Time) :Webcast is at http://strtc.oracle.com (IE6, 7 & 8 supported only)Conference ID for the webcast is 6690429Conference Key: securityEnrollment is required. Please click here to enroll.Please use your real name in the name field (just makes it easier for us to help you out if we can't answer your questions on the call)Audio details:NZ Toll Free - 0800 888 157 orAU Toll Free - 1800420354 (or +61 2 8064 0613Meeting ID: 7914841Meeting Passcode: 12052010Talk to you all at 1.30CheersAlex

    Read the article

  • Wine Security - Improvement by second user account?

    - by F. K.
    Team, I'm considering installing wine - but still hesitant for security reasons. As far as I found out, malicious code could reach ~/.wine and all my personal data with my user-priviledges - but not farther than that. So - would it be any safer to create a second user account on my machine and install wine there? That way, the second user would only have reading rights to my files. Is there a way to install wine totally confined to that user - so that I can't execute .exe files from my original account? Thanks in advance! PS - I'm running Ubuntu 11.10 64bit if that matters.

    Read the article

  • How do you structure computer science University notes?

    - by Sai Perchard
    I am completing a year of postgraduate study in CS next semester. I am finishing a law degree this year, and I will use this to briefly explain what I mean when I refer to the 'structure' of University notes. My preferred structure for authoring law notes: Word Two columns 0.5cm margins (top, right, bottom, middle, left) Body text (10pt, regular), 3 levels of headings (14/12/10pt, bold), 3 levels of bulleted lists Color A background for cases Color B background for legislation I find that it's crucial to have a good structure from the outset. My key advice to a law student would be to ensure styles allows cases and legislation to be easily identified from supporting text, and not to include too much detail regarding the facts of cases. More than 3 levels of headings is too deep. More than 3 levels of a bulleted list is too deep. In terms of CS, I am interested in similar advice; for example, any strategies that have been successfully employed regarding structure, and general advice regarding note taking. Has latex proved better than Word? Code would presumably need to be stylistically differentiated, and use a monospaced font - perhaps code could be written in TextMate so that it could be copied to retain syntax highlighting? (Are notes even that useful in a CS degree? I am tempted to simply use a textbook. They are crucial in law.) I understand that different people may employ varying techniques and that people will have personal preferences, however I am interested in what these different techniques are. Update Thank you for the responses so far. To clarify, I am not suggesting that the approach should be comparable to that I employ for law. I could have been clearer. The consensus so far seems to be - just learn it. Structure of notes/notes themselves are not generally relevant. This is what I was alluding to when I said I was just tempted to use a textbook. Re the comment that said textbooks are generally useless - I strongly disagree. Sure, perhaps the recommended textbook is useless. But if I'm going to learn a programming language, I will (1) identify what I believe to be the best textbook, and (2) read it. I was unsure if the combination of theory with code meant that lecture notes may be a more efficient way to study for an exam. I imagine that would depend on the subject. A subject specifically on a programming language, reading a textbook and coding would be my preferred approach. But I was unsure if, given a subject containing substantive theory that may not be covered in a single textbook, people may have preferences regarding note taking and structure.

    Read the article

  • Security considerations for a default install?

    - by cpedros
    So with an old burned install CD of Feisty Fawn I went through the process of completely formatting the Windows OS and installing Ubuntu on an old XP laptop. I then went through the online upgrade to 10.4 LTS, only installing the gnome desktop environment package in the process. My (admittedly very open) question is that in this state and online, what security considerations do I have to immediately make for the default install? I understand that a lot of this swings on my intended use of the server, but just sitting there online what risks is it exposed to (this obviously goes far beyond the realm of linux, but I am not sure how these risks are accommodated in the default install). For example, I believe there is a firewall installed with Ubuntu but by default it allows all traffic. Any other guidelines would be much appreciated. Thanks

    Read the article

  • How to manage security cameras in Ubuntu?

    - by Josh
    I am setting up a server of sorts and chose ubuntu for the OS as my dad has it on a few computers. I am unimpressed with Windows or MAC due to all the add-ons and complexity of it when all I want is something simple. The system will have 3 purposes, storing my wife's photography work (she is a professional photographer) storing music for quick access to our entertainment system (will be running the system through the tv in our living room and thus through our surround sound) and will also serve as a DVR unit for a home security system I am going to put together. My question is what sort of software options are there for the Ubuntu system as far as a DVR with frame by frame playback. It does not need to be fancy but of course a variety of options are a nice touch.

    Read the article

  • Security considerations for default install of Ubuntu

    - by cpedros
    So with an old burned install CD of Feisty Fawn I went through the process of completely formatting the Windows OS and installing Ubuntu on an old XP laptop. I then went through the online upgrade to 10.4 LTS, only installing the gnome desktop environment package in the process. My (admittedly very open) question is that in this state and online, what security considerations do I have to immediately make for the default install? I understand that a lot of this swings on my intended use of the server, but just sitting there online what risks is it exposed to (this obviously goes far beyond the realm of linux, but I am not sure how these risks are accommodated in the default install). For example, I believe there is a firewall installed with Ubuntu but by default it allows all traffic. Any other guidelines would be much appreciated. Thanks

    Read the article

  • Security of keyctl

    - by ftiaronsem
    Hello alltogether Today I set up an ecryptfs directory, which is automatically mounted at login via pam. To do so i followed the guide in the ecryptfs readme ecryptfs-readme To sum up, I now have a key stored in the usser session keyring. The first thing I do not understand is why this key is only showing up via keyctl show and not with the gnome-gui "Passwords and encryption keys". The second thing I am curious about is the security. I assume that my passphrase is somehow stored on the harddisk. But how exactly and how secure is this? Thanks in advance

    Read the article

  • Where can I safely learn about computer security?

    - by Ammar Ahmed
    I find it really hard to find resources about computer security. I asked questions on message boards about key loggers and viruses and I got negative assumption from people assuming the the worse. Also, I don't think that I can trust random message boards. I know that it is a broad topic, but are there any good websites that I can follow and learn from that are targeted to beginner with some samples? I am a developer (or at least want to be one) and I have a CS degree if that helps.

    Read the article

  • Computer Science Programming Certificate vs. Computer Science Degree?

    - by Jess
    I'm kind of in a tough spot. My current living conditions require that I work a full-time job while attending school. I've attended a UC in the past but had to withdraw my junior year due to financial issues at home. I currently work an entry-level IT corp job but I'm looking to further my salary/skills by getting a degree, or a programming certificate like this one: http://www.lavc.edu/voced1/CSITCertCSP/CSITCertFrameCSP.htm Herein lies the problem. I prefer getting a CS degree from an accredited university but I looked at the schedules for classes and it is impossible to work around my current 40/hr work week. There are random morning classes, with the occasional evening class, but the times get even more construed as I move my way up to the upper divisions. So what I guess I'm trying to get at is, can anyone lay out the pros and cons of obtaining a certificate vs. the degree (besides obvious points like the latter being 100x better)? I'm aware that having a degree is always going to be a better route, but...is the programming certificate useless? Should I not even bother?

    Read the article

  • How to Configure Microsoft Security Essentials

    Microsoft Security Essentials is the software giant's free solution for home users as well as small businesses. As long as you have a genuine copy of Windows running on your PC, you can enjoy all it has to offer. The program is characterized by easy installation and a user interface that is intuitive and rather simple to navigate. With so many viruses, spyware, and other malicious items floating all around the Web, keeping your PC secure should be of utmost importance. After all, you want to protect your investment and your sanity at the same time. Having a solid program such as Microsof...

    Read the article

  • Inspiring Computer Science College Student Stories?

    - by funk-shun
    After watching "The Social Network", a movie about Mark Zuckerberg and Facebook, I had a productivity spike as it inspired me to learn many different languages and software. That spike has been deteriorating somewhat and I don't feel like watching the movie all over again so I was wondering if anybody had any other similar success stories/links/articles/whatever. Mainly about successes that started for people in college.

    Read the article

  • security cameras and Ubuntu

    - by Josh
    I am setting up a server of sorts and chose ubuntu for the OS as my dad has it on a few computers. I am unimpressed with Windows or MAC due to all the add-ons and complexity of it when all I want is something simple. The system will have 3 purposes, storing my wife's photography work (she is a professional photographer) storing music for quick access to our entertainment system (will be running the system thru the tv in our living room and thus though our surround sound) and will also serve as a DVR unit for a home security system I am going to put together. My question is what sort of software options are there for the Ubuntu system as far as a DVR with frame by frame playback. It does not need to be fancy but of course a variety of options are a nice touch.

    Read the article

  • Learning about security and finding exploits

    - by Jayraj
    First things first: I have absolutely no interest in learning how to crack systems for personal enrichment, hurting other people or doing anything remotely malicious. I understand the basis of many exploits (XSS, SQL injection, use after free etc.), though I've never performed any myself. I even have some idea about how to guard web applications from common exploits (like the aforementioned XSS and SQL injection) Reading this question about the Internet Explorer zero-day vulnerability from the Security SE piqued my curiosity and made me wonder: how did someone even find out about this exploit? What tools did they use? How did they know what to look for? I'm wary about visiting hacker dens online for fear of getting my own system infected (the Defcon stories make me paranoid). So what's a good, safe place to start learning?

    Read the article

  • Diving into a computer science career [closed]

    - by Willis
    Well first I would like to say thank you for taking the time to read my question. I'll give you some background. I graduated two years ago from a local UC in my state with a degree in cognitive psychology and worked in a neuroscience lab. During this time I was exposed to some light Matlab programming and other programming tidbits, but before this I had some basic understanding of programming. My father worked IT for a company when I was younger so I picked up his books and took learned things along the way growing up. Naturally I'm an inquisitive person, constantly learning, love challenges, and have had exposure to some languages. Yet at this point I was fully pursue it as a career and always had this in the back of my head. Where do I start? I'm 25 and feel like I still have time to make a switch. I've immersed myself in the terminal/command prompt to start, but which language do I focus on? I've read the A+ book and planning to take on the exam, then the networking exam, but I want to deal with more programming, development, and troubleshooting. I understand to get involved in open source, but where? I took the next step and got a small IT assistant job, but doesn't really deal with programming, development, just troubling shooting and small network issues. Thank you!

    Read the article

  • Usefull skills from a computer science degree

    - by Tom Squires
    I did my degree in physics and moved later into programming. I have two and a half years experience under my belt and like to think I write good code. I am, however, concerned that not doing a compsci degree has left holes in my knowledge. I would like to fill those up now since I know I want to be doing programming for the rest of my career. What skills/techniques did you learn in your compsci degree that one wouldn't pick up from on-the-job programming?

    Read the article

  • Computer freezes, wireless network icon disappears

    - by Heidi
    As you can see I have two problems. I have a Toshiba Tecra A3 computer. It is 5-6 years old and it is connected to a D-link router. For a period now it has not been working correctly. The computer freezes either when i try turning it on or when I have been using the computer for a short period of time. The times the computer works normally I have a problem with a disappearing wireless network icon, and so I have no internet. Can this be fixed or do I have to buy a new computer? I only use the computer for internet surfing and easy tasks like word etc, so I would like to keep it as long as possible.

    Read the article

  • Security vulnerability and nda's [closed]

    - by Chris
    I want to propose a situation and gain insight from the communities thoughts. A customer, call them Customer X has a contract with a vendor, Vendor Y to provide an application and services. Customer X discovers a serious authentication vulnerability in Vendor Y's software. Vendor Y and Customer X has a discussion. Vendor Y acknowledges/confirms flaw. Vendor Y confirms they will put effort to fix. Customer X requests Vendor Y to inform all customers impacted by this. Vendor agrees. Fast forward 2 months, and the flaw has not been fixed. Patches were applied to mitigate but the flaw still exists. However, no customers were informed of issue. At this point customer X contacts Vendor Y to determine the status and understand why customer's were not informed. The vendor nicely reminds the customer they are under an NDA and are still working on the issue. A few questions/discussion pieces out of this. By discussing a software flaw with a vendor, does this imply you have agreed to any type of NDA disclosure? Additionally, what rights as does Customer X have to inform other customers of this vulnerability if vendor does not appear willing to comply? I (the op) am under the impression that when this situation occurs, you are supposed to notify vendor of issue, provide them with ample time to respond and if no response you are able to do what you wish with the information. I am thinking back to the MIT/subway incident where they contacted transit authorities, transit authorities didn't respond in a timely fashion so the students disclosed the information publicly on their own. Few things to note about this: I am not the customer in above situation, also lets assume for purposes of keeping discussion inline that customer X has no intentions of disclosing information, they are merely concerned and interested in making sure other customers are aware until it is fixed so they do not expierence a major security breach. (More information can be supplied if needed to add context to question. )

    Read the article

  • About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

    - by frank.nimphius
    Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Oracle JDeveloper 11.1.1.4 comes with a new ADF Security feature called "entitlement grants". This has nothing to do with Oracle Entitlement Server (OES) but is the ability to group resources into permission sets so they can be granted with a single grant statement. For example, as good practices when organizing your projects, you may have grouped your bounded task flows by functionality and responsibility in sub folders under the WEB-INF directory. If one of the folders holds bounded task flows that are accessible to all authenticated users, you may create an entitlement grant allAuthUserBTF and select all bounded task flows that are accessible for authenticated users as resources. You can then grant allAuthUserBTF to the authenticated-role so that with only a single grant statement all selected bounded task flows are protected. Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} <permission-sets>         <permission-set>             <name>PublicBoundedTaskFlows</name>             <member-resources>               <member-resource>                 <resource-name>                      /WEB-INF/public/home-btf.xml#home-btf                 </resource-name>                 <type-name-ref>TaskFlowResourceType</type-name-ref>                 <display-name> ... </display-name>                 <actions>view</actions>               </member-resource>               <member-resource>                 <resource-name>                         /WEB-INF/public/preferences-btf.xml#preferences-btf                </resource-name>                 <type-name-ref>TaskFlowResourceType</type-name-ref>                 <display-name>...</display-name>                 <actions>view</actions>               </member-resource>             </member-resources>           </permission-set>   </permission-sets> The grant statement for this permission set is added as shown below <grant>   <grantee>     <principals>        <principal>             <name>authenticated-role</name>             <class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>         </principal>       </principals>     </grantee>     <permission-set-refs>         <permission-set-ref>            <name>PublicBoundedTaskFlows</name>         </permission-set-ref>      </permission-set-refs> </grant>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >