Search Results

Search found 1214 results on 49 pages for 'protection'.

Page 8/49 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Google App Engine + AWS S3 file protection!

    - by grep
    Hi all, I have an application running on GAE/J that streams video from AWS S3. I need a solution for protecting the video from being stolen and I found that pre-signed URLs might be it (??). How can I create pre-signed URLs from GAE/J or there's a better solution to secure the videos? thanks

    Read the article

  • La CNIL donne 3 mois à Google pour modifier sa politique de confidentialité, 36 autorités de protection de données préoccupées par les Google Glass

    La CNIL donne trois mois à Google pour modifier sa politique de confidentialité 36 autorités de protection de données préoccupées par les Google GlassLa CNIL, l'autorité de contrôle en matière de protection des données personnelles a sommé Google de se mettre en conformité par rapport à ses exigences dans un délai de trois mois, sous peine d'être sanctionné.L'action de la CNIL France fait suite à une enquête menée conjointement avec le G9 (groupe des CNIL européennes) sur la politique de confidentialité adoptée par Google depuis mars 2012 pour l'ensemble de ses services. Les CNIL avaient demandé à Google en octobre 2011 d'apporter des modifications à ses règles de confidentialité, avec un délai ...

    Read the article

  • Secure hash and salt for PHP passwords

    - by luiscubal
    It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password protection for individual files? Suggests using salt. I'm using PHP. I want a safe and fast password encryption system. Hashing a password a million times may be safer, but also slower. How to achieve a good balance between speed and safety? Also, I'd prefer the result to have a constant number of characters. The hashing mechanism must be available in PHP It must be safe It can use salt (in this case, are all salts equally good? Is there any way to generate good salts?) Also, should I store two fields in the database(one using MD5 and another one using SHA, for example)? Would it make it safer or unsafer? In case I wasn't clear enough, I want to know which hashing function(s) to use and how to pick a good salt in order to have a safe and fast password protection mechanism. EDIT: The website shouldn't contain anything too sensitive, but still I want it to be secure. EDIT2: Thank you all for your replies, I'm using hash("sha256",$salt.":".$password.":".$id) Questions that didn't help: What's the difference between SHA and MD5 in PHP Simple Password Encryption Secure methods of storing keys, passwords for asp.net How would you implement salted passwords in Tomcat 5.5

    Read the article

  • I get regular power surges and my UPS ticks a lot due to a welding plant. Is this good or bad?

    - by EApubs
    In our home, there is a mechanic who often use a welding plant. When he use it, I think we get a power surge. My UPS ticks madly (not beep, it ticks). Sometimes, I even lose power to the keyboard. When typing, some keys get missing. 1) My question is, is it good for the computer? The UPS claimed to have surge protection. But isn't it working? What should I do to protect my PC? 2) The second question is, I also have a broadband router which is not connected to the UPS. Will it be effected?

    Read the article

  • What is a "good" tool to password-protect .pdf files?

    - by Marius Hofert
    What is a "good" tool to encrypt (password protect) .pdf files? (without being required to buy additional software; the protection can be created under linux but the password query should work on Windows, too) I know that zip can do it: zip zipfile_name_without_ending -e files_to_encrypt.foo What I don't like about this is that for a single file, you have to use Winzip to open the zip and then click the file again. I rather would like to be prompted for a password when opening the .pdf (single file case). I know that pdftk can do this: pdftk foo.pdf output foo_protected.pdf user_pw mypassword. The problem here is that the password is displayed in the terminal -- even if you use ... user_pw PROMPT. But in the end you get a password-protected .pdf and you are prompted for the password when opening the file.

    Read the article

  • Portable USB drives hidden pertition - New request

    - by ZXC
    This question was made by Francesco on Jul 29 '11 at 17:14. and the replies were not satisfactory due they not point to an important problem that´s: Why could anyone want to make certain data only accesible for a program but not to the users?. For example: If I want to do a safe distribution of original music for demostration purposes I will need several requisites: 1) The music should be heard using a simple procedure like selecting the name of each song on a playlist of a mediaplayer. 2) The portable media, ussually a portable USB drive, must hide for complete and should make unaccesible the files that contain the audio data to anything but the mediaplayer, that must be in the first partition, the one that is visible. 3) Considering that´s impossible to really hide files in a non-hidden partition, a second hidden partition should be created in the USB drive and the audio data will be stored there. 4) The trick is to read the audio data files stored in the hidden partition with a mediaplayer stored in the visible partition, the media player also should be a complete standalone program and independent from any library of the operating system except of the OS audio system. 5) The hidden partition should have a copy protection scheme that could impede to do copies of the data or create working ISO images of it. I know that this description could not be technically accurate but it has a complete logic from the needs of a music producer against the problem of piracy. The philosophy that surrounds the concept is to transform a virtual object like a digital string of audio in a solid object like the analog vinyl discs are.

    Read the article

  • How to protect folder privacy against unethical network administrators? [closed]

    - by Trevor Trovalds
    I just need a technical solution for the sake of my group's shared passwords, projects, works, etc. safety. Our network has Active Directory with public/groups/users and NTFS permissions, under a Windows Server 2003 which will soon migrate to Windows Server 2008 R2. Our IT crowd is small, consisting of 2 DBAs, 4 designers, 6 developers (including me), 2 netadmins and (a lot of) tech supporters, everyone has local admin rights. Those 2 network admins weren't the ones who set the network up, they just took the lift recently when the previous ones quit. We usually find them laughing at private contents from users stored in the groups AD, sabotaging documents that don't match their personal tastes and, finally, this week we found out they stole a project we (developers and DBAs) were finishing and, long before, they presented it to the CEO as theirs without us knowing. I'm a systems analyst, and initially my group decided to store critical content, like shared passwords, inside encrypted .zip files. Unfortunately we couldn't do the same to the other hundreds of folders and files, which included the stolen project, because the zipping process would take too long for every update. We also tried an encrypted Subversion repository under SSL, but there are many dummies (~38 atm) involved in the projects that have trouble using TortoiseSVN when contributing, and very oftenly we had to fix messed up updates. Well, I think these two give the idea of what we've been trying to reach. So, is there a practical "individual" protection for our extensive data or my hope can already be euthanized? P.S.: Seriously, at the place where I live/work, political corruption gone the wildest, so denounce related options are likely impracticable. Yet both netadmins have strong "political bond" with the CEO and the President, hence their lousy behavior and our failed delation attempts.

    Read the article

  • When running a shell script, how can you protect it from overwriting or truncating files?

    - by Joseph Garvin
    If while an application is running one of the shared libraries it uses is written to or truncated, then the application will crash. Moving the file or removing it wholesale with 'rm' will not cause a crash, because the OS (Solaris in this case but I assume this is true on Linux and other *nix as well) is smart enough to not delete the inode associated with the file while any process has it open. I have a shell script that performs installation of shared libraries. Sometimes, it may be used to reinstall versions of shared libraries that were already installed, without an uninstall first. Because applications may be using the already installed shared libraries, it's important the the script is smart enough to rm the files or move them out of the way (e.g. to a 'deleted' folder that cron could empty at a time when we know no applications will be running) before installing the new ones so that they're not overwritten or truncated. Unfortunately, recently an application crashed just after an install. Coincidence? It's difficult to tell. The real solution here is to switch over to a more robust installation method than an old gigantic shell script, but it'd be nice to have some extra protection until the switch is made. Is there any way to wrap a shell script to protect it from overwriting or truncating files (and ideally failing loudly), but still allowing them to be moved or rm'd? Standard UNIX file permissions won't do the trick because you can't distinguish moving/removing from overwriting/truncating. Aliases could work but I'm not sure what entirety of commands need to be aliased. I imagine something like truss/strace except before each action it checks against a filter whether to actually do it. I don't need a perfect solution that would work even against an intentionally malicious script. Ideas I have so far: Alias cp to GNU cp (not the default since I'm on Solaris) and use the --remove-destination option. Alias install to GNU install and use the --backup option. It might be smart enough to move the existing file to the backup file name rather than making a copy, thus preserving the inode. "set noclobber" in ~/.bashrc so that I/O redirection won't overwrite files

    Read the article

  • What advantages does mod_evasive have over mod_security2 in terms of DDOS protection?

    - by Martynas Sušinskas
    Good day, I'm running an Apache2 server in front of a Tomcat and I need to implement a DDOS protection mechanism on the Apache2 layer. I have two candidates: mod_evasive and mod_security2 with the OWASP core rule set. Mod_security is already installed for overall protection, but the question is: is it worth adding mod_evasive besides mod_security just for the DDOS (does it have any major advantages) or the OWASP crs rules in the /experimental_rules/ directory (modsecurity_crs_11_dos_protection.conf) provide the same protection? Or it's just a matter of preference? The sites are not very high traffic normally. Thank you for your answers, Martynas

    Read the article

  • .NET Reactor - How to Protect 64-bit Assemblies

    - by Cocowalla
    I have build 64-bit (x64) versions of some assemblies and am trying to obfuscate them with .NET Reactor, which claims to have 64-bit support. However, even if I disable all protection and locking options .NET Reactor is always producing 32-bit assemblies! Does anyone know how to get .NET Reactor to produce 64-bit assemblies?

    Read the article

  • Has anyone tried Myows to copyright protect your work

    - by Saif Bechan
    Recently I have read about Myows, they say its: "The universal copyright management and protection app for smart creatives" It is used to protect your application from copyrights and more. Do you think this will be a good idea for large application, or are there better ways to achieve such a thing. url: Myows

    Read the article

  • How does the binary DAT from Maxmind work?

    - by Rich
    Maxmind offers a binary DAT file format for downloading their GeoIP database. http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz Does anyone know how this has been packaged? Also, is there any kind of copy protection on the data? I'd like to offer up a set of data in a similar way. Anyone with any knowledge of this will receive my undying gratitude :-)

    Read the article

  • How to connect to a SOCKS Proxy from an iPhone/iPod Touch?

    - by GeneQ
    I like to surf securely and privately via a SOCKS proxy which I created via SSH tunneling, on the Mac. I used the SSH client on my Mac to achieve this. Then I thought, since the iPhone OS is essentially Mac OS, the same trick might work also on the iPhone. I managed to create a SSh tunnel on my iPhone via the Terminal (iPhone's Terminal). (Yes, it's jail-broken) ssh -D [port] [email protected] At this stage my iPhone is SOCKS proxy. However, there doesn't seem to be a way in the iPhone networking preference panel to specify a SOCKS proxy. Someone suggest creating a Proxy Auto-Contig (PAC) file to workaround this, but that sounds complicated. Any ideas how to make iPhone use it's own SOCKS proxy?

    Read the article

  • (Tough) Security Queston about ISP companies

    - by buyrum
    I want to ask a question. One ISP was criticized for it's low security conditions, and when i heard this i started to think: If one gets an unauthorized access to the mainframe computer / internal network of the ISP, then wouldn't he be able to sniff all the traffic ? Because the ISP is providing the internet connection for the user so all traffic that sends and transmits a user travels via the ISP, right ? What security solutions (talking about computer security) are being implemented by other ISP in order to protect themselves and their users ? If all the connections are being sent via a special computer, how secure it is and how can be we sure that it's really safe ? And what kind of computers are those who serve as backbones for the ISP ? Thank you in advance for your help.

    Read the article

  • How to automatically remove Flash history/privacy trail? Or stop Flash from storing it?

    - by Arjan van Bentem
    Many people have heard about third-party cookies, and some browsers even block those by default. Some people may even be using Private Browsing modes. However, only few seem to realise that Adobe's Flash player also leaves a cross-browser trail on your local hard drive, and allows for sending cookie-like information back to the server, including third-party sites. And because it is a plugin, Flash does not take any of the browser's privacy settings into account. Sorry for the long post, but first some details about why using Flash raises a privacy concern, followed by the results of my tests: The Flash player keeps a cross-browser history of the domain names of the Flash-sites your computer has visited. Unlike your browser's history, this history is not limited to a certain number of days. History is also recorded while using so-called Private Browsing modes. It is stored on your hard drive (though, as described below, without going to Adobe's site you won't know what is stored). I am not sure if any date and time information is kept about each visit, but to see the domain names: right-click on some Flash content, open the settings dialog, and click the Help icon or click the Advanced button within the Privacy tab. This opens a browser to the help pages on Adobe.com, where one can click through to the Website Storage Settings panel. One can clear the existing list, but one cannot stop it from being recorded again. Flash allows for storing data on your local hard drive, using so-called Local Shared Objects (aka "Flash Cookies"). Just like HTTP cookies, this data can be sent back to the server, for tracking purposes. They are cross-browser, have no expiration date, and no user defined maximum lifetime can be set in the Flash preferences either. These not being HTTP cookies, they are (of course) not blocked by a browser's cookies preferences and are not removed when the normal HTTP cookies are deleted. Adobe has announced that version 10.1 will obey Private Browsing in most popular browsers, but unfortunately no word about also removing the data whenever normal cookies are deleted manually. And its implementation might be confusing: [..] if the browser is in normal browsing mode when the Flash Player instance is created, then that particular instance will forever be in normal browsing mode (private browsing is turned off). Accordingly, toggling private browsing on or off without refreshing the page or closing the private browsing window will not impact Flash Player. Local Shared Objects are not limited to the site you visit, and third-party storage is enabled by default. At the Global Storage Settings panel one can deselect the default Allow third-party Flash content to store data on your computer. Because of the cross-browser and expiration-less nature (and the fact that few people know about it), I feel that the cross-browser third-party Flash Cookies are more dangerous for visitor tracking than third-party normal HTTP cookies. They are even used to restore plain HTTP cookies that the user tried to delete: "All advertisers, websites and networks use cookies for targeted advertising, but cookies are under attack. According to current research they are being erased by 40% of users creating serious problems," says Mookie Tenembaum, founder of United Virtualities. "From simple frequency capping to the more sophisticated behavioral targeting, cookies are an essential part of any online ad campaign. PIE ["Persistent Identification Element"] will give publishers and third-party providers a persistent backup to cookies effectively rendering them unassailable", adds Tenembaum. [..] To justify this tracking mechanism, UV's Tenembaum said, "The user is not proficient enough in technology to know if the cookie is good or bad, or how it works." When selecting None (zero KB) for Specify the amount of disk space that website websites that you haven't yet visited can use to store information on your computer, and checking Never ask again then some sites do not work. However, the same site might work when setting it to None but without selecting Never ask again, and then choose Deny whenever prompted. Both options would result in zero KB of data being allowed, but the behaviour differs. The plugin also provides a Flash Player cache for Adobe-signed files. I guess these files are not an issue. So: how to automatically delete that information? On a Mac, one can find a settings.sol file and a folder for each visited Flash-website in: $HOME/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/ Deleting the settings.sol file and all the folders in sys, removes the trail from the settings panels. However, the actual Local Shared Ojects are elsewhere (see Wikipedia for locations on other operating systems), in a randomly named subfolder of: $HOME/Library/Preferences/Macromedia/Flash Player/#SharedObjects But then: how to remove this automatically? Simply removing the folders and the settings.sol file every now and then (like by using launchd or Windows' Task Scheduler) may interfere with active browsers. Or is it safe to assume that, given the cross-browser nature, the plugin would not care if things are removed while it is active? Only clearing during log-off may not work for those who hibernate all the time. Firefox users can install BetterPrivacy or Objection to delete the Local Shared Objects (for all others browsers as well). I don't know if that also deletes the trail of website domain names. Or: how to stop Flash from storing a history trail? Change of plans: I'm currently testing prohibiting Flash to write to its own sys and #SharedObjects folders. So far, Flash has not tried to restore permissions (though, when deleting the folders, Flash will of course recreate them). I've not encountered any problems but this may take some while to validate, using multiple browsers and sites. I've not yet found a log that reports errors. On a Mac: cd "$HOME/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer" rm -r sys/* chmod u-w sys cd "$HOME/Library/Preferences/Macromedia/Flash Player" # preserve the randomly named subfolders (only preserving the latest would suffice; see below) rm -r \#SharedObjects/*/* chmod -R u-w \#SharedObjects I guess the above chmods cannot be achieved on an old Windows system (I'm not sure about XP and Vista?). Though maybe on Windows one could replace the folders sys and #SharedObjects with dummy files with the same names? Anyone? Obviously, keeping Flash from storing those Local Shared Objects for all sites may cause problems. Some test results (Flash 10 on Mac OS X): When blocking the sys folder (even when leaving the #SharedObjects folder writable) then YouTube won't remember your volume settings while viewing multiple videos. Temporarily allowing write access to the blocked folders while visiting trusted sites (to only create folders for domains you like, maybe including references in settings.sol) solves that. This way, for YouTube, Flash could be allowed to write to sys/#s.ytimg.com and #SharedObjects/s.ytimg.com, while Flash could not create new folders for other domains. One may also need to make settings.sol read-only afterwards, or delete it again. When blocking both the sys and #SharedObjects folders, YouTube and Vimeo work fine (though they might not remember any settings). However, Bits on the Run refuses to even show the video player. This is solved by temporarily unblocking the #SharedObjects folder, to allow Flash to create a subfolder with some random name. Within this folder, it would create yet another folder for the current Flash website (content.bitsontherun.com). Removing that website-specific folder, and blocking both #SharedObjects and the randomly named subfolder, still seems to allow Bits on the Run to operate, even though it still cannot write anything to disk. So: the existence of the randomly named subfolder (even when write protected) is important for some sites. When I first found the #SharedObjects folder, it held many subfolders with random names, some created on the very same day. I wonder when Flash decides it wants a new folder, and how it determines (and remembers) that random name. For a moment I considered not blocking write access for sys and #SharedObjects, but explicitly creating read-only folders for well-known third-party tracking domains (like based on a list from, for example, AdBlock Plus). That way, any other domain could still create Local Shared Objects. But the list would be long, and the domains from AdBlock Plus are probably all third-party domains anyway, so disabling Allow third-party Flash content to store data on your computer might have the very same result. Any experience anyone? (Final notes: if the above links to the settings panels do not work in the future, then use the URL that is known to Flash player as a starting point: www.adobe.com/go/settingsmanager. See also "You Deleted Your Cookies? Think Again" at Wired.com -- which uses Flash cookies itself as well... For the very suspicious using Time Machine: you may want to exclude both folders, for each user, and remove the trace that is already on your backup.)

    Read the article

  • Staying anonymous while hosting your site?

    - by jamesCroft
    I don't mean anonymous surfing. I mean hosting and having your own domain and such. The reason is that my blog is about religious/political topics which may cause me trouble in the future. This is the domain I am working on: www.james-croft.com I know that using Whois search my name can come up: http://www.networksolutions.com/whois-search/james-croft.com The solution to that, as far as I understood, is to buy a privacy package from the domain registrar. in my case it is lucky register: http://i.stack.imgur.com/uvOdc.png Also hosting is a concern. I use the same hosting service for multiple websites. My question is this: Can my hosting be tracked and be used to identify me? Also: Are there other methods of finding out my identity from either Google Adsense or Amazon affiliate programs? I couldn't find any relevant articles online. If there is anything else that is relevant, please let me know. I appreciate any response.

    Read the article

  • How to protect comments in Microsoft Word

    - by TestSubject528491
    I have inserted personal comments into a Word document, which I am distributing to other authors. How do I send them the file without them being able to see my comments? I can "hide" comments by going to the Review ribbon and deselecting Comments under Show Markup, but then when I close and reopen the file, the comment reappears. The same thing happens when I choose Final instead of Final Showing Markup. Is there a way to make comments only visible to the author by whom they were written?

    Read the article

  • Torrents: Can I protect my software by sending wrong bytes?

    - by martijn-courteaux
    Hi, It's a topic that everyone interests. How can I protect my software against stealing, hacking, reverse engineering? I was thinking: Do my best to protect the program for reverse engineering. Then people will crack it and seed it with torrents. Then I download my own cracked software with a torrent with my own torrent-software. My own torrent-software has then to seed incorrect data (bytes). Of course it has to seed critical bytes. So people who want to steal my software download my wrong bytes. Just that bytes that are important to startup, saving and loading data, etc... So if the stealer download from me (and seed it later) can't do anything with it, because it is broken. Is this idea relevant? Maybe, good torrent-clients check hashes from more peers to check if the packages (containing my broken bytes) I want to seed are correct or not? Thanks

    Read the article

  • Suggestions for Scheduled Tasks to call OSQL without hard-coding cleartext password

    - by Ian Boyd
    Can anyone think of any techniques where i can have a Windows scheduled task run OSQL, but not have to pass the clear-text password with cleartext password being in the clear? E.g.: >osql -U iboyd -P BabyBatterStapleCorrect Assumption: No Windows Authentication (since it's not an option) i was hoping there was a >OSQL -encryptPassword "BabyBatterStapleCorrect" > > OSQL > Encrypted password: WWVzIGkgd2FudCB0byByYXBlIGJhYmllcy4gQmlnIHdob29wLiBXYW5uYSBmaWdodCBhYm91dCBpdD8= And then i could call OSQL with: >osql -U ian -P WWVzIGkgd2FudCB0byByYXBlIGJhYmllcy4gQmlnIHdob29wLiBXYW5uYSBmaWdodCBhYm91dCBpdD8= But that's not something Microsoft implemented.

    Read the article

  • determining if .htaccess is working

    - by Toc
    Following some guide on the web, I have created the following .htaccess for my WordPress installation: # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> plus chmod wp-config.php 600 and .htaccess 644. Which is the simplest way I can test if it is working properly? In case, I can create some other files to verify the work. I only want to be sure.

    Read the article

  • determining if .htaccess is working

    - by Toc
    Following some guide on the web, I have created the following .htaccess for my WordPress installation: # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> plus chmod wp-config.php 600 and .htaccess 644. Which is the simplest way I can test if it is working properly? In case, I can create some other files to verify the work. I only want to be sure.

    Read the article

  • In Windows 8, how do you disable the unlock password for Microsoft Accounts?

    - by Huckle
    In Windows 8, in the scenario where there is a single user that has a Microsoft Account (i.e., they have created their account via a Microsoft email address) how does one disable the password prompt when unlocking the screen? The Windows 7 analogy would be to disable the screensaver password prompt. I can do this on a "local" account (one not backed by Microsoft) but the setting seems to have no effect on connected accounts. To replicate: create an account using [email protected] or [email protected] Lock the screen with WinKey+L Attempt to unlock, by clicking the mouse, without entering a password.

    Read the article

  • How to protect ejabberd from bruteforce attacks?

    - by Sergey
    It writes this in logs: =INFO REPORT==== 2012-03-14 17:48:54 === I(<0.467.0>:ejabberd_listener:281) : (#Port<0.4384>) Accepted connection {{10,254,239,2},51986} -> {{10,254,239,1},5222} =INFO REPORT==== 2012-03-14 17:48:54 === I(<0.1308.0>:ejabberd_c2s:784) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME =INFO REPORT==== 2012-03-14 17:48:54 === I(<0.1308.0>:ejabberd_c2s:649) : ({socket_state,tls,{tlssock,#Port<0.4384>,#Port<0.4386>},<0.1307.0>}) Failed authentication for USERNAME It doesn't write IP with a failure. And strings "Accepted connection" and "Failed auth.." may even not stand nearby (as I think on heavily loaded servers) to be able to use fail2ban. What to do? And how jabber servers (using ejabberd) are protected?

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >