Search Results

Search found 13240 results on 530 pages for 'privacy and security'.

Page 1/530 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • sudo apt-get update errors

    - by Adrian Begi
    Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security.ubuntu.com oneiric-security Release Ign http://security.ubuntu.com oneiric-security/main Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse Sources/DiffIndex Ign http://security.ubuntu.com oneiric-security/main amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse amd64 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/main i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/restricted i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/universe i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/multiverse i386 Packages/DiffIndex Ign http://security.ubuntu.com oneiric-security/main TranslationIndex Ign http://security.ubuntu.com oneiric-security/multiverse TranslationIndex Ign http://security.ubuntu.com oneiric-security/restricted TranslationIndex Ign http://security.ubuntu.com oneiric-security/universe TranslationIndex Err http://security.ubuntu.com oneiric-security/main Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse Sources 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/main amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse amd64 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/main i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/restricted i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/universe i386 Packages 404 Not Found [IP: 91.189.91.15 80] Err http://security.ubuntu.com oneiric-security/multiverse i386 Packages 404 Not Found [IP: 91.189.91.15 80] Ign http://security.ubuntu.com oneiric-security/main Translation-en_US Ign http://security.ubuntu.com oneiric-security/main Translation-en Ign http://security.ubuntu.com oneiric-security/multiverse Translation-en_US Ign http://security.ubuntu.com oneiric-security/multiverse Translation-en Ign http://security.ubuntu.com oneiric-security/restricted Translation-en_US Ign http://security.ubuntu.com oneiric-security/restricted Translation-en Ign http://security.ubuntu.com oneiric-security/universe Translation-en_US Ign http://security.ubuntu.com oneiric-security/universe Translation-en W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/source/Sources 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-amd64/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/main/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/restricted/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/universe/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/oneiric-security/multiverse/binary-i386/Packages 404 Not Found [IP: 91.189.91.15 80] E: Some index files failed to download. They have been ignored, or old ones used instead. HERE IS MY SOURCES.LIST # # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/main/binary-i386/ # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/restricted/binary-i386/ # deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ oneiric main restricted #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/main/binary-i386/ #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ dists/oneiric/restricted/binary-i386/ #deb cdrom:[Ubuntu-Server 11.10 _Oneiric Ocelot_ - Release amd64 (20111011)]/ oneiric main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us.archive.ubuntu.com/ubuntu/ oneiric main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric universe deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric universe deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu oneiric-security main restricted deb-src http://security.ubuntu.com/ubuntu oneiric-security main restricted deb http://security.ubuntu.com/ubuntu oneiric-security universe deb-src http://security.ubuntu.com/ubuntu oneiric-security universe deb http://security.ubuntu.com/ubuntu oneiric-security multiverse deb-src http://security.ubuntu.com/ubuntu oneiric-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu oneiric partner # deb-src http://archive.canonical.com/ubuntu oneiric partner ## Uncomment the following two lines to add software from Ubuntu's ## 'extras' repository. ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. # deb http://extras.ubuntu.com/ubuntu oneiric main # deb-src http://extras.ubuntu.com/ubuntu oneiric main

    Read the article

  • Password Security: Short and Complex versus ‘Short or Lengthy’ and Less Complex

    - by Akemi Iwaya
    Creating secure passwords for our online accounts is a necessary evil due to the huge increase in database and account hacking that occurs these days. The problem though is that no two companies have a similar policy for complex and secure password creation, then factor in the continued creation of insecure passwords or multi-site use of the same password and trouble is just waiting to happen. Ars Technica decided to take a look at multiple password types, how users fared with them, and how well those password types held up to cracking attempts in their latest study. The password types that Ars Technica looked at were comprehensive8, basic8, and basic16. The comprehensive type required a variety of upper-case, lower-case, digits, and symbols with no dictionary words allowed. The only restriction on the two basic types was the number of characters used. Which type do you think was easier for users to adopt and did better in the two password cracking tests? You can learn more about how well users did with the three password types and the results of the tests by visiting the article linked below. What are your thoughts on the matter? Are shorter, more complex passwords better or worse than using short or long, but less complex passwords? What methods do you feel work best since most passwords are limited to approximately 16 characters in length? Perhaps you use a service like LastPass or keep a dedicated list/notebook to manage your passwords. Let us know in the comments!    

    Read the article

  • Privacy Protection in Oracle IRM 11g

    - by martin.abrahams
    Another innovation in Oracle IRM 11g is an in-built privacy policy challenge. By design, one of the many things that Oracle IRM does, of course, is collect audit information about how and where sealed documents are being used - user names, machine identifiers and so on. Many customers consider that this has privacy implications that the user should be invited to accept as a condition of service use - for the protection of both of the user and the service from avoidable controversy. So, in 11g IRM, when a new user connects to a server for the first time, they can expect to see the following privacy policy dialog. The dialog provides a configurable URL that the customer can use to publish the privacy policy for their IRM service. The policy might clarify what data is being collected and stored, what use that data might be put to, and so on as required by the service owner's legal advisers. In previous releases, you could construct an equivalent capability, and some customers did, but this innovation makes it much easier to do - you simply write a privacy policy and publish it as a web page for which the dialog automatically provides a link. This is another example of how Oracle IRM anticipates not just the security requirements of a customer, but also the broader requirements of service provisioning.

    Read the article

  • Finding privacy sensitive keywords

    - by user69914
    I have a list of about 80,000 unique words or short phrases. These words and short phrases are associated with other data. I'm trying to create a blacklist so I won't use any of the data associated with privacy sensitive words or short phrases. Example sensitive words or short phrases might be associated with sexual or illicit activity. I know that privacy and sensitivity are in the eye of the beholder, but I'm looking for any established list or solutions of this nature.

    Read the article

  • Framework 4 Features: Summary of Security enhancements

    - by Anthony Shorten
    In the last log entry I mentioned one of the new security features in Oracle Utilities Application Framework 4.0.1. Security is one of the major "tent poles" (to borrow a phrase from Steve Jobs) in this release of the framework. There are a number of security related enhancements requested by customers and as a result of internal reviews that we have introduced. Here is a summary of some of the security enchancements we have added in this release: Security Cache Changes - Security authorization information is automatically cached on the server for performance reasons (security is checked for every single call the product makes for all modes of access). Prior to this release the cache auto-refreshed every 30 minutes (or so). This has beem made more nimble by supporting a cache refresh every minute (or so). This means authorization changes are reflected quicker than before. Business Level security - Business Services are configurable services that are based upon Application Services. Typically, the business service inherited its security profile from its parent service. Whilst this is sufficient for most needs, it is now required to further specify security on the Business Service definition itself. This will allow granular security and allow the same application service to be exposed as different Business Services with their own security. This is particularly useful when you base a Business Service on a query zone. User Propogation - As with other client server applications, the database connections are pooled and shared as needed. This means that a common database user is used to access the database from the pool to allow sharing. Unfortunently, this means that tracability at the database level is that much harder. In Oracle Utilities Application Framework V4 the end userid is now propogated to the database using the CLIENT_IDENTIFIER as part of the Oracle JDBC connection API. This not only means that the common database userid is still used but the end user is indentifiable for the duration of the database call. This can be used for monitoring or to hook into Oracle's database security products. This enhancement is only available to Oracle Database customers. Enhanced Security Definitions - Security Administrators use the product browser front end to control access rights of defined users. While this is sufficient for most sites, a new security portal has been introduced to speed up the maintenance of security information. Oracle Identity Manager Integration - With the popularity of Oracle's Identity Management Suite, the Framework now provides an integration adapter and Identity Manager Generic Transport Connector (GTC) to allow users and group membership to be provisioned to any Oracle Utilities Application Framework based product from Oracle's Identity Manager. This is also available for Oracle Utilties Application Framework V2.2 customers. Refer to My Oracle Support KBid 970785.1 - Oracle Identity Manager Integration Overview. Audit On Inquiry - Typically the configurable audit facility in the Oracle Utilities Application Framework is used to audit changes to records. In Oracle Utilities Application Framework the Business Services and Service Scripts could be configured to audit inquiries as well. Now it is possible to attach auditing capabilities to zones on the product (including base package ones). Time Zone Support - In some of the Oracle Utilities Application Framework based products, the timezone of the end user is a factor in the processing. The user object has been extended to allow the recording of time zone information for use in product functionality. JAAS Suport - Internally the Oracle Utilities Application Framework uses a number of techniques to validate and transmit security information across the architecture. These various methods have been reconciled into using Java Authentication and Authorization Services for standardized security. This is strictly an internal change with no direct on how security operates externally. JMX Based Cache Management - In the last bullet point, I mentioned extra security applied to cache management from the browser. Alternatively a JMX based interface is now provided to allow IT operations to control the cache without the browser interface. This JMX capability can be initiated from a JSR120 compliant JMX console or JMX browser. I will be writing another more detailed blog entry on the JMX enhancements as it is quite a change and an exciting direction for the product line. Data Patch Permissions - The database installer provided with the product required lower levels of security for some operations. At some sites they wanted the ability for non-DBA's to execute the utilities in a controlled fashion. The framework now allows feature configuration to allow delegation for patch execution. User Enable Support - At some sites, the use of temporary staff such as contractors is commonplace. In this scenario, temporary security setups were required and used. A potential issue has arisen when the contractor left the company. Typically the IT group would remove the contractor from the security repository to prevent login using that contractors userid but the userid could NOT be removed from the authorization model becuase of audit requirements (if any user in the product updates financials or key data their userid is recorded for audit purposes). It is now possible to effectively diable the user from the security model to prevent any use of the useridwhilst retaining audit information. These are a subset of the security changes in Oracle Utilities Application Framework. More details about the security capabilities of the product is contained in My Oracle Support KB Id 773473.1 - Oracle Utilities Application Framework Security Overview.

    Read the article

  • The Importance of a Security Assessment - by Michael Terra, Oracle

    - by Darin Pendergraft
    Today's Blog was written by Michael Terra, who was the Subject Matter Expert for the recently announced Oracle Online Security Assessment. You can take the Online Assessment here: Take the Online Assessment Over the past decade, IT Security has become a recognized and respected Business discipline.  Several factors have contributed to IT Security becoming a core business and organizational enabler including, but not limited to, increased external threats and increased regulatory pressure. Security is also viewed as a key enabler for strategic corporate activities such as mergers and acquisitions.Now, the challenge for senior security professionals is to develop an ongoing dialogue within their organizations about the importance of information security and how it can impact their organization's strategic objectives/mission. The importance of conducting regular “Security Assessments” across the IT and physical infrastructure has become increasingly important. Security standards and frameworks, such as the international standard ISO 27001, are increasingly being adopted by organizations and their business partners as proof of their security posture and “Security Assessments” are a great way to ensure a continued alignment to these frameworks.Oracle offers a number of different security assessment covering a broad range of technologies. Some of these are short engagements conducted for free with our strategic customers and partners. Others are longer term paid engagements delivered by Oracle Consulting Services or one of our partners. The goal of a security assessment, (also known as a security audit or security review), is to ensure that necessary security controls are integrated into the design and implementation of a project, application or technology.  A properly completed security assessment should provide documentation outlining any security gaps that exist in an infrastructure and the associated risks for those gaps. With that knowledge, an organization can choose to either mitigate, transfer, avoid or accept the risk. One example of an Oracle offering is a Security Readiness Assessment:The Oracle Security Readiness Assessment is a practical security architecture review focused on aligning an organization’s enterprise security architecture to their business principals and strategic objectives. The service will establish a multi-phase security architecture roadmap focused on supporting new and existing business initiatives.Offering OverviewThe Security Readiness Assessment will: Define an organization’s current security posture and provide a roadmap to a desired future state architecture by mapping  security solutions to business goals Incorporate commonly accepted security architecture concepts to streamline an organization’s security vision from strategy to implementation Define the people, process and technology implications of the desired future state architecture The objective is to deliver cohesive, best practice security architectures spanning multiple domains that are unique and specific to the context of your organization. Offering DetailsThe Oracle Security Readiness Assessment is a multi-stage process with a dedicated Oracle Security team supporting your organization.  During the course of this free engagement, the team will focus on the following: Review your current business operating model and supporting IT security structures and processes Partner with your organization to establish a future state security architecture leveraging Oracle’s reference architectures, capability maps, and best practices Provide guidance and recommendations on governance practices for the rollout and adoption of your future state security architecture Create an initial business case for the adoption of the future state security architecture If you are interested in finding out more, ask your Sales Consultant or Account Manager for details.

    Read the article

  • 5 Design Tricks Facebook Uses To Affect Your Privacy Decisions

    - by Jason Fitzpatrick
    If you feel like Facebook increasingly has fewer and fewer options to reject applications and organization access to your private information, you’re not imagining it. Here are five ways Facebook’s design choices in the App Center have minimized your choices over time. Over at TechCrunch they have a guest post by Avi Charkham highlighting five ways recent changes to the Facebook App Center put privacy settings on the back burner. In regard to the comparison seen in the image above, for example, he writes: #1: The Single Button Trick In the old design Facebook used two buttons – “Allow” and “Don’t Allow” – which automatically led you to make a decision. In the new App Center Facebook chose to use a single button. No confirmation, no decisions to make. One click and, boom, your done! Your information was passed on to the app developers and you never even notice it. Hit up the link below to check out the other four redesign choices that minimize the information about privacy and data usage you see and maximize the click-through and acceptance rate for apps. How To Switch Webmail Providers Without Losing All Your Email How To Force Windows Applications to Use a Specific CPU HTG Explains: Is UPnP a Security Risk?

    Read the article

  • Security as a Service (SecaaS) for Amazon EC2

    - by Dave
    I'm looking for a security as a service (SecaaS) provider or open source solution for Amazon EC2 instances, however I can't seem to find much on Google or elsewhere so was wondering if anyone knows where I could find this service? Ideally I'm looking for something that offers virtual firewalls, email and web security and virtual spam prevention. If anyone has any information on SecaaS i'd appreciate it, Thanks in advance

    Read the article

  • FB login and privacy policy

    - by Ispuk
    I'm bulding up a site, where the ONLY ONE method for log in, is the fb login button. Now i'm wondering if i need to make users check and read the my own site's privacy and policy before and accept that is some way, is this needed? The site is for text/pourpouse sharing, and you can only interact with the site after you are logged/registered, althought you can only navigate lists of users and pourpouses. thanks

    Read the article

  • Privacy policy and terms of use language

    - by L. De Leo
    I have a Czech registered business with which I'm serving a web app mostly (but not exclusively) targeted to Italian customers. The server is in Amsterdam. The site will be multilingual (with 4 languages supported) but for now it's Italian only. What language should the privacy policy and terms and conditions be? What law should they refer to? Could I just offer these two docs in English? (Easier to write and to maintain)

    Read the article

  • Consolidate Data in Private Clouds, But Consider Security and Regulatory Issues

    - by Troy Kitch
    The January 13 webcast Security and Compliance for Private Cloud Consolidation will provide attendees with an overview of private cloud computing based on Oracle's Maximum Availability Architecture and how security and regulatory compliance affects implementations. Many organizations are taking advantage of Oracle's Maximum Availability Architecture to drive down the cost of IT by deploying private cloud computing environments that can support downtime and utilization spikes without idle redundancy. With two-thirds of sensitive and regulated data in organizations' databases private cloud database consolidation means organizations must be more concerned than ever about protecting their information and addressing new regulatory challenges. Join us for this webcast to learn about greater risks and increased threats to private cloud data and how Oracle Database Security Solutions can assist in securely consolidating data and meet compliance requirements. Register Now.

    Read the article

  • Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings

    - by costlow
    The Java Security Baseline has been increased from 7u25 to 7u45.  For versions of Java below 7u45, this means unsigned Java applets or Java applets that depend on Javascript LiveConnect calls will be blocked when using the High Security setting in the Java Control Panel. This issue only affects Applets and Web Start applications. It does not affect other types of Java applications. The Short Answer Users upgrading to Java 7 update 45 will automatically fix this and is strongly recommended. The More Detailed Answer There are two items involved as described on the deployment flowchart: The Security Baseline – a dynamically updated attribute that checks to see which Java version contains the most recent security patches. The Security Slider – the user-controlled setting of when to prompt/run/block applets. The Security Baseline Java clients periodically check in to understand what version contains the most recent security patches. Versions are released in-between that contain bug fixes. For example: 7u25 (July 2013) was the previous secure baseline. 7u40 contained bug fixes. Because this did not contain security patches, users were not required to upgrade and were welcome to remain on 7u25. When 7u45 was released (October, 2013), this critical patch update contained security patches and raised the secure baseline. Users are required to upgrade from earlier versions. For users that are not regularly connected to the internet, there is a built in Expiration Date. Because of the pre-established quarterly critical patch updates, we are able to determine an approximate date of the next version. A critical patch released in July will have its successor released, at latest, in July + 3 months: October. The Security Slider The security slider is located within the Java control panel and determines which Applets & Web Start applications will prompt, which will run, and which will be blocked. One of the questions used to determine prompt/run/block is, “At or Above the Security Baseline.” The Combination JavaScript calls made from LiveConnect do not reside within signed JAR files, so they are considered to be unsigned code. This is correct within networked systems even if the domain uses HTTPS because signed JAR files represent signed "data at rest" whereas TLS (often called SSL) literally stands for "Transport Level Security" and secures the communication channel, not the contents/code within the channel. The resulting flow of users who click "update later" is: Is the browser plug-in registered and allowed to run? Yes. Does a rule exist for this RIA? No rules apply. Does the RIA have a valid signature? Yes and not revoked. Which security prompt is needed? JRE is below the baseline. This is because 7u45 is the baseline and the user, clicked "upgrade later." Under the default High setting, Unsigned code is set to "Don’t Run" so users see: Additional Notes End Users can control their own security slider within the control panel. System Administrators can customize the security slider during automated installations. As a reminder, in the future, Java 7u51 (January 2014) will block unsigned and self-signed Applets & Web Start applications by default.

    Read the article

  • Latest Security Updates for Java are Available for Download

    - by Akemi Iwaya
    Oracle has released new updates that patch 40 security holes in their Java Runtime Environment software. Anyone who needs or actively uses the Java Runtime Environment for work or gaming should promptly update their Java installation as soon as possible. One thing to keep in mind is that there are limitations placed on updates for older versions of Java as shown in the following excerpt. If you are using an older version, then it is recommended that you update to the Java SE 7 release if possible (depending on your usage circumstances). From the The H Security blog post: Only the current version of Java, Java SE 7, will be updated for free; downloads of the new version, Java SE 7 Update 25, are available and existing installs should auto-update. Mac OS X users will get an updated Java SE 6 for their systems as an automatic update; Java SE 7 on Mac OS X is updated by Oracle. Users of other older versions of Java will only get updates if they have a maintenance contract with Oracle. Affected Product Releases and Versions: JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Note: If you do not need Java on your system, we recommend uninstalling it entirely or disabling the browser plugin. You can download and read through the details about the latest Java updates by visiting the links shown below.    

    Read the article

  • Computer Networks UNISA - Chap 12 – Networking Security

    - by MarkPearl
    After reading this section you should be able to Identify security risks in LANs and WANs and design security policies that minimize risks Explain how physical security contributes to network security Discuss hardware and design based security techniques Understand methods of encryption such as SSL and IPSec, that can secure data in storage and in transit Describe how popular authentication protocols such as RADIUS< TACACS,Kerberos, PAP, CHAP, and MS-CHAP function Use network operating system techniques to provide basic security Understand wireless security protocols such as WEP, WPA and 802.11i Security Audits Before spending time and money on network security, examine your networks security risks – rate and prioritize risks. Different organizations have different levels of network security requirements. Security Risks Not all security breaches result from a manipulation of network technology – there are human factors that can play a role as well. The following categories are areas of considerations… Risks associated with People Risks associated with Transmission and Hardware Risks associated with Protocols and Software Risks associated with Internet Access An effective security policy A security policy identifies your security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition it specifies how to address security breaches. It should not state exactly which hardware, software, architecture, or protocols will be used to ensure security, nor how hardware or software will be installed and configured. A security policy must address an organizations specific risks. to understand your risks, you should conduct a security audit that identifies vulnerabilities and rates both the severity of each threat and its likelihood of occurring. Security Policy Content Security policy content should… Policies for each category of security Explain to users what they can and cannot do and how these measures protect the networks security Should define what confidential means to the organization Response Policy A security policy should provide for a planned response in the event of a security breach. The response policy should identify the members of a response team, all of whom should clearly understand the the security policy, risks, and measures in place. Some of the roles concerned could include… Dispatcher – the person on call who first notices the breach Manager – the person who coordinates the resources necessary to solve the problem Technical Support Specialist – the person who focuses on solving the problem Public relations specialist – the person who acts as the official spokesperson for the organization Physical Security An important element in network security is restricting physical access to its components. There are various techniques for this including locking doors, security people at access points etc. You should identify the following… Which rooms contain critical systems or data and must be secured Through what means might intruders gain access to these rooms How and to what extent are authorized personnel granted access to these rooms Are authentication methods such as ID cards easy to forge etc. Security in Network Design The optimal way to prevent external security breaches from affecting you LAN is not to connect your LAN to the outside world at all. The next best protection is to restrict access at every point where your LAN connects to the rest of the world. Router Access List – can be used to filter or decline access to a portion of a network for certain devices. Intrusion Detection and Prevention While denying someone access to a section of the network is good, it is better to be able to detect when an attempt has been made and notify security personnel. This can be done using IDS (intrusion detection system) software. One drawback of IDS software is it can detect false positives – i.e. an authorized person who has forgotten his password attempts to logon. Firewalls A firewall is a specialized device, or a computer installed with specialized software, that selectively filters or blocks traffic between networks. A firewall typically involves a combination of hardware and software and may reside between two interconnected private networks. The simplest form of a firewall is a packet filtering firewall, which is a router that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination or not. Firewalls can block traffic in and out of a LAN. NOS (Network Operating System) Security Regardless of the operating system, generally every network administrator can implement basic security by restricting what users are authorized to do on a network. Some of the restrictions include things related to Logons – place, time of day, total time logged in, etc Passwords – length, characters used, etc Encryption Encryption is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm. The purpose of encryption is to keep information private. Many forms of encryption exist and new ways of cracking encryption are continually being invented. The following are some categories of encryption… Key Encryption PGP (Pretty Good Privacy) SSL (Secure Sockets Layer) SSH (Secure Shell) SCP (Secure CoPy) SFTP (Secure File Transfer Protocol) IPSec (Internet Protocol Security) For a detailed explanation on each section refer to pages 596 to 604 of textbook Authentication Protocols Authentication protocols are the rules that computers follow to accomplish authentication. Several types exist and the following are some of the common authentication protocols… RADIUS and TACACS PAP (Password Authentication Protocol) CHAP and MS-CHAP EAP (Extensible Authentication Protocol) 802.1x (EAPoL) Kerberos Wireless Network Security Wireless transmissions are particularly susceptible to eavesdropping. The following are two wireless network security protocols WEP WPA

    Read the article

  • Programmable Home Security Alarm [closed]

    - by stej
    I don't ask for recommendation! (just wanted to say that; anyway it doesn't matter now as the question is closed) I've seen some advertisements about home alarms that notifies me that something is happening in my house. None of them mentioned programmability (with real programming language like e.g C, assembler, whatever). As a programmer I'd like to have a possibility to add some behaviour, that is not part of the alarm itself. This might be: take snapshots of all cameras in a house and send it to some email send email, twitter message, skype message to some predefined account send email to a police (silly, I know) start turning the lights on and off (scary, right?) etc. (would be veeery challenging with assembler, I know; but lets suppose I can use some more high level language) I don't expect that there is a alarm system capable of this stuff, that's why I'm looking for a programmable module. Question: Is it even possible? Is it good idea (my program could crash and cause instability of the system).

    Read the article

  • Software/IT security training and certificate

    - by 5YrsLaterDBA
    I am thinking about attending software security training and getting software security certificate. (or IT security in general.) I am in MA Boston area. I am new in software security field and need to know this field for current project and/or future job. Any suggestion about the training and certificate? thanks, EDIT: How about this course and certificate? http://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&from=courseprofile&certificateId=3575647#searchResults

    Read the article

  • Browser privacy improvement implications for websites

    - by phq
    On https://panopticlick.eff.org/ EFF let you test the number of uniquely identifying bits that the browser gives a website. Among these are HTTP header fields such as User-Agent, Accept, Accept-Language and later perhaps ETAG and If-Modified-Since. Also there is a lot of Information that javascript can get from the browser such as time-zone, screen resolution, complete list of fonts and plugins available. My first impression is, is all this information really usable/used on a majority of all websites? For example, how many sites does really send different content-types depending on the http accept header, or what fonts are available(I thought css had taken care of this)? Let's say of these headers/js functionality on day would be gone. Which ones would; never be noticed they were gone? impact user experience? impact server performance? immediately reimplemented because the Internet cannot work without it? Extra credit for differentiating between what can be done, what should be done and what is done in most situations.

    Read the article

  • How to Modify Data Security in Fusion Applications

    - by Elie Wazen
    The reference implementation in Fusion Applications is designed with built-in data security on business objects that implement the most common business practices.  For example, the “Sales Representative” job has the following two data security rules implemented on an “Opportunity” to restrict the list of Opportunities that are visible to an Sales Representative: Can view all the Opportunities where they are a member of the Opportunity Team Can view all the Opportunities where they are a resource of a territory in the Opportunity territory team While the above conditions may represent the most common access requirements of an Opportunity, some customers may have additional access constraints. This blog post explains: How to discover the data security implemented in Fusion Applications. How to customize data security Illustrative example. a.) How to discover seeded data security definitions The Security Reference Manuals explain the Function and Data Security implemented on each job role.  Security Reference Manuals are available on Oracle Enterprise Repository for Oracle Fusion Applications. The following is a snap shot of the security documented for the “Sales Representative” Job. The two data security policies define the list of Opportunities a Sales Representative can view. Here is a sample of data security policies on an Opportunity. Business Object Policy Description Policy Store Implementation Opportunity A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team Role: Opportunity Territory Resource Duty Privilege: View Opportunity (Data) Resource: Opportunity A Sales Representative can view opportunity where they are an opportunity sales team member with view, edit, or full access Role: Opportunity Sales Representative Duty Privilege: View Opportunity (Data) Resource: Opportunity Description of Columns Column Name Description Policy Description Explains the data filters that are implemented as a SQL Where Clause in a Data Security Grant Policy Store Implementation Provides the implementation details of the Data Security Grant for this policy. In this example the Opportunities listed for a “Sales Representative” job role are derived from a combination of two grants defined on two separate duty roles at are inherited by the Sales Representative job role. b.) How to customize data security Requirement 1: Opportunities should be viewed only by members of the opportunity team and not by all the members of all the territories on the opportunity. Solution: Remove the role “Opportunity Territory Resource Duty” from the hierarchy of the “Sales Representative” job role. Best Practice: Do not modify the seeded role hierarchy. Create a custom “Sales Representative” job role and build the role hierarchy with the seeded duty roles. Requirement 2: Opportunities must be more restrictive based on a custom attribute that identifies if a Opportunity is confidential or not. Confidential Opportunities must be visible only the owner of the Opportunity. Solution: Modify the (2) data security policy in the above example as follows: A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team and the opportunity is not confidential. Implementation of this policy is more invasive. The seeded SQL where clause of the data security grant on “Opportunity Territory Resource Duty” has to be modified and the condition that checks for the confidential flag must be added. Best Practice: Do not modify the seeded grant. Create a new grant with the modified condition. End Date the seeded grant. c.) Illustrative Example (Implementing Requirement 2) A data security policy contains the following components: Role Object Instance Set Action Of the above four components, the Role and Instance Set are the only components that are customizable. Object and Actions for that object are seed data and cannot be modified. To customize a seeded policy, “A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team”, Find the seeded policy Identify the Role, Object, Instance Set and Action components of the policy Create a new custom instance set based on the seeded instance set. End Date the seeded policies Create a new data security policy with custom instance set c-1: Find the seeded policy Step 1: 1. Find the Role 2. Open 3. Find Policies Step 2: Click on the Data Security Tab Sort by “Resource Name” Find all the policies with the “Condition” as “where they are a territory resource in the opportunity territory team” In this example, we can see there are 5 policies for “Opportunity Territory Resource Duty” on Opportunity object. Step 3: Now that we know the policy details, we need to create new instance set with the custom condition. All instance sets are linked to the object. Find the object using global search option. Open it and click on “condition” tab Sort by Display name Find the Instance set Edit the instance set and copy the “SQL Predicate” to a notepad. Create a new instance set with the modified SQL Predicate from above by clicking on the icon as shown below. Step 4: End date the seeded data security policies on the duty role and create new policies with your custom instance set. Repeat the navigation in step Edit each of the 5 policies and end date them 3. Create new custom policies with the same information as the seeded policies in the “General Information”, “Roles” and “Action” tabs. 4. In the “Rules” tab, please pick the new instance set that was created in Step 3.

    Read the article

  • Ipad, closed environment and threat to privacy

    - by Akshay Bhat
    I had an unusual question about ipad, Since ipad environment is closed and does not allows installation of diagnostic and security related programs. How can then we be sure that any of the software installed on ipad is not infringing upon our privacy by doing stuff such as homing back information, etc. We cant install a packet tracer or any other software to check for attacks on privacy. Also given Apples poor track record (the safari browser was broken in one day), I don't think trusting apple solely would be a good idea. This might not seem to be a big issue but for business users it would be a significant concern.

    Read the article

  • The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

    - by Asian Angel
    How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people. Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique. Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report. Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation. The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices. 8 Deadly Commands You Should Never Run on Linux 14 Special Google Searches That Show Instant Answers How To Create a Customized Windows 7 Installation Disc With Integrated Updates

    Read the article

  • Do the "Contact us" and "Privacy policy" pages affect SEO?

    - by Gkhan14
    Just like the title says, what are the effects of having a "Contact us" and a "Privacy policy" on your site? I've read that it could build up your trust with Google, is this true? I've also read that some people said that you should add a noindex tag to your "Privacy policy" page, would this be a good idea? I say this because many websites have similar privacy policies, and I don't want any duplicate content issues. (For example, many people could be using the same WordPress privacy policy generator). I'm wondering the same things for the "Contact us" page as well.

    Read the article

  • Why do I have to run aptitude update twice to install Ruby?

    - by Willie Wheeler
    Summary. I have a fresh EC2 Precise 64-bit instance (ami-82fa58eb). After launching the instance, I want to install ruby1.9.1 (among others). This doesn't work: aptitude update && apt-get -o Dpkg::Options::="--force-confnew" --force-yes -fuy dist-upgrade && aptitude install -y ruby1.9.1 ruby1.9.1-dev make as Aptitude can't find the Ruby package. But this works: aptitude update && aptitude update && apt-get -o Dpkg::Options::="--force-confnew" --force-yes -fuy dist-upgrade && aptitude install -y ruby1.9.1 ruby1.9.1-dev make I would like to understand why I need to run aptitude update twice. Details. The first and second runs look pretty different. First run: Ign http://security.ubuntu.com precise-security InRelease Ign http://archive.ubuntu.com precise InRelease Get: 1 http://security.ubuntu.com precise-security Release.gpg [198 B] Ign http://archive.ubuntu.com precise-updates InRelease Get: 2 http://security.ubuntu.com precise-security Release [49.6 kB] Hit http://archive.ubuntu.com precise Release.gpg Get: 3 http://archive.ubuntu.com precise-updates Release.gpg [198 B] Hit http://archive.ubuntu.com precise Release Get: 4 http://security.ubuntu.com precise-security/main amd64 Packages [161 kB] Get: 5 http://archive.ubuntu.com precise-updates Release [49.6 kB] Get: 6 http://security.ubuntu.com precise-security/restricted amd64 Packages [3,969 B] Hit http://archive.ubuntu.com precise/main amd64 Packages Get: 7 http://security.ubuntu.com precise-security/universe amd64 Packages [43.8 kB] Hit http://archive.ubuntu.com precise/restricted amd64 Packages Hit http://archive.ubuntu.com precise/universe amd64 Packages Get: 8 http://security.ubuntu.com precise-security/multiverse amd64 Packages [2,180 B] Hit http://archive.ubuntu.com precise/multiverse amd64 Packages Get: 9 http://security.ubuntu.com precise-security/main i386 Packages [165 kB] Hit http://archive.ubuntu.com precise/main i386 Packages Hit http://archive.ubuntu.com precise/restricted i386 Packages Hit http://archive.ubuntu.com precise/universe i386 Packages Hit http://archive.ubuntu.com precise/multiverse i386 Packages Get: 10 http://security.ubuntu.com precise-security/restricted i386 Packages [3,968 B] Hit http://archive.ubuntu.com precise/main TranslationIndex Get: 11 http://security.ubuntu.com precise-security/universe i386 Packages [44.0 kB] Hit http://archive.ubuntu.com precise/multiverse TranslationIndex Get: 12 http://security.ubuntu.com precise-security/multiverse i386 Packages [2,369 B] Get: 13 http://security.ubuntu.com precise-security/main TranslationIndex [73 B] Hit http://archive.ubuntu.com precise/restricted TranslationIndex Get: 14 http://security.ubuntu.com precise-security/multiverse TranslationIndex [71 B] Hit http://archive.ubuntu.com precise/universe TranslationIndex Get: 15 http://security.ubuntu.com precise-security/restricted TranslationIndex [71 B] Get: 16 http://archive.ubuntu.com precise-updates/main amd64 Packages [382 kB] Get: 17 http://security.ubuntu.com precise-security/universe TranslationIndex [73 B] Get: 18 http://security.ubuntu.com precise-security/main Translation-en [76.5 kB] Get: 19 http://security.ubuntu.com precise-security/multiverse Translation-en [995 B] Get: 20 http://security.ubuntu.com precise-security/restricted Translation-en [978 B] Get: 21 http://security.ubuntu.com precise-security/universe Translation-en [27.2 kB] Get: 22 http://archive.ubuntu.com precise-updates/restricted amd64 Packages [6,755 B] Get: 23 http://archive.ubuntu.com precise-updates/universe amd64 Packages [129 kB] Get: 24 http://archive.ubuntu.com precise-updates/multiverse amd64 Packages [8,677 B] Get: 25 http://archive.ubuntu.com precise-updates/main i386 Packages [387 kB] Get: 26 http://archive.ubuntu.com precise-updates/restricted i386 Packages [6,732 B] Get: 27 http://archive.ubuntu.com precise-updates/universe i386 Packages [130 kB] Get: 28 http://archive.ubuntu.com precise-updates/multiverse i386 Packages [9,672 B] Get: 29 http://archive.ubuntu.com precise-updates/main TranslationIndex [3,564 B] Get: 30 http://archive.ubuntu.com precise-updates/multiverse TranslationIndex [2,605 B] Get: 31 http://archive.ubuntu.com precise-updates/restricted TranslationIndex [2,461 B] Get: 32 http://archive.ubuntu.com precise-updates/universe TranslationIndex [2,850 B] Get: 33 http://archive.ubuntu.com precise/main Translation-en [726 kB] Get: 34 http://archive.ubuntu.com precise/multiverse Translation-en [93.4 kB] Get: 35 http://archive.ubuntu.com precise/restricted Translation-en [2,395 B] Get: 36 http://archive.ubuntu.com precise/universe Translation-en [3,341 kB] Get: 37 http://archive.ubuntu.com precise-updates/main Translation-en [188 kB] Get: 38 http://archive.ubuntu.com precise-updates/multiverse Translation-en [5,414 B] Get: 39 http://archive.ubuntu.com precise-updates/restricted Translation-en [1,484 B] Get: 40 http://archive.ubuntu.com precise-updates/universe Translation-en [77.3 kB] Ign http://archive.ubuntu.com precise/main Translation-en_US Ign http://archive.ubuntu.com precise/multiverse Translation-en_US Ign http://archive.ubuntu.com precise/restricted Translation-en_US Ign http://archive.ubuntu.com precise/universe Translation-en_US Fetched 6,137 kB in 11s (538 kB/s) Reading package lists... Second run: Ign http://us-east-1.ec2.archive.ubuntu.com precise InRelease Ign http://us-east-1.ec2.archive.ubuntu.com precise-updates InRelease Get: 1 http://us-east-1.ec2.archive.ubuntu.com precise Release.gpg [198 B] Get: 2 http://us-east-1.ec2.archive.ubuntu.com precise-updates Release.gpg [198 B] Ign http://security.ubuntu.com precise-security InRelease Get: 3 http://us-east-1.ec2.archive.ubuntu.com precise Release [49.6 kB] Get: 4 http://us-east-1.ec2.archive.ubuntu.com precise-updates Release [49.6 kB] Get: 5 http://us-east-1.ec2.archive.ubuntu.com precise/main Sources [934 kB] Hit http://security.ubuntu.com precise-security Release.gpg Hit http://security.ubuntu.com precise-security Release Get: 6 http://us-east-1.ec2.archive.ubuntu.com precise/universe Sources [5,019 kB] Get: 7 http://security.ubuntu.com precise-security/main Sources [42.8 kB] Get: 8 http://security.ubuntu.com precise-security/universe Sources [13.5 kB] Hit http://security.ubuntu.com precise-security/main amd64 Packages Hit http://security.ubuntu.com precise-security/universe amd64 Packages Hit http://security.ubuntu.com precise-security/main i386 Packages Get: 9 http://us-east-1.ec2.archive.ubuntu.com precise/main amd64 Packages [1,273 kB] Hit http://security.ubuntu.com precise-security/universe i386 Packages Get: 10 http://us-east-1.ec2.archive.ubuntu.com precise/universe amd64 Packages [4,786 kB] Hit http://security.ubuntu.com precise-security/main TranslationIndex Hit http://security.ubuntu.com precise-security/universe TranslationIndex Hit http://security.ubuntu.com precise-security/main Translation-en Hit http://security.ubuntu.com precise-security/universe Translation-en Get: 11 http://us-east-1.ec2.archive.ubuntu.com precise/main i386 Packages [1,274 kB] Get: 12 http://us-east-1.ec2.archive.ubuntu.com precise/universe i386 Packages [4,796 kB] Get: 13 http://us-east-1.ec2.archive.ubuntu.com precise/main TranslationIndex [3,706 B] Get: 14 http://us-east-1.ec2.archive.ubuntu.com precise/universe TranslationIndex [2,922 B] Get: 15 http://us-east-1.ec2.archive.ubuntu.com precise-updates/main Sources [163 kB] Get: 16 http://us-east-1.ec2.archive.ubuntu.com precise-updates/universe Sources [50.8 kB] Get: 17 http://us-east-1.ec2.archive.ubuntu.com precise-updates/main amd64 Packages [382 kB] Get: 18 http://us-east-1.ec2.archive.ubuntu.com precise-updates/universe amd64 Packages [129 kB] Get: 19 http://us-east-1.ec2.archive.ubuntu.com precise-updates/main i386 Packages [387 kB] Get: 20 http://us-east-1.ec2.archive.ubuntu.com precise-updates/universe i386 Packages [129 kB] Get: 21 http://us-east-1.ec2.archive.ubuntu.com precise-updates/main TranslationIndex [3,564 B] Get: 22 http://us-east-1.ec2.archive.ubuntu.com precise-updates/universe TranslationIndex [2,850 B] Get: 23 http://us-east-1.ec2.archive.ubuntu.com precise/main Translation-en [726 kB] Get: 24 http://us-east-1.ec2.archive.ubuntu.com precise/universe Translation-en [3,341 kB] Get: 25 http://us-east-1.ec2.archive.ubuntu.com precise-updates/main Translation-en [188 kB] Get: 26 http://us-east-1.ec2.archive.ubuntu.com precise-updates/universe Translation-en [77.1 kB] Fetched 23.8 MB in 23s (1,026 kB/s) Reading package lists... Note. My question is almost exactly the same as Running 'apt-get upgrade' on Amazon EC2 AMI twice in succession upgrades very different packages except that I'm seeing this issue with aptitude updates rather than apt-get upgrades.

    Read the article

  • Security and encryption with OpenVPN

    - by Chris Tenet
    The UK government is trying to implement man-in-the-middle attack systems in order to capture header data in all packets. They are also equipping the "black boxes" they will use with technology to see encrypted data (see the Communications Data Bill). I use a VPN to increase my privacy. It uses OpenVPN, which in turn uses the OpenSSL libraries for encrypting data. Will the government be able to see all the data going through the VPN connection? Note: the VPN server is located in Sweden, if that makes a difference.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >