Disable CVE-2014-4363 password save restriction

Similar Messages

• Cannot figure how to disable youtube from ipod4g. Have disabled Safari but installed Google app with safesearch on. I want my daughter to be able to search wed, just not youtube. Tried to restrict YT, but It would not save restriction settings.

  Cannot figure how to disable youtube from ipod4g. Have disabled Safari but installed Google app with safesearch on. I want my daughter to be able to search wed, just not youtube. Tried to restrict YT, but It would not save restriction settings.

  Try to get the Google app to work
  iOS: Troubleshooting applications purchased from the App Store
  Contact Google
  Restore from backup. See:
  iOS: How to back up              
  Restore to factory settings/new iPod
  Try using anothere "safe" browser.
  Parental Control???: Apple Support Communities]
  How to Setup Parental Controls on iPhone & iPod Touch | Mobicip Blogs, Discussions & Help
  how do i put parental control on my...: Apple Support Communities
  parental control: Apple Support Communities

• Bash CVE-2014-6271 Vulnerability

  Excuse me if this was already posted. I searched title's only for bash and 6271 and didn't see any results.
  Cut and paste from CVE-2014-6271 Bash vulnerability allows remote execution arbitrary code:
  This morning a flaw was found in Bash with the way it evaluated certain environment variables. Basically an attacker could use this flaw to override or bypass environment restrictions to execute shell commands. As a result various services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  Details on CVE-2014-6271 from the MITRE CVE dictionary and NIST NVD (page pending creation).
  I’m currently patching servers for this. The issue affects ALL products which use Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by applications. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such!
  To test if your version of Bash is vulnerable run the following command:
  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  If that command returns the following:
  vulnerable this is a test
  …then you are using a vulnerable version of Bash and should patch immediately. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  this is a test
  Arch Linux CVE-2014-6271 patch:
  pacman -Syu
  Last edited by hydn (2014-09-28 20:57:41)

  On a related note.  I post this here as it might be of interest to some members....
  I just checked my DD-WRT based router for this vulnerability.   It comes stock with Busybox and does not seem to be vulnerable, but...   I keep bash on a separate partition which gets mounted on /opt.  That bash is vulnerable.  Until the DD-WRT project catches up, I suggest anyone using that router firmware consider disabling Bash for the time being and stick with BB.
  Also, as another aside, ArchArm has this fix in place now and is safely running on my Raspberry Pi.   
  I did kill the ssh service on the Windows Box that let me into bash via Cygwin.  Cygwin Bash is vulnerable as of when I began this post.
  Last edited by ewaller (2014-09-25 18:26:18)

• Enable A Guest Account So We Could Save Restriction Settings

  How about a setting that will enable at boot up an option to log in main user (admin) or Guest account? And in the main user's restriction settings allow you to configure what apps the guest account can access. Then all you would have to do is set that 4 character password prompt for main user and allow guest to log in without a password. Then depending on your restriction settings you could make this thing a little bit more secure for families and multiple users. Any app purchases would still be under main user and need a password. I think this is doable. So say we all! ?

  I guess I don't see it as a personal device. Since it has the ability to replace what most users use a laptop for. iPhone's size was holding it back from being the netbook killer. Now we have the larger version the iPad. iPad's OS has already started of on it's own path from the iPhone OS. So why not just put some chrooted dummy guest account option in it. So the multiple user household can have some way to save restriction settings and protect the main account.
  My kids (5 and 3)are very good with my old G4 iBook and 1st Gen iPhone. Although there was that one time my son pulled all the keys off the iBook and the iPhone has been dropped like a hundred times on the hardwood but it still works.
  If iPad is going to be a wonderful tool to help educate my kids since I didn't have to show my kids how to work the iPhone. They just figured it out. I hope some good EDU apps come out soon.

• HT201304 Save restriction settings

  Is there a way to save restrictions settings so they dont reset every time I turn them off? Our children use our iPad so we enable the restrictions so they CAN'T buy and delete apps. Everytime I turn these off to use for myself they seem to reset and when turning back on I have to set all the settings again.

  I agree - let us set the restrictions once and then enable/disable as needed.  One easy example is that I restrict access to the App store along with installing or deleting applications for my son but when I want to add/delete an app, I disable restrictions and when done, I have to go in and reestablish ALL of the restricitions I want.

• I forgot the password in restrictions that I created so my daughter couldnt use the in app features.  Now she wants a video and I can't buy it:(  Is there anyway to reset that password or find out what it was?

  I forgot the password in restrictions that I created so my daughter coundlt buy any in-app purchases.  Now we can't buy any videos until I alter that restriction.  Is there anyway to reset that or findout what the password was?

  Locked Out, Forgot Lock or Restrictions Passcode, or Need to Restore Your Device
  1. iTunes 10 for Mac- Update and restore software on iPod, iPhone, or iPad
  2. iPhone, iPad, iPod touch: Wrong passcode results in red disabled screen
  3. iOS- Understanding passcodes
  4. What to Do If You've Forgotten Your iPhone's Passcode
  5. How to Recover Forgotten iPhone Restrictions Passcode | The iPhone and iPad
  6. Restoring iPod touch after forgotten passcode
  7. RecBoot: Easy Way to Put iPhone into Recovery Mode - if all else fails.
  Forgotten Restrictions Passcode Help
  1. How to Recover Forgotten iPhone, iPad Restrictions Passcode
      If this method does not work, then you will need to fully Restore your
      device as New

• PCI Compliance Azure Websites (CVE-2014-6321)

  Trying to gain PCI compliance of an azure website. Trustwave scan came back as a pass apart from the following:-
  Vulnerability in Security Channel Could Allow Remote Code Execution (MS14-066)/CVE-2014-6321
  Anything I can do? It's post 443 - we have a EV SSL certificate in IP Based SSL.

  I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!

• CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux Question

  CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux
  I wanted to know if the AnyConnect Secure Mobility Client would still be vulnerable to this if it was only connecting via SSL VPN (TLS) to an ASA that already has the workaround implemented on it (Disable SSLv3)?
  Thanks,
  Rob Miele

  Hi Rob , 
  According to the bug: 
  All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability 
  On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
  If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
  As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
  Hope it helps
  - Randy - 

• Bash bug  CVE-2014-6271 patch availability?

  Hi everyone, does anyone know if Oracle has released a patch for the bash bug?  CVE-2014-6271 link below.
  NVD - Detail
  I'm looking for a patch on el5uek and el6uek I'm using: 2.6.39-400.126.1.el5uek, 2.6.39-400.21.1.el6uek.x86_64
  thanks!

  Check the following:
  [root@vm110 ~]# yum -y install yum-security
  [root@vm110 ~]# yum list-security | grep bash
  This system is not registered with ULN.
  You can use up2date --register to register.
  ULN support will be disabled.
  ELSA-2014-1293 security bash-3.2-33.el5.1.x86_64
  [root@vm110 ~]# yum info-security ELSA-2014-1293
  Loaded plugins: rhnplugin, security
  This system is not registered with ULN.
  You can use up2date --register to register.
  ULN support will be disabled.
  ===============================================================================
     bash security update
  ===============================================================================
    Update ID : ELSA-2014-1293
      Release : Oracle Linux 5
         Type : security
       Status : final
       Issued : 2014-09-24
         CVEs : CVE-2014-6271
  Description : [4.1.2-15.1]
              : - Check for fishy environment
              :   Resolves: #1141645
     Solution : This update is available via the Unbreakable Linux Network (ULN)
              : and the Oracle Public Yum Server. Details on how
              : to use ULN or http://public-yum.oracle.com to
              : apply this update are available at
              : http://linux.oracle.com/applying_updates.html.
       Rights : Copyright 2014 Oracle, Inc.
     Severity : Critical
  info-security done
  [root@vm110 ~]# yum -y install bash-3.2-33.el5.1
  If you cannot see the above and do not pay for a subscription, make sure you have correct yum repository setup.
  See Oracle Public Yum Server for details.
  To install:
  [root@vm110 ~]# yum -y install bash-3.2-33.el5.1

• Are any versions of Firefox susceptable to Heartbleed bug CVE-2014-0160 ?

  Do any versions of Firefox use OpenSSL?
  if so, which versions of Firefox would be vulnerable to the Heartbleed bug CVE-2014-0160 that has recently been identified.
  As covered in:
  http://heartbleed.com/
  http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/

  An interesting article on the Heartbleed vulnerability and its probable extent
  * http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/

• CVE-2014-6352

  CVE-2014-6352 is listed in windows 7 Programs and Features panel. Listed with no Publisher, no info. Does this mean I have the remote execution vulnerability or just the patch for it. It was installed Oct 23, 2014, about the same time the advisory came out.
  I want to know if I should uninstall it. It is actually listed twice in the panel?

  this Trojan came trough Microsoft PowerPoint, I suggest scan your PC
  be careful if you open documents files from the 3rd party or website
  Workarounds
  The following workarounds may be helpful in your situation:
  Apply the Microsoft Fix it solution, "OLE packager Shim Workaround", that prevents exploitation of the vulnerability              
  See Microsoft Knowledge Base Article 3010060 to use the automated Microsoft Fix it solution to enable or disable this workaround.
  Note:
  The Fix it solution is available for Microsoft PowerPoint on 32-bit and x64-based editions of Microsoft Windows, with the exception of 64-bit editions of PowerPoint on x64-based editions of Windows 8 and Windows 8.1. 
  Do not open Microsoft PowerPoint files, or other files, from untrusted sources              
  Do not open Microsoft PowerPoint files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.
  Enable User Account Control (UAC)
  Note User Account Control is enabled by default.1.Do one of the following to open Control Panel:1.Click Start, and then click Control Panel.
  2.Press the Windows logo key + s, type Control Panel, then open the Control Panel app.
  2.In Control Panel, click User Accounts (or User Accounts and Family Safety).
  3.In the User Accounts window, click User Accounts.
  4.In the User Accounts tasks window, click Turn User Account Control on or off (or Change User Account Control settings).
  5.If UAC is currently configured in Admin Approval Mode, a UAC message appears; click Continue.
  6.Click the check box "Use User Account Control (UAC) to help protect your computer", and then click OK.
  7.Do one of the following:1.Click Restart Now to apply the change right away.
  2.Click Restart Later.
  8.Close the User Accounts tasks window.
  For more deep info, read here
  https://technet.microsoft.com/library/security/MS14-064#ID0EM1AE

• Windows Server 2008 CVE-2014-8730 vulnerability

  We've received our monthly vulnerability scan results on our production servers running Windows Server 2008 R2.
  They are showing vulnerability to TSL POODLE, which is the subject of CVE-2014-8730.
  In this article on Qualys, there is mention that Windows Server 2008 is vulnerable but Microsoft have not taken any action yet:
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  Microsoft - We've seen reports that some older platforms (e.g., Windows 2008) appear vulnerable, but no apparent patterns or reliable information so far.
  Is there any update on this issue as it's an exploitable vulnerability we would like to remediate.
  Thanks,
  Lyndon.

  Hi Vivian,
  The article cited is about a different issue.
  In October 2014 there was an SSL v3 POODLE vulnerability, we have resolved this issue by disabling SSL v3 (as recommended).
  The article your posted specifically references that issue (the article was published in October 2014).
  In December 2014 there was another POODLE vulnerability announced that affected the TLS protocol.
  A lot of major vendors have published patches for this issue, but Microsoft are yet do do so (as far as I know).
  Hence by original question that has not been answered yet.
  Regards,
  Lyndon.

• HT201272 Where can I find the app password saver by yonglin wang.  i wanted to restore my iphone and i had purchased this app and it is not anywhere in my purchases to reload.  Why is it not on my list of purchases?

  Where can I find the app "password Saver" by yonglin wang?  while updating my iphone the app was dropped for some reason.  I went to reload from my purchased apps and it is not available.  The history shows my purchase but I can not find the app to reload.  I've lost some critical info and need to retreive if possible.  Any suggestions?

  You tried what ? If the app is no longer available in the store (can you find it in the main part of the store ?) for re-downloading then you would need to have a copy of it somewhere e.g. on your computer's iTunes, on a backup of your downloads.

• The password save prompt box does not appear on logging in to certain password protected webpages; is there another way of adding their passwords to Firefox sync?

  Dear Firefox tech supporter,
  I am Currently running:
  Firefox v6.0.2;
  Windows 7 fully updated at 19 Sept 2011 15:45 GMT;
  Norton Internet Security 2011 (using Identity Safe) fully updated at same time as Windows 7;
  Extensions to Firefox-
  Norton Toolbar 2011.7.1.3;
  Symantec IPS 3.1;
  Add to Amazon Wish List Button 7.1;
  Minimap Addon 0.3.13
  Plugins
  The usual suspects from Microsoft, Adobe, Wacom, Apple and Google, all of which are checked and no updates currently found.
  With webpages such as <https://shop.avanquest.com/members/?company_rs=51>, PayPal and Windows Live e.g. after correct login details are entered into the online form and login is performed successfully. The "key" symbol does not appear to the left of the "awesome bar", neither does the password save pop up box and so the login details for the site cannot be saved in Firefox sync.
  This is not specific to https secure sites, as I have been able to save the passwords for several https secure sites and conversely, I have been unable to save the passwords for some http non secure URLs. I have ensured that, whilst trying to enter a page or site into Firefox sync, it has the only tab open.
  There does not seem to be a way of manually entering website details (URL, User Name, Password etc.) into Firefox Sync; how can I save the password details for such sites?
  Thanks in advance for your help,
  Chris Morris

  Make sure that you do not run Firefox in permanent Private Browsing mode.
  *https://support.mozilla.com/kb/Private+Browsing
  To see all History and Cookie settings, choose:
  *Tools > Options > Privacy, choose the setting <b>Firefox will: Use custom settings for history</b>
  *Deselect: [ ] "Always use private browsing mode"
  *Tools > Options > Security: Passwords: "Remember passwords for sites"
  See also:
  *http://kb.mozillazine.org/User_name_and_password_not_remembered
  *Saved Password Editor: https://addons.mozilla.org/firefox/addon/saved-password-editor/

• Need some help in saving video message from viber to my Iphone. I disabled the thing that would save photos and videos automatically then, there comes a video I want to save. After loading and watching it, I press the "save to gallery"

  Need some help in saving video message from viber to my Iphone 5S with new ios 8's program . I disabled the thing that would save photos and videos automatically then, there comes a video I want to save. After loading and watching it, I press the "save to gallery" thing but it doesn't save in gallery. I tried all, restarting my phone, rebooting then turning on the save automatically thing and when I watch it again, it still wouldn't save.

  Probably a good question to ask Viber or look at their support site.