Another security bug??

Similar Messages

• Ongoing fatal crash and security bug related to connecting external display

  The infrastructures in OS X to resume from sleep, to authenticate, and to change displays is fundamentally not working.
  The security bug I have encountered has to do with connecting a cinema display exclusively to a MacBook Pro. This is a specific situation, but please note that I have experienced the same problem on no fewer than three independent laptop. Plus, the Genius in the Apple Retail Store was convinced of the general instability of this infrastructure. The security problem is that hot corners no longer function if I transition between two states in the same reboot. The first state is where I have the laptop powered on and using its own internal display exclusively (when I'm on the road). The second state is when I have the laptop displaying its output exclusively on an external display (when I'm at home). What happens is that an attempt to use hot corners fails. There is no response. I even added configuration on all four corners (whereas I originally had settings only for the rightmost corners), and even then, the hot corner action (of sleeping the display or entering locked screen saver mode) does not commence. This prevents the user from being able to secure the display on demand using standard methods that are supposed to work.
  The instability level related to connecting the external display exclusively is high. Again, I've experienced this on no fewer than three independent laptops, and the Apple Genius at the Retail Store confirmed that this aspect of OS X did not work consistently. When I want to connect the cinema display to the laptop in such a way that the laptop's own display is not part of the active screen, the process I use succeeds about half the time. Supposing I have been on the road, where I am using the laptop display exclusively. I then put the laptop to sleep. When I return home with the lid open, I connect first the USB (power) from the cinema display to the laptop, and then I connect the Mini DisplayPort. When that step works, what happens is that the login screen shows on the cinema display despite the fact that my laptop lid is closed. This is good, and is what I want. At that point, I open the laptop lid and quickly log in.
  With Apple being a mobile device company, I rely on the laptop for tasks that one traditionally may use a desktop for. This simply points to the versatility of the laptop. But I'd like the bugs resolved, so that I do not have to hesitate to make use of the inherent flexibility possible with the MacBook Pro.
  Here's what happens when the process (of connecting the external display in a way that establishes itself as the only screen in use by OS X) fails. Firstly, when I connect the external display via Mini DisplayPort, the laptop doesn't even respond. Instead, it remains asleep. So to work around it I have to repeatedly disconnect and reconnect the Mini DisplayPort so that the asleep MacBook Pro will see that there is a display connected to it. Also, sometimes that isn't even enough and I have to open the laptop lid, and put it to sleep again so as to trigger whatever actions are necessary to recognise the external display (presumably by having the laptop recently awake). Around half the time, I have to play this game of disconnecting and reconnecting until it actually works. This high level of reproducibility (confirmed by the Apple Genius representative's confidence that this part of the system doesn't actually work) should make it easy for an engineer to look into the problem.
  Fatally, and recently, OS X has completely crashed when I have attempted to connect the external display. The external display has gone completely blue, and after a half a minute, it blanked out and my entire laptop became unresponsive. I called Apple Support and was given a case number. I also took the laptop into the retail store to see if I could recover my current session without rebooting. There was no process suggested to make that happen and I was told to reboot the machine. I've had this happen before on other laptops, and it is frustrating that the kernel reaches such a state that it cannot be used. As I see it, this problem is not too unrelated to the way that I need to play a game in order to get the external display connected exclusively. Here are some workarounds that could be added:
  Firstly, whenever I connect an external display, I'd like the laptop to see that this has happened, and to take action accordingly (such as resuming from sleep). Secondly, If I connect an external keyboard, and press a key on it, I'd like this to wake the laptop too (in the event that the first method fails for some unforeseen reason). I'd also like the connection of the cinema display's USB power not to cause the laptop to enter into a confused state between asleep and awake. Sometimes I need to disconnect and reconnect USB power in order to trigger the laptop into waking, but that's only because it's not doing it on its own properly. On the other hand, I also ensure that the laptop doesn't have the Mini DisplayPort connected without also having the cinema display USB power connected, because that also is an unsupported configuration.
  I've also gotten the laptop to become confused about whether it is asleep or awake. When I open the lid, it seems to enter into sleep mode, but closing it seems to bring it into an active state.
  Also, I've successfully logged on and authenticated with the screen showing exclusively on the external display. But just ten seconds after I start using the system, the laptop falls asleep--with the lid open! Whatever triggers that action doesn't seem to be on track. The laptop is open, there are incoming events such as mouse movements and key presses, and the external display is on and is in use. And then the laptop falls asleep! This has happened numerous times. Not only should this not happen; the instances where it does happen can cause further instability and put my system at risk of fatally crashing.
  Also, the authentication system itself is highly buggy--far more than it should be. At times I have opened the laptop lid and caught a glimpse of a window before I have begun the login process. Also, an external authentication application that asks for Kerberos/AFS login credentials has been able to overlay itself on top of the primary authentication (whereas I should only see a single login dialog when I need to authenticate to the system). Also, I've had several of these authentication screens overlay on top of one another, although it's been months since I've experienced that one (so it may have been fixed). Also, around a third of the time, the window that authenticates me (on the black background) somehow transfers itself into the background (even though there's only one window!). What that means is what I begin to type my password, and now the laptop starts beeping at me and I need to manually click on the password field and begin entering my password again. This really shouldn't happen, and indicates too much complexity in this authentication process (such as, more OS X code is involved than is strictly necessary, which is likely to make the authentication system more difficult to test). Also, at times, I have been using too much CPU, such that the authentication screen takes too long to emerge. That also means that I'm not able to logon until I uncleanly shutdown the laptop. If the laptop has been asleep, and is revived in preparation for login, then that login screen should be given highest priority, even if there are other heavy CPU or I/O intensive tasks running in the background. And maybe the login dialog shouldn't disappear when the user is legitimately attempting to log in. So even if there is a possibility that the system is under heavy resource use (or there is a stall or minor deadlock), it shouldn't prevent the user from logging in altogether.
  At the moment, the very fact that the system shut down uncleanly means that the full disk encryption suite that I used has entered into an undetermined state, suggesting I may lose access to all my data. It's my hope that I can rely on Apple's products to interoperate in a way that won't cause me to be fearful and restrictive in my use, so that I can freely connect an external display at times, and at other times carry the laptop on the road.

  Ive got the same problem with Samsung UE225010 monitor too, its full hd but it looks terrible, could it be Displayport adapter issue, because couple month ago Ive tryed with some IPS display, and it looked same bad.

• Is this a security bug in Windows 8.1?

  I think I have discovered a serious security bug in Windows 8.1.
  Today I was using my (non-Admin) user account and with Internet Explorer I saved a file in the default Downloads folder (under This PC). The file was saved, but when I went to that folder, the file was not there! Now, I was about to downloaded
  it again, using IE, same as before, when I noticed in the Save dialog box that the file had indeed been downloaded, and that it was there, in the Downloads folder under This PC. Frustrated, I went to that very folder, but the file was nowhere
  to be found. I was really puzzled.
  Then, by chance, while logged in another account (namely the Admin account), I happened to go to the Downloads folder, and there was the file that I had downloaded using the other account.
  Obviously, what I described above represents a security problem: firstly because my private files may get saved by mistake into another person's account without me even realizing it, and secondly because I was able to access another person account
  (i.e. the Admin account) via the IE's Save dialog box, seeing the list of the files there, and possibly even accessing them (I have not tried the latter, though).
  Has anyone experienced anything like the situation I described?
  I must also say that I later tried to replicate this abnormal behavior, but for some unknown reason I couldn't. Anyway, I am sure that what I described above is an accurate account of how things went.

  Hi,
  Since I cannot repro your issue on my own computer, it cannot be a bug.
  I suggest we try to use another user account to see if there is the same issue happened.
  Please make sure your location of download folder is right:
  Right click Downloads folder, and choose Properties.
  Make sure the location is right under your user profile.
  If not, please click Location and click Restore default.
  If we still fail to solve you issue, please run Process monitor at the end of the downloading process to capture the actions, and upload the save log here for further research.
  You can also check if there is any weird actions at the end of downloading process.
  Process Monitor v3.05
  http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
  How to use, please refer to this article:
  Using Process Monitor to capture system events
  http://www.sophos.com/en-us/support/knowledgebase/119038.aspx
  Keep post.
  Kate Li
  TechNet Community Support

• [OSB] Calling a secured proxy from another secured proxy

  Hi,
  I would like to call a secured proxy from another secured proxy. However, the call fails.
  I'm making a call from a Java stand alone Web Service client. The client uses policy "oracle/wss11_message_protection_client_policy".
  The call is made to a proxy secured with a "oracle/wss11_x509_token_with_message_protection_service_policy". The secured proxy routes to a non secured proxy, which does not process WSS Security Header. The non-secured proxy then routes to a non-secured business service. The call is a success.
  Then I add a policy to the second proxy, say "oracle/log_policy". Also I set the value of "Process WS-Security Header" to yes. The call fails.
  I'm getting
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
  in the osb logs.
  I have tried adding an empty WSS Security Header in the Soa headers before calling the second proxy. It didn't change anything.
  Do you have any ideas?
  I have also came up with a super simplified sitution when this error comes up. This happens when I'm calling a pass through proxy (no policy, process WSS security header set to no). Then when this proxy calls a secured proxy with "oracle/log_policy", the call results in this error. Why??
  Here is the OSB output when the problem occurs:
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846831> <BEA-398077> <
  [OSB Tracing] Entering proxy MyProject/ProxyServices/MyFirstProxyService with message context:
  [MessageContextImpl  body="<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>"
  operation="null"
  attachments="<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>"
  outbound="null"
  fault="null"
  inbound="<con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
    <con:service/>
    <con:transport/>
    <con:security/>
  </con:endpoint>"
  header="<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"/>"
  ]>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846832> <BEA-398200> <
  [OSB Tracing] Inbound request was received.
  Service Ref = MyProject/ProxyServices/MyFirstProxyService
  URI = /MyProject/ProxyServices/MyFirstProxyService
  Message ID = 3657493765399211266-5215cc49.133c5a81e20.-7f81
  Request metadata =
  <xml-fragment>
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
  <http:Connection>keep-alive</http:Connection>
  <http:Content-Length>7614</http:Content-Length>
  <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
  <http:Host>myLaptop:8011</http:Host>
  <http:SOAPAction>"execute"</http:SOAPAction>
  <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
  </tran:headers>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  <http:client-host xmlns:http="http://www.bea.com/wli/sb/transports/http">myLaptop</http:client-host>
  <http:client-address xmlns:http="http://www.bea.com/wli/sb/transports/http">192.168.148.155</http:client-address>
  <http:http-method xmlns:http="http://www.bea.com/wli/sb/transports/http">POST</http:http-method>
  </xml-fragment>
  Payload =
  <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" S:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-Tt0jQKXTNFAd6lUGgmYuPA22"><wsu:Created>2011-11-21T12:00:46Z</wsu:Created><wsu:Expires>2011-11-21T20:00:46Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" wsu:Id="BST-q10SkWxeoYTKKaeyCSmomA22">MIICpDCCAYwCAQcwDQYJKoZIhvcNAQEEBQAwdDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQHEwZXYXJzYXcxETAPBgNVBAoTCGluNG1hdGVzMQswCQYDVQQDEwJDQTEeMBwGCSqGSIb3DQEJARYPY2FAaW40bWF0ZXMuY29tMB4XDTExMTExODEyMzgyN1oXDTEyMTExNzEyMzgyN1owQDELMAkGA1UEBhMCUEwxDzANBgNVBAcTBldhcnNhdzERMA8GA1UEChMISW40bWF0ZXMxDTALBgNVBAMTBGFwcGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJdFSnlREuzVIQKvmzcD6YCgzvvshHXGG6MQJtM8HvkYUcwEP7xIn1TYfD/A6J6+lIpxa7SBqQ2PO/Y4OCSeOJDbhm2bkwLWPWlcy1CCxfQcup/ylrkWVO5EYT+5dg+LxBcHAzh4trzICvy8Qxw81AsEVsy0O6un6qanx8/gcNWXAgMBAAEwDQYJKoZIhvcNAQEEBQADggEBADqMZWnIeOPhycUE4S5zaFp50cYMR/0wb89k0iOTD/k3Fmy4SHqpvmx3AJQ1vBrlP6z7TyycOTA7yVUXDfy6xdLWg26W+5SdQNCv/vf1OIS2cwIXrxcUgrOs4TNmdubzSqO6WCQCngUz+oGQbAqRr/gmiYukT7oW7DmsXKMdsd9vI9gHSqpy3kGrqvTOO3MYkS50xdS59aKoMA9OYKbBp3sjCGJT7h5pytTARH6BfPuKNR+r6bUZ6sq3BScY7umjVO3egkDGqAD/PFI5UCSi3qic2cfHQn1+nnME7AJ2zqEGTKD5ASevZE95ndkFVqZt6YFNQ9SHf6Jx4jNC5FSFCaI=</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-N74ve0QpUQxEpFgJc9YR0A22"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/></xenc:EncryptionMethod><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifier xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">rbWc2O0Y7yBBsPYkcHOgqxuF3t4=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>RGltJV8OQehqBg9EDaae0SO1lH1zBrlrn3/JwSljOPzwwFum9zCzFsu8Gpz05Q9R+Yaz2QXMDpghYuDvcomqDmkANYBrmIQHKKyWCCu8xvGF78jcwEp+RS+e3oy9suejGwUViYGlU4zkIRpGba6xjdkAQsRkX1mWRYMQvrfs/cM=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#_igoSptS7UdOzwe4gYy18qg22"/></xenc:ReferenceList></xenc:EncryptedKey><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#BST-q10SkWxeoYTKKaeyCSmomA22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>GBpMSv85l75tSIZDG9WiKp3rHvM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#XSIG-eKzAOdtEBafB7pzBx01wMw22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>mEMP/yHb3k474vnbgn3IBvhJqZM=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>ELM50yvmDvJzIH/jpId3LSae1cCtboFau5I4Z8Cws+vZU6JD994hRnaWIFqxxK5vVVIUVu9mKg9+p/QJp8g7SMvhOYBIqRsHKY/2vKGZ36BrcUSXOofDNwV7l9QUzWw0dyV51N/pHX7+PTF9whPgZh48SXdpmU6MV0UkPCXAixA=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="KeyInfo-SLUCjT2uaAlI9n0spmTgnw22"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#BST-q10SkWxeoYTKKaeyCSmomA22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="XSIG-eKzAOdtEBafB7pzBx01wMw22"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><dsig:Reference URI="#Timestamp-Tt0jQKXTNFAd6lUGgmYuPA22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>AliE9el9Dmmw3U5W69/zn6QVZEo=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body-ogLysWiLTgk5UjAaaIhIvg22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>wJaIENiwWQg/B2MW6Q0xdLAzCRM=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>4k1bNpdK7AaAk296wzFi63dRgwA=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#EK-N74ve0QpUQxEpFgJc9YR0A22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature></wsse:Security></S:Header><S:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_igoSptS7UdOzwe4gYy18qg22" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#EK-N74ve0QpUQxEpFgJc9YR0A22" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>vcPRlrky4U7GunHF3pYWFCGrEofmAecajIXIT1+YgBdIJTb8gt7g0GMZyBXGqu29WY+rQajArCajet+pTUeKkUHA3qi9oRmL8wEJkFM858fAyejzxeBWDPBI9C1sjcf+OKGAP4jr3nQzSfzl58d8IhH2uT0uUHD3h/i1pcQuSI/sXAgBb+YblR4+SwQJ6LLBHMTyuymEngoY4KVyI3UYMqePQQQjmD0dXt87Ld1xAOXgWhWRTrnoc48Nq85HQf0qWLyrdXIq9MvXeKc0CDmbLMdKUFWaGdTdNaTNH2iBM5ZEtk4qO4hbJFVU3zczKUhyYa+JzBFi0NCMHKnKCpF2TQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></S:Body></S:Envelope>
  >
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846832> <BEA-000000> <WssHandlerImpl.doInboundRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846833> <BEA-000000> <WsmInboundHandler.processRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846833> <BEA-000000> <Got SOAP Message Factory from the Provider: oracle.j2ee.ws.saaj.soap.MessageFactoryImpl@1a99544>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[oracle.integration.platform.request.processed.headers]=[]>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.metadata.http.client-host]=myLaptop>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.MessageId]=3657493765399211266-5215cc49.133c5a81e20.-7f81>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.CharacterEncoding]=utf-8>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.TransportProvider]=http>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846834> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ServiceVersion]=-8022206267159469084>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.headers.http.Content-Type]=text/xml;charset="utf-8">
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ServiceUri]=/MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.metadata.http.client-address]=192.168.148.155>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.ProxyService]=MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.request.headers.http.SOAPAction]="execute">
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.MessagePattern]=SYNCHRONOUS>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.wli.Message]=org.apache.xmlbeans.impl.store.Saver$InputStreamSaver@211082>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <WsmInboundHandler.processRequest()->WSMMessageContext[com.bea.contextelement.alsb.router.inbound.IsTransactional]=false>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846835> <BEA-000000> <invoking WSM Engine's handleRequest()...>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <storing the new message in the router message context>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <getting subject out of WSSecurityContext>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846856> <BEA-000000> <doing message-level access control (wss-active-intermediary: true; has-custom-message-level-authentication: false)>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846857> <BEA-000000> <calling isAccessAllowed; resource: 'type=<alsb-proxy-service>, path=MyProject/ProxyServices, proxy=MyFirstProxyService, action=wss-invoke, operation=execute', Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myPrincipal")
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Security> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846857> <BEA-387027> <Message-level access control policy grants access to proxy "MyProject/ProxyServices/MyFirstProxyService", operation "execute", message-id: 3657493765399211266-5215cc49.133c5a81e20.-7f81, subject: Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myPrincipal")
  .>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846858> <BEA-398078> <
  [OSB Tracing] Entering route node RouteToMySecondProxyService with message context:
  [MessageContextImpl  body="<S:Body wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <processRequest xmlns="http://www.in4mates.com/targetNamespace"/>
  </S:Body>"
  operation="execute"
  messageID="3657493765399211266-5215cc49.133c5a81e20.-7f81"
  attachments="<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>"
  outbound="null"
  fault="null"
  inbound="<con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
    <con:service>
      <con:operation>execute</con:operation>
    </con:service>
    <con:transport>
      <con:uri>/MyProject/ProxyServices/MyFirstProxyService</con:uri>
      <con:mode>request-response</con:mode>
      <con:qualityOfService>best-effort</con:qualityOfService>
      <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
          <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
          <http:Connection>keep-alive</http:Connection>
          <http:Content-Length>7614</http:Content-Length>
          <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
          <http:Host>myLaptop:8011</http:Host>
          <http:SOAPAction>"execute"</http:SOAPAction>
          <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
        </tran:headers>
        <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
        <http:client-host>myLaptop</http:client-host>
        <http:client-address>192.168.148.155</http:client-address>
        <http:http-method>POST</http:http-method>
      </con:request>
      <con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
          <http:Content-Type>text/xml</http:Content-Type>
        </tran:headers>
        <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
      </con:response>
    </con:transport>
    <con:security>
      <con:transportClient>
        <con:username>&lt;anonymous></con:username>
      </con:transportClient>
      <con:messageLevelClient>
        <con:username>myPrincipal</con:username>
      </con:messageLevelClient>
    </con:security>
  </con:endpoint>"
  header="<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"/>"
  ]>
  Edited by: user13604541 on Nov 21, 2011 4:27 AM

  This is the rest of log:
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-398072> <
  [OSB Tracing] Routing to MyProject/ProxyServices/MySecondProxyService with message context:
  $body = <S:Body wsu:Id="Body-ogLysWiLTgk5UjAaaIhIvg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <processRequest xmlns="http://www.in4mates.com/targetNamespace"/>
  </S:Body>
  $header = <S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"/>
  $attachments = <con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>
  >
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <WssHandlerImpl.doOutboundRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <WsmOutboundHandler.processRequest>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <target operation: execute>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <Got SOAP Message Factory from the Provider: oracle.j2ee.ws.saaj.soap.MessageFactoryImpl@1a99544>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846860> <BEA-000000> <invoking WSM Engine's Client Agent.>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-000000> <invoking WSM Engine's handleRequest()>
  ####<2011-11-21 13:00:46 CET> <Debug> <AlsbSecurityWss> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-000000> <unexpected exception
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:359)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:141)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:139)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:138)
       at com.bea.wli.sb.security.wss.WssHandlerImpl.doOutboundRequest(WssHandlerImpl.java:992)
       at com.bea.wli.sb.context.BindingLayerImpl.createTransportSender(BindingLayerImpl.java:532)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.java:521)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.dispatch(PipelineContextImpl.java:501)
       at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
       at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
       at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
       at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
       at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:922)
       at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:214)
       at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:99)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:590)
       at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:375)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:154)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:152)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.securedInvoke(RequestHelperBase.java:151)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:107)
       at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
       at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  ####<2011-11-21 13:00:46 CET> <Error> <OSB Security> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846861> <BEA-387024> <An error ocurred during web service security outbound request processing [error-code: InternalError, message-id: 3657493765399211266-5215cc49.133c5a81e20.-7f81, proxy: MyProject/ProxyServices/MyFirstProxyService, target: MyProject/ProxyServices/MySecondProxyService, operation: execute]
  --- Error message:
  java.lang.NullPointerException
       at oracle.wsm.agent.handler.WSMEngineInvoker.createWsmMessageContextFromInvokerContext(WSMEngineInvoker.java:733)
       at oracle.wsm.agent.handler.WSMEngineInvoker.handleRequest(WSMEngineInvoker.java:359)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:141)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler$1.run(WsmOutboundHandler.java:139)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.security.wss.wsm.WsmOutboundHandler.processRequest(WsmOutboundHandler.java:138)
       at com.bea.wli.sb.security.wss.WssHandlerImpl.doOutboundRequest(WssHandlerImpl.java:992)
       at com.bea.wli.sb.context.BindingLayerImpl.createTransportSender(BindingLayerImpl.java:532)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.doDispatch(PipelineContextImpl.java:521)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.dispatch(PipelineContextImpl.java:501)
       at stages.routing.runtime.RouteRuntimeStep.processMessage(RouteRuntimeStep.java:128)
       at com.bea.wli.sb.pipeline.debug.DebuggerRuntimeStep.processMessage(DebuggerRuntimeStep.java:74)
       at com.bea.wli.sb.stages.StageMetadataImpl$WrapperRuntimeStep.processMessage(StageMetadataImpl.java:346)
       at com.bea.wli.sb.pipeline.RouteNode.doRequest(RouteNode.java:106)
       at com.bea.wli.sb.pipeline.Node.processMessage(Node.java:67)
       at com.bea.wli.sb.pipeline.PipelineContextImpl.execute(PipelineContextImpl.java:922)
       at com.bea.wli.sb.pipeline.Router.processMessage(Router.java:214)
       at com.bea.wli.sb.pipeline.MessageProcessor.processRequest(MessageProcessor.java:99)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:593)
       at com.bea.wli.sb.pipeline.RouterManager$1.run(RouterManager.java:591)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.security.WLSSecurityContextService.runAs(WLSSecurityContextService.java:55)
       at com.bea.wli.sb.pipeline.RouterManager.processMessage(RouterManager.java:590)
       at com.bea.wli.sb.transports.TransportManagerImpl.receiveMessage(TransportManagerImpl.java:375)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:154)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase$1.run(RequestHelperBase.java:152)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.securedInvoke(RequestHelperBase.java:151)
       at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:107)
       at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
       at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846871> <BEA-398102> <
  [OSB Tracing] Exiting route node with fault:
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
  <con:errorCode>BEA-386400</con:errorCode>
  <con:reason>General outbound web service security error</con:reason>
  <con:location>
  <con:node>RouteToMySecondProxyService</con:node>
  <con:path>request-pipeline</con:path>
  </con:location>
  </con:fault>>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846873> <BEA-398074> <
  [OSB Tracing] The following variables are added:
  $outbound = <con:endpoint name="ProxyService$MyProject$ProxyServices$MySecondProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
  <con:service>
  <con:operation>execute</con:operation>
  </con:service>
  <con:transport>
  <con:mode>request-response</con:mode>
  <con:qualityOfService>best-effort</con:qualityOfService>
  <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Content-Type>text/xml</http:Content-Type>
  <http:SOAPAction>"execute"</http:SOAPAction>
  </tran:headers>
  </con:request>
  </con:transport>
  <con:security>
  <con:doOutboundWss>true</con:doOutboundWss>
  </con:security>
  </con:endpoint>
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846874> <BEA-398076> <
  [OSB Tracing] The following variables are changed:
  $inbound = <con:endpoint name="ProxyService$MyProject$ProxyServices$MyFirstProxyService" xmlns:con="http://www.bea.com/wli/sb/context">
  <con:service>
  <con:operation>execute</con:operation>
  </con:service>
  <con:transport>
  <con:uri>/MyProject/ProxyServices/MyFirstProxyService</con:uri>
  <con:mode>request-response</con:mode>
  <con:qualityOfService>best-effort</con:qualityOfService>
  <con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Accept>text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2</http:Accept>
  <http:Connection>keep-alive</http:Connection>
  <http:Content-Length>7614</http:Content-Length>
  <http:Content-Type>text/xml;charset="utf-8"</http:Content-Type>
  <http:Host>myLaptop:8011</http:Host>
  <http:SOAPAction>"execute"</http:SOAPAction>
  <http:User-Agent>Oracle JAX-WS 2.1.5</http:User-Agent>
  </tran:headers>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  <http:client-host>myLaptop</http:client-host>
  <http:client-address>192.168.148.155</http:client-address>
  <http:http-method>POST</http:http-method>
  </con:request>
  <con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
  <http:Content-Type>text/xml</http:Content-Type>
  </tran:headers>
  <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
  </con:response>
  </con:transport>
  <con:security>
  <con:transportClient>
  <con:username>&lt;anonymous></con:username>
  </con:transportClient>
  <con:messageLevelClient>
  <con:username>myPrincipal</con:username>
  </con:messageLevelClient>
  </con:security>
  </con:endpoint>
  >
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb7> <1321876846874> <BEA-398104> <
  [OSB Tracing] Exiting pipeline pair>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb8> <1321876846879> <BEA-398096> <
  [OSB Tracing] Exiting MyProject/ProxyServices/MyFirstProxyService>
  ####<2011-11-21 13:00:46 CET> <Info> <OSB Kernel> <myLaptop> <osb_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <0add29b7d176a5e4:5215cc49:133c5a81e20:-7ff4-0000000000000cb8> <1321876846881> <BEA-398201> <
  [OSB Tracing] Inbound response was sent.
  Service Ref = MyProject/ProxyServices/MyFirstProxyService
  URI = /MyProject/ProxyServices/MyFirstProxyService
  Message ID = 3657493765399211266-5215cc49.133c5a81e20.-7f81
  Response metadata =
  <xml-fragment>
  <tran:headers xsi:type="http:HttpResponseHeaders" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <http:Content-Type>text/xml; charset=utf-8</http:Content-Type>
  </tran:headers>
  <tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">1</tran:response-code>
  <tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">utf-8</tran:encoding>
  </xml-fragment>
  Payload =
  <?xml version="1.0" encoding="UTF-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>BEA-386400: General outbound web service security error</faultstring><detail><con:fault xmlns:con="http://www.bea.com/wli/sb/context"><con:errorCode>BEA-386400</con:errorCode><con:reason>General outbound web service security error</con:reason><con:location><con:node>RouteToMySecondProxyService</con:node><con:path>request-pipeline</con:path></con:location></con:fault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
  >

• I have an iPhone4s.  When I install apps, I have to give my Apple password first.  That's okay.  The last few apps I tried to download have opened another security window before they will install.  The window says, "Security info Required.  To help insure

  I have an iPhone4s. When I install apps, I have to give my Apple password first.  That’s okay. The last few apps I tried to download have opened another security window before they will install.  The window says, “Security info Required.  To help insure the security of your Apple ID we require additional information”  When I select okay, the Apple ID Password window opens and asks for my Apple password a second time. 
  It doesn't happen with every app and I’m concerned that these apps may be trying to collent my password.  Is Apple really doing a double check on my password? 

  See http://news.cnet.com/8301-13579_3-57413072-37/apple-ratchets-up-app-store-securi ty/ and http://www.macrumors.com/2012/04/12/apple-enhancing-apple-id-safety-by-enforcing -security-question-requirements/.

• BT Cloud, another curious bug

  Another curious bug to add the the BT Cloud chamber of horrors.
  BT Cloud somehow decided on the Web Interface that my main device contained two separate top levels, 'D' and 'd'.
  Most things I had backed up from my D drive showed up under 'D', with just a few under 'd'.
  On the PC client, everything showed up under 'd'.
  The extra 'd' was a bit irritating on the web interface, and none of the files saved in it was significant, and so I decided to delete it in the web interface.  
  Result:
  1: 'd' correctly deleted in the web interface  (they seem to have fixed the bug where you couldn't delete folders in the web interface)
  2: 'd' deleted from what shows up in the PC client.  As the PC client never showed anything under 'D' but everything under 'd', when I look at my main device it now shows 'This folder does not contain any files.'
  3: All the files still showing up correctly under 'D' on the web interface
  4: PC client still knows what it is trying to back up from the D drive:
    - the auto-backup folders show up correctly when I look in 'Add to Backup' (usability bug: 'Add to Backup' doesn't admit to what path it thinks they are from)
    - it correctly backs up new files added to these auto-backup folders
    - it still knows about the backed up files if I look under 'All Files'; and remembers correctly what directory they came from. (usability bug: but not easy for the user to see what directory they came from)
  5: No files actually deleted from my PC.
  I don't trust BT Cloud at all yet, so I am only experimenting and waiting till it is ready as a backup solution.  Meanwhile, all my files are backed up elsewhere.  I didn't trust BT Cloud not to make an even bigger silly and delete lots of my original files; I trust it even slightly less now.
  BT Cloud still has the makings of something that might be useful eventually, so I still keep hoping and trying ....

  Hi Sjtp,
  Thanks for the feedback.  I will make sure the cloud team get this useful info.
  Cheers
  Sean
  BTCare Community Manager
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry that we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)

• Security BUG in the web container!

  Hello,
  I have just accidently discovered a security BUG in the web container. The bug permits you to view the source of the JSP page (welcome page).
  To reproduce the bug, do the following:
  1. Create a web application. Create new page with name Index.jsp. Add "Index.jsp" into the web.xml as a welcome file.
  2. Deploy it under, let's say, "SecurityBugWebApp".
  3. Access http://host/SecurityBugWebApp/ or http://host/SecurityBugWebApp/Index.jsp - everything should be as usual - you should see a normal output of a JSP page.
  4. Access http://host/SecurityBugWebApp/Index.JSP (notice the case of the ".JSP" ). You should be able to see the source code of the web page. This bug even works if it is under security constraint! This doesn't seem to work, however, with JSPs not listed in the welcome file list.
  Sincerely,
  Sergei Batiuk.

  Peter,
  Thank you for your suggestion. This makes sense to
  try. I'm actually using a trial license of AS7 with
  no updates. I've found update 1 online with free
  trial, however, do you know if AS7 update 2 is
  available with a trial license and where it might be
  located for download?
  you can get AS7 update2 Platform edition from here.
  Platform ed. is FREE for both development and production deployment
  http://wwws.sun.com/software/download/products/3fb01655.html
  AS7 update2 Standard Edition can be downloaded from here.
  Standard Ed is free only for development, you need to buy a license to use it in production.
  http://wwws.sun.com/software/download/products/3f7df408.html
  Peter

• Security bug in 7.0.2 on 5s

  Hi
  I think ios 7.0.2 for iphone5s has a security bug! as you can see in this two videoes , my
  iphone has password but i can open my iphone with siri & use it with out asking my password!!
  of course it's not always true! sometimes it asks my password & sometimes not!
  I reset all settings from setting but it doesn't help me.
  please download this 2viedoes to understand me better.
  tnX!
  video 1(have problem)
  http://hipfile.com/vnadofjfemn6
  video 2(after few minuts,it's ok)
  http://hipfile.com/zk9fgs6ikbj0
  iphone 5s
  7.0.2

  Sorry, I don't watch video from a stranger.
  I tested it and it works.
  Note: Lockscreen is not Home screen,
  1. Switch Siri off as given in my previous post
  2. Press the top Sleep/Wake button to get you iPhone to sleep.
  3. Press the top Sleep/Wake button to wake iPhone up.
  4. Use a finger (not the finger that is registered in fingerprint) press the Home button and see if Siri comes up.
  You can try a reset before the test:
  Reset: Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Note: You will not lose any data

• How to report a security bug w/o ADC account?

  Hello! I did not find an approptiate forum, so i try here, i hope that's ok.
  There is a security bug in some browsers, and Safari 2 suffers from it, too. The other vendors are already notified, but a cannot find a way to inform apple.
  * It's an security issue, so i should notify Apple non-publicly before publishing
  * It's in Safaris certificate handlig, so it's not in WebKit
  * I do not have a MacOS system (with menu option +Report Bugs to Apple+ ) myself
  * I won't accept tons of legal code to sign up to an ADC acount
  * No, +Apple Care+ is not an option
  I don't mind publishing the issue without notifying apple, but maybe apple does. ZB.

  Well it looks like sending you here was a good thing.
  I appreciate your concerns about open posting of any specific information; I am sure Apple and the other browser makers do too.
  You might google on secunia and perhaps see if it's already known about. I did that for you.
  http://secunia.com/
  Good Luck, JP
  Message was edited by: Jpfresno 'I did that...'

• DB links security bug?

  Hi,
  I have several DB links in my APEX environment. I use them for different applications to connect to different bases located on different servers.
  Everything works fine but few days ago we noticed that during login process, new session is created on each server, even if application uses only one DB link (so there shouldn’t be any references to another DBs). It looks like APEX logs in to all DB links it has defined.
  I use APEX 3.0 and internal Application Express Authentication Scheme.
  Is it some APEX bug? I don’t think it’s very secure.
  Regards,
  Przemek

  Hi Przemek,
  A database link session only gets created once an object in the remote database is accessed so unless this is happening when the login page is presented, then this should not be happening. I'm not sure if you are aware, but a database link session in a remote database is only associated with a database session in the local database, not an Apex logon. This is because Apex uses asynchronous connection pooling through the HTTP server (or any other type of server) and it may be that the DB session has already opened the DB link because of a separate Apex session.
  Regards
  Andre

• SECURITY BUG : You're sure your WPA is on ? You may be very wrong !

  Here is the problem.
  Some networks created on AirPort Extreme base station are wide open with no security on EVEN IF THE AIRPORT UTILITY SAYS SO !
  I hard rest my new AirPort Extreme, went throught the setup wizard to create a closed network with WPA2 Personal on. I checked the settings once the base was restarted but, to my surprise, I COULD CONNECT TO MY NETWORK WITHOUT PASSWORD, from my PDA and my neighbourg laptop. The network wasn't even closed !! I double checked the AirPort utility : it said that WPA was ON which is definitely NOT true.
  To confirm that, I choose to extend my network with my other base (Express). No problem except for the fact that, to access the Extreme base, the Express setting was : "open network, no security" (in preferred network, network preferences panel)
  MY ADVICE : don't trust what the AirPort utility says about security. It MAY be very wrong. You have to check if it is on or off using another device (Wifi PDA, a friend's laptop, whatever)
  Others users here found the same issue. I'm definitely not alone here. To me, this is a serious bug requiring a firmware update. Reply to this post if you have a similar problem.
  Thanks
  Gregory
  Toronto, Canada

  Hey, me again...
  I found the reason of my problem. This is indeed a problem with the AirPort utility. More an interface problem, let's say.
  The key is that the AirPort utility can be confusing when extending your network. And what can happens is that you end up with 2 NETWORKS with the SAME NAME, 1 with WPA and 1 with no security. And because of the default setting of the network preferences panel, you will automatically connect to the open one if anything happens on the WPA one. That is what happened to me. When extending the network of my main new Extreme, I somehow got an open network with the same name on my Express. And because this one was always plugged during my tests & hard resets of the Extreme, I always got connected to the open network, by default. So the AirPort was not completely wrong after all.
  KEY POINTS to avoid that and have a clean nice new WPA/WPA2 network :
  - Hard reset and configure the first base that will be your main one (WDS Main or simply the one connected to the Internet for a non-WDS network)
  - Be sure all the others bases are unplugged... Just to be sure
  - To set up your network on this first base, in the Airport Utility, don't use the wizard by clicking on "Continue". It is quite bad. Simply double-click on your base station with the weird name : it will open the settings page. Go to Wireless and create your new network with all appropriate options (WPA/WPA2 for example)
  - Don't use the "Closed Network" option so far. You'd better wait for your network to be completely extended, with all your bases. Or you will be in pain in the process of adding new bases !! For example, if you want to extend your WDS closed network, you cannot do it with the AirPort Utility Wizard because it will not show it in the list of available networks (and this list does NOT propose the "Other..." option where you can type the name of your network...)
  - Still before adding any other extensions base, if you want to set up a WDS network, enter ALL the AirPort IDs of your other "remote" bases now, in the WDS tab.
  - In general, don't use the Wizard when it is no necessary. You can do quite everything directly from the Settings page of your base. EXCEPT ONE ! To add a WDS Remote, USE THE WIZARD ! It looks like the complexe procedure to "register" a remote on a WDS main is not complete you enter the settings manually on your remote. And, be carefull, when adding a WDS remote, the AirPort utility will ask you several passwords. The first one is to connect to your (not closed) main network. But after, to complete the registration of your remote on the main, the utility asks for a password. IT IS THE MAIN Base Station password, NOT the network password (the prompt window is so confusing).
  - When you're done with all your stations one by one, check that every one has a different IP ! I know, weird, but in my previous problem with 2 networks with the same name, I noticed that both stations had 10.0.1.1 address. at the same time. A good indication that you have 2 networks right ?
  - Finally, go to your Network preferences panel, Airport section. Switch automatic to preferred networks and just clean up the mess here Just keep your network and check the level of security.
  So AT LAST, here is my situation, in my tiny appartment :
  - 1 Extreme connected on my cable modem, WDS Main, closed WPA2 network, 25% power transmition, wireless clients allowed.
  - 1 Express plugged in my bedroom (3 meters away...), WDS Remote, 25% power transmition and NO wireless client allowed (so my MacBook Pro connects ONLY on the Extreme base)
  - 1 HP Photosmart C5180 Ethernet printer connected on my Express with a ethernet cable.
  All lights green...

• New BASH ShellShock Security Bug - bigger than Heartbleed!

  Woke up this morning to this: http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
  A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems.
  You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
  env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
  env X="() { :;} ; echo busted" `which bash` -c "echo completed"
  Scanned systems internally and found the following were affected:
  Cisco VCS devices (x7 and x8)
  Cisco MXE 3500
  Cisco DMM and SNS (assuming since running Red Hat Enterprise but unable to verify)
  Jabber Guest
  TCS Endpoints (6 or below have been verified, unable to verify 7 but assume vulnerable)
  Cisco Conductor
  Cisco has also just posted a security advisory:
  http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=4689&signatureSubId=0&softwareVersion=6.0&releaseVersion=S824

  Yup. MXP based Codecs are vulnerable.
  Video, Streaming, TelePresence, and Transcoding Devices
  Cisco DCM Series 9900-Digital Content Manager [CSCur02624]
  Cisco Edge 300 Digital Media Player [CSCur02761]
  Cisco Edge 340 Digital Media Player [CSCur02751]
  Cisco Show and Share [CSCur03539]
  Cisco TelePresence Conductor [CSCur02103]
  Cisco TelePresence Content Server (TCS) [CSCur05150]
  Cisco TelePresence IP Gateway Series [CSCur04984]
  Cisco TelePresence IP VCR Series [CSCur04993]
  Cisco TelePresence ISDN GW 3241 [CSCur05010]
  Cisco TelePresence ISDN GW MSE 8321 [CSCur05010]
  Cisco TelePresence ISDN Link [CSCur05025]
  Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) [CSCur05050]
  Cisco TelePresence MXP Software [CSCur05095]
  Cisco TelePresence Management Suite Extension for IBM [CSCur05217]
  Cisco TelePresence Manager (CTSMan) [CSCur05104]
  Cisco TelePresence Recording Server (CTRS) [CSCur05038]
  Cisco TelePresence Serial Gateway Series [CSCur05110]
  Cisco TelePresence Server 8710, 7010 [CSCur05172]
  Cisco TelePresence Server on Multiparty Media 310, 320 [CSCur05172]
  Cisco TelePresence Server on Virtual Machine [CSCur05172]
  Cisco TelePresence Supervisor MSE 8050 [CSCur05073]
  Cisco TelePresence TE Software (for E20 - EoL) [CSCur05162]
  Cisco TelePresence Video Communication Server (VCS/Expressway) [CSCur01461]
  Cisco TelePresence endpoints (C series, EX series, MX series, MXG2 series, SX series) and the 10" touch panel [CSCur02591]
  Cisco Video Distribution Suite for Internet Streaming VDS-IS [CSCur05320]
  Tandberg Codian ISDN GW 3210/3220/3240 [CSCur05010]
  Tandberg Codian MSE 8320 model [CSCur05010]

• How to add another secure url in web.xml?

  hello i want to secure my web application i have two kind of users i have users and admin.each of them has each certificat users have permission to enter /users and admin have permission to enter /admins/ but i want also users to enter another folder which is /otheruserplace how can i add this in my web.xml file here is my code
  http://pastebin.com/m3e13d3d9

  Just add another url-pattern.
  This has nothing to do with JSF however. More suitable place would have been the Servlets forum.

• Serious security bug in weblogic 6.0

  when I use jaas authenticated to weblogic server 6.0. everything is beatiful. but
  I easily bypass the jaas authentication and could login to weblogic server 6.0
  as anybody with any credential. Think about it, if I login as system and with
  wrong password, and I get in , and the caller will be system.
  If anyone inside weblogic team is interested in talking about it, please give
  me a email. I don't want to post the way how I did it right now

  This potential vulnerability has been confirmed and has been fixed in BEA WebLogic
  Server 6.0 Service Pack 1 (SP1). SP1 is currently available for download from
  the BEA Download Center at
  http://commerce.bea.com/downloads/weblogic_server.jsp#wls.
  BEA advises every Service Pack be applied as they are released. Service Packs
  include a roll up of all bug fixes for each version of the product, as well as
  each of the previously released Service Packs.
  BEA treats security issues with the highest degree of urgency and does everything
  possible to ensure the security of all customer assets. As a policy, if there
  are any security-related issues with any BEA product, BEA will distribute an advisory
  and instructions with the appropriate course of action.
  Because the security of your site, data, and code is
  our highest priority, we are committed to communicating all
  security-related issues clearly and openly.
  BEA has established a permission-based emailing list specifically
  targeted for product security advisories. As a policy, if a user has opted in
  to our emailing list and there are any security issues with the BEA product(s)
  he/she is using, BEA will distribute an advisory and instructions via email with
  the appropriate course of action.
  REPORTING SECURITY ISSUES
  For immediate attention, BEA has established an email address to which you can
  send reports of any possible security issues in BEA products.
  These reports should be sent to: [email protected]
  All correspondence to this address will be promptly reviewed and all necessary
  actions taken to ensure the continued security of all customer assets.
  SUBSCRIBE TO EMAIL ALERT
  You may subscribe to the permission-based emailing list to receive alerts of security
  advisories by registering with BEA at:
  http://contact.beasys.com/bea/www/securityelogin.jsp.
  Sincerely,
  Marc Bishop
  Security Product Manager
  BEA WebLogic Server

• WWSBR_ALL_ITEMS and item level security - BUG?

  Hi,
  View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
  If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
  Has anyone else run into this? Is it a bug?
  Any help appreciated.
  Portal 3.0.9.8.0
  Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
  IBM AIX 4.3.3

  I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.