DPS Contents Security Issue!!

Similar Messages

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.

• Flash Player / Content Loading Issues

  A big hello to anyone kind enough to read this!... Hopefully someone can can help me out or point me in the right direction.
  The company that I am currently contracting for is involved in the testing of a number of pieces of Flash courseware that one of our associated companies have created. It has been authored in Flash CS3, but uses Actionscript 2.0. The user's target platform is Flash player 9 on Windows XP.
  While testing the latest version through Flash player 9 (ActiveX within IE 7) we have discovered that the external movieclip loading does not work correctly, with the movie clips appearing in random location on some PC's, but no on others....
  ..To add even more strange-ness to this, if we right-click and select the "About Flash Player" menu option, wait for the Adobe web page to load, close the courseware window and re-launch it while the Adobe web page is still open in another browser, then the courseware runs fine.
  Just wondering if anyone out there has run into similar problems? We are currently experimenting with various IE settings and other security issues such as MMS.cfg and Trust Files, but at the minute we have to admit we are stuck.
  Attached are some images illustrating what is going: "correct_load.png" is when it works as it should do and "incorrect_load" is what it looks like when the troubles start.
  Thanks!

  Thanks for the advice..  At this point it's like banging our heads against a brick wall..
  Strangely enough on some machines the problem does not seem to happen at all.  We have tried four PCs so far and two have worked, two have failed.  On the machines that failed to run it correctly we have recently uninstalled Flash Player 9 ActiveX and installed the latest Flash Player 10 ActiveX.
  The same problem is present on the machines, despite the fact we have added the C:\path\to\content path to settings in the Settings Manager.
  We have also added both Global and User Trust Files with the same path and an all-encompassing "C:\", which we know that the customer's machines will have limited installation rights and no access to the internet.  On the machines that do run the courseware, they do not either have the local paths as entries on the Settings Managers or in any kind of Trust File.  The only difference is that the machines that run the courses are machines that have a full version of Flash (either 8 and/or CS3) installed on them, but I can not see any reason while this would have an effect?
  Like you mention, it would be a good place to start looking at the loading line by line - however, the Manchester branch of the group have pretty much refused to give us access the *.fla files (it's a (barely) working relationship between us, not really one built on trust).  I'll pass on your ideas and leave it up to them I think!  It would be sensible if we did have FireFox v. IE testing, but most unhelpfully, FireFox is on the list of "controlled applications" and so we can't use it here.
  Anyway, thanks for the reply and help.  I was curious to see what effect having the Adobe page open had on the player, since with previous Flash content we as a company and myself personally have produced have not encountered anything like this.
  Dave

• HT1338 There is a lot of talk about the Java security issues and the ability to download a patch fix, do i need to do this or will software update pick this up for me?

  There is a lot of talk about the Java security issues and the ability to download an apple patch fix, do i need to do this or will software update pick this up for me?

  Thanks for that, how do I establish if I have Java installed as on Safari preferences it indicates the following
  Web content - Enable Java
                      - Enable JavaScript

• What's with the new edition of Pages using Maverick?  Google rejects the files  with the following message attached "The reason for the problem: 5.3.0 - Other mail system problem 552-'5.7.0 This message was blocked as its content security threat?

  I recently upgraded both Pages 09 (I believe) and went to OSX 10.9 Maverick .... now I am unable to send a pages document to a friend on gmail.  Google rejects the message and attachment with the following explanation -
  The reason for the problem:
  5.3.0 - Other mail system problem 552-'5.7.0 This message was blocked because its content presents a potential\n5.7.0 security issue.

  Same Problem here
  IWORKS 09    pages, keynote, numbers does not send in MAIL (mac) because of "This message was blocked because its content presents a potentialsecurity issue"
  its a problem not only on GMAIL but also Live, Hotmail, Yahoo, and other services...
  The problem is that gmail and others haved yet accepted the latest iworks 09 files. its a problem that apple can ask then to fix but its up to the gmail and others to fix it.
  Solution!!!:
  1 - Send it by exporting to office files
  2 - Saving the files as old iwork documents
  3 - Command P and save as PDF
  4 - Save in icloud and send the URL
  So you can still send them but have to take a bit more of your time
  i hope you understand my english is not optimal
  And if you have any questions feel free to ask me

• Security issues in Mavericks 9.04

  I just had a secure scan done on my Mavericks server. The main issues seem to be:
  OpenSSL Running Version Prior to 0.9.8za Upgrade to OpenSSL version 0.9.8za or newer.
  Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities (Upgrade to Apache version 2.3.2 or newer.)
  Given that upgrading these would mean compiling and installing Apache and OpenSSL(which I'm not really keen to do) I'm wondering what experienced admins think of these threats.

  pkmusic wrote:
  Dumb question - so a self-signed SSL cert doesn't use Open SSL?
  Certificates are used with ssh and SSL/TLS and such, yes.  Most of OS X uses Secure Transport for its certificate- and SSL/TLS-related processing, but Apache does not.  Apache is linked against OpenSSL.
  Self-signed certificates lead to a different security issue.  
  An HTTPS site with a self-signed certificate will be considered untrusted by accessing web clients and the web browser will usually issue diagnostics before allowing access to the site or a diagnostic before marking the certificate as trusted, or that you've set up your own certificate chain and installed your own root certificate.  That you're asking this question implies the former; that you're not really running HTTPS with a trusted certificate chain.   Which generally means you can just shut off SSL/TLS.
  As for the original question, here's how the scanner is likely detecting the down-revision versions — if you look at the server details being returned to the client, you'll see some information on Apache and OpenSSL versions embedded in the response:
  $ telnet foo.example.com 80
  Trying 10.1.3.1...
  Connected to foo.example.com
  Escape character is '^]'.
  HEAD / HTTP/1.0
  HTTP/1.1 301 Moved Permanently
  Date: Sun, 20 Jul 2014 14:40:11 GMT
  Server: Apache/2.2.26 (Unix) PHP/5.4.24 mod_ssl/2.2.26 OpenSSL/0.9.8y DAV/2
  Location: http://foo.example.com/
  Cache-Control: max-age=1209600
  Expires: Sun, 03 Aug 2014 14:40:11 GMT
  Connection: close
  Content-Type: text/html; charset=iso-8859-1
  Connection closed by foreign host.
  $
  That won't get fixed without replacing Apache et al or one of the other options, as described in my earlier reply.
  For completeness, some folks will manually configure the server to not return these details.  That'll derail the the vulnerability scanner, certainly.  It might not have the intended result, too, as the remote attackers can simply decide to throw every attack they have at your server — the attackers are not short on CPU cycles and network bandwidth, after all; unintended consequences.
  As for using a self-signed cert and given you probably aren't providing file-level access to other folks, I'd not (personally) be particularly concerned about that vulnerability scan — one of the limitations with using vulnerability scanners is that you then have to go off and figure out if you're actually vulnerable to whatever the scanner is reporting.  It's an issue certainly, but then you'll have to decide if your backups are complete and current and with copies kept off-site, and if your other security practices and password policies and such are also all up to date and secure, and at what else you might risk if the server is breached — if configuring a DMZ for your server might be appropriate, for instance, to isolate the server from the rest of your network should the server be breached.

• Security issues for Flash cookies, Local Shared Objects, .sol files

  Good day, all
  I just found out a bit about flash cookies from Wikipedia and http://epic.org/privacy/cookies/flash.html
  I was wondering if there was a security issue with these (as opposed to privacy issues)?
  It seems easy enough to prevent them being stored or delete them after they are set.
  Thanks,
  Hugh

  Hello Patricia,
  You wrote,
  I came to this forum to see if I could find out how to delete adobe's flash cookies
  You have to do it online via this website.
  Macromedia's Website Storage Settings panel
  Note: As the site says, the dialogue box is not an image, "it is the actual settings manager"
  I just tried it out and deleted the flash content from How Stuff Works, then revisited the site (How Stuff Works) and it didn't add it back, so it seems to work as stated.
  regards roam

• Selected DPS content blocked in mainland China?

  This is in relation to our question yesterday re: Is DPS content being blocked in mainland China? (http://forums.adobe.com/message/4354992#4354992)
  Our app was made available in App Store recently. It was a multi-issue mag app created using DPS Pro. It works fine except when colleagues in mainland China alerted us that they can install the app but CANNOT DOWNLOAD the magazine issue. A salesperson there who initally could not open the magazine with the local 3G connection but managed when he used VPN.
  In the discussion, Bob replied that while the app can be downloaded anywhere, the mainland China government restricts users from downloading eternal content such as folios at this time.
  However, just learned from mainland China colleagues that they are able to download the Martha Stewart Living and Wired apps and their issues, which we believe were created using Adobe DPS.
  Does anybody know if mainland China has some sort of a "wait list" before releasing an app content in its country/territory?
  Is Adobe workng on systems to allow distribution into mainland China?
  An immediate response is greatly appreciated. Thanks.

  I've only become aware today that I can't publish apps in China without a GAPP licence. I've also discovered that getting a GAPP licence can be a very slow process (6-8 months). I spoke to an Adobe rep through Gold support and she said that DPS users that publish to China are usually the likes of Conde Naste etc - i.e. - big, global players. Would any of the Adobe guys here agree with that?
  And from what you know, is the Chinese iTunes store a totally different climate to a western app store - i.e. - it's not just DPS apps that are affected, but all manner of other apps don;t get approved for publication in China?
  Thanks

• Problems with Flash Security issues and Captivate projects

  Hello,
  We're putting together a flash based eLearning course that has been created primarily in Adobe Captivate with flash plugins. The course consists of several modules, all which are embedded into HTML files that are linked to each other.
  Our client wants the project on a CD, which is starting to create some problems. Everytime the project goes to open another HTML/flash page, the security issue comes up that mentions that the flash player is trying to communicate to the internet.
  Now usually the way to get around this is to go into the security settings and add the CD as an accepted URL - however we can't do this for several reasons. The main one is that we are encasing it within Firefox Portable (included within the CD and as such, read only) and the computers it is being used on may not be connected to the internet.
  Any idea how we can get around this? Are the flash player settings stored somewhere locally on your computer, and can we configure them there? (perhaps through an ini or something) to place on the CD with the plugin for Firefox Portable? Is there a simpler way to address this that we're just not seeing?
  Thanks,

  Hi there
  I agree with Michael.
  Server2Go is also what I'd have offered. The mention of Firefox portable sound intiguing, but I'm really skeptical that it will do what is needed in this case.
  In case it will help, here are some steps for Server2Go.
  Download the Server2Go software from http://www.server2go-web.de/download/download.html
  Choose the Micro package
  This should result in receiving a zip file named distribute_apache1.3_micro.zip
  Unzip the contents of the zip file to the root of your hard drive ( C:\ )
  This should create a folder named distribute_apache1.3_micro
  Open this folder and delete the following files and folders inside:
  Files:
  splash.bmp
  logo.ico
  readme.txt
  Folders:
  dlls
  dbdir
  cgi-bin
  Open the htdocs folder and delete all files and folders inside.
  Copy all of your Captivate output files to the htdocs folder
  Rename the HTML page Captivate created to index.htm
  Copy the contents of the distribute_apache1.3_micro folder to the CD-ROM and test!
  Hopefully this helps... Rick
  Click here for Adobe Certified Captivate and RoboHelp HTML Training
  Click here for the SorcerStone Blog
  Click here for RoboHelp and Captivate eBooks

• Flash 8 security issue

  I'm using Flash 8 and in my code i use the XMLSocket.connect
  command. When i try to connect to another computer in my LAN i get
  a security warning that says that flash stopped an unsafe
  operation. When i select "Settings" and add the swf path to the
  trusted locations everything works well.
  My question is, what if i'm not connected to the internet?
  How can i pass this security warning without an intenet connection
  to get to the URL in which i add trusted locations?

  Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
  While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
  If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

• Flash Player Security issue

  All,
  Please note that I've just had a chat discussion with Adobe support because of a security issue in the most recent update of Flash that caused services from several providers to become inaccessible.  Does anyone have any information regarding this issue?

  Unfortunately, that doesn't help me pin it down much.  It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content.  The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem.  As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible.  In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence. 
  While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago.  The security of both end-users and the network is of paramount importance.  With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric.  We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player.  The beta can be found at http://www.adobe.com/go/beta/. 
  If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.

• Trouble with Content Security Policy (CSP)

  In the latest Firefox 33 there seem to be an issue with Content Security Policy (CSP) and how it handles url that are url encoded.
  For instance when some CSP directive is set to like https://mywebsite.com/application/do;jsessiond=1234 - it will get URL encoded so the ; gets replaced by %3B.
  In Firefox 32 and earlier this worked, but not in this new solution.

  It may be that it needs a header application/x-www-form-urlencoded is this included in your url request as well as charset UTF-8?
  If you select a different encoding via web dev [https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI]
  This sounds like what it did before? [http://www.justarrangingbits.org/firefox-magic-decoding-address-bar/index.html]

• Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  You will need to contact Snapfish to find out their system requirements and which plugin you need
  - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.