Fiori security concern

Similar Messages

• Safari password auto fill security concern

  Just discovered what I consider to be a big security concern with iCloud Keychain. If you go into Settings, then Safari and your iCloud Keychain is under stored passwords and auto fill, the passwords are stored in plain text with no asterisk or anything. This means that all someone needs is your 4digit unlock code and they are then able to view all your stored passwords in Safari. They should at least require your iCloud Keychain password to view these, or just asterisk them out. If someone saw you enter your four digit unlock code, and then put your phone down, they could get this information without you even knowing it. This is not safe.

  The purpose of that section is so that you can see your passwords, there wouldn't be much point in replacing them with asterisks. They are password protected, just don't give others your password.

• Security concern when selling broken 3G

  I have an old iphone 3g that was submerged in water. I tried the "bag of rice" trick, but that didn't work so I bought a new 4S. My questions is: what are the security concerns of seeling the 3g on craigslist? I can't turn the phone on to reset it to factory settings. Is there anything I can do? Thanks for any input.

  Oh you would be surprised lol. Check ebay and you'll see broken 3G's going around the $50 range. They're only good for spare parts i would think.

• Windows Server 2008 R2 RRAS NAT Security Concerns

  Recently we are deploying Windows Server 2008 R2 as the NAT gateway of our private network. During the testing, we found that the RRAS was doing its job as the NAT gateway,
  however it seemed that hosts in the private network were allowed to access any listening port opened on the server side (2008 R2). In the normal scenario, the server side will have the process "wininit.exe" running and listening on the TCP port 49152.
  We confirmed that all hosts in the private network were be able to connect to TCP port 49152 opened on the server (connecting by using the NAT's public IP), which introduced lots of security concerns and made us nervous. Since the server is acting as a NAT,
  IP packets sent by hosts in the private network will be translated and forwarded as if it is generated by the NAT server itself. Thus, the windows firewall will not block the connection at all while dealing with "local" traffic, which actually is
  the traffic from the host in the private network.
  What we need is a mechanism that can block the hosts in the private network to access the TCP/UDP ports opened on the NAT server side. Since the NAT server has it IP on
  the public network assigned dynamically (DHCP), static IP filtering on the private NIC does not fit our needs (Or probably we may use some hidden but advanced filter settings?). Which policy or setting should be used in our case?

  Hi Daniel,
  I am aware of what you are suggesting. Actually I have active the windows firewall to protect the server.
  Suppose I have a network configuration as follows:
  Private Network: 192.168.149.0 / 255.255.255.0 (Private NIC on server side IP:192.168.149.1)
  --------------Windows 2008 R2 RRAS NAT--------------------
  Public Network: 10.1.0.0 / 255.255.255.0 (Public NIC on server side IP:10.1.0.100 )
  The problem is that while the windows firewall is effectively protecting my server by filtering inbound traffic from the public network, the windows firewall will not filter the traffic from
  192.168.149.0 /255.255.255.0  to  10.1.0.100 (NAT's public IP)
  The reason is that the TCP/UDP connection from the private network (192.168.149.0 / 255.255.255.0) to any other networks will be NATed. Suppose TCP connection from
  192.168.149.23:50000 -> 10.1.0.100:1023
  It will be translated by NAT and becomes
  192.168.149.23:50000 <-NAT-> 10.1.0.100:60100 -> 10.1.0.100:1023
  From the windows firewall's point of view, the connection is essentially a 'local' TCP connection and should be allowed regardless of any inbound filtering rules. So vulnerability is introduced. After some research, we are almost sure that the windows firewall
  does not filter local traffic. Also, we are not able to guarantee any firewalls on the client side to be installed, since the nature of a NAT server is to provide such network access ability to clients and should not require the client side to change its configuration.
  I do think it is a common security concern in lots of enterprise networks where Windows Servers are deployed as NAT servers. Would you mind help us address this issue and give us some advice about best-practices related?
  Thank you

• Security concern about grid control agent

  I am planning for grid control rollout. Our system administrator is concerned about
  security of grid control agent. For example, I do not know the Oracle password,
  I sudo to Oracle after login as myself.
  What are the options do I have ? I have told my system admin that
  other companies use "oracle" - the database sysdba/software owner as agent owner.
  But my system admin think this is a big security risk since he has to tell me the
  oracle password

  In more explicit terms, what is the security concern you have?
  Specifically, I do not see what you mean by the sentence:
  when I install grid control agent as "oracle", I provide "oracle "password in order
  to run job on our unix server.By "oracle" are you referring to the Oracle Software owner account, by which the Database and/or EM software was installed?
  Please explain how the job is related to installation of management agent. If you are talking about running jobs after installation, when agent is configured and running, where and how exaclty are you required to enter "oracle" password?

• Flash security concerns, 16.0.0.296 is installed - but 16.0.0.287 is actual?

  Windows 7 -> Adobe - Flash Player: 16.0.0.296 is the installed version, but the list below (Platform, Browser, Player version) shows 16.0.0.287 as actual .... Should we "downgrade" ?
  Due the latest security concerns with flash, I had to rethink the whole story - maybe better just uninstall flash?
  rgds,
  Chris

  Hi Chris,
  Version 16.0.0.296 is the latest release available.  However, it's only being pushed out through our silent auto update and enterprise distribution channels.  We're hard at work making sure this is also available on https://get.adobe.com/flashplayer but that's going to take another day or two to complete.  Once it's out everywhere, we'll update our release notes and associated pages with the proper version number.
  Thanks,
  Chris

• Inter-AS L2VPN security concern

  hi all,
  i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.

  Hi Ahmad
  Looking at your configuration it seems the setup is as below
  CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
  Is that correct ?
  In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
  Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
  Hope this helps you.
  Regards
  Varma

• BB Browser Cipher RC4 128 bit Security Concerns

  When you check Browserspy from your BlackBerry browser via this link:
  http://browserspy.dk/
  Then select "Security" from the list
  Then select "SSL Encryption Check"
  For my Z30 I get RC4 128 bit (see picture.)
  I also get the same results using this test:
  https://www.fortify.net/
  There are security concerns for RC4 128 bit to the extent Microsoft has recommended not using it.  See these two links:
  http://en.wikipedia.org/wiki/RC4
  http://technet.microsoft.com/en-us/library/cc179125.aspx
  I do not have any device connecting to the web using RC4 128 bit.
  Is there a way to change the cipher strength or order for the BlackBerry browser?
  (Just as a side note - because BlackBerry uses WebKit for the browser (Apple uses WebKit) a lot of the browser tester sites pick it up as Safari. I woder if browser testing to determine market share doesn't flag some of Blackberry as Apple due to this "confusion.")
  Solved!
  Go to Solution.

  foryour information, here is what I get for my desktop browsers :
  AES128 for Mozilla Firefox 36.0
  AES128 for Google Chromium 42.0
  AES256 for MS Internet Explorer 11
  and also...
  AES128 for Mozilla Firefox 35.0.1 APK on my Passport
  The search box on top-right of this page is your true friend, and the public Knowledge Base too:

• Security concern?: WiFi & 3G

  Our corporation has decided for the time being to disallow iPads and iPhones onto the wireless network due to concerns that something can bridge from the wifi to the 3G or vice versa. Is this a legitimate security concern? Is there a way a wireless policy could be set to disallow 3G if you are within a particular WiFi area (set by the wifi routers) if there is a concern? Would be interested in hearing thoughts on this subject.

  Is this a legitimate security concern?
  No. They are wrong.
  Is there a way a wireless policy could be set to disallow 3G if you are within a particular WiFi area
  No

• Purchased Macbook Used, Security Concerns

  Hi.
  I purchased a macbook used just so I could have an alternate OS and Ubuntu is no longer a choice because of adobe dropping flash support.
  This macbook has I think 10.8.6 OS installed.
  Basically the person didn't restore it to factory settings, rather just setup a prompt for a new user which I filled out.
  Are there any security concerns I should be aware of?  I actually don't intend to do any shopping or anything like that, not even email.
  What happened the other day, was that my brother I think logged in to some game or something, and macbook found his phone.  That got me surprised a little bit, so I was kind of worried what might happen.
  Any thoughts?
  B.T.W. if I chose to reinstall why do I have to put in registration information, name, address, etc?

  Hi.
  I purchased a macbook used just so I could have an alternate OS and Ubuntu is no longer a choice because of adobe dropping flash support.
  This macbook has I think 10.8.6 OS installed.
  Basically the person didn't restore it to factory settings, rather just setup a prompt for a new user which I filled out.
  Are there any security concerns I should be aware of?  I actually don't intend to do any shopping or anything like that, not even email.
  What happened the other day, was that my brother I think logged in to some game or something, and macbook found his phone.  That got me surprised a little bit, so I was kind of worried what might happen.
  Any thoughts?
  B.T.W. if I chose to reinstall why do I have to put in registration information, name, address, etc?

• I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030

  Hello ?? I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030 Pace Plc 5031NV-030 Ser # 48131N052034 Hardware Version 2701-000875-004 Software Version 9.8.1.489233-att All someone Needs is a Ethernet cord in his back pocket. Connected to Your Router and They Can Find My "Secure" Network Wireless Key is Visable Just By Typing the Default http://192.168.1.254/ IP for my Gateway, in to a browser device on a portable device, so They Can Next Access My Network without My Permmission Net Time !!!!  This is a Serious Security Concern  on  A&TT's Part !!! AT&T Should Have a Concern Over This Too, I Do All I Can to Prevent Theft of My Intenet Service, But If I have a Guest Visit Me, And I Leave the Room Where This Router is Located, I Will Not Know If This Has Taken Place !!!??   AT&T Should Be Very Concerned in This Regard !!!!

   No, you should be concerned about the friends you have at your place.  If you think they will do that, I'd suggest you get some more trustworthy friends.
  Take some personal responsibility to protect your internet service.
  Personally I only use a wired ethernet connected laptop and have wireless turned off, so that concern is mitigated.
  Chris
  Please NO SD stretch-o-vision or 480 SD HD Channels
  Need Help? PM ATT Uverse Care (all service problems)
  ATT Customer Care(all other problems)
  Your Results May Vary, In My Humble Opinion
  I Call It Like I See It, Simply a U-verse user, nothing more

• Certain Pages do not show up in my history log. Why is that. I have a security concern as on site was my online bank site.

  I have noticed that some websites will show up in the history log and some website will not. I have a concern that there might be a security breach on my laptop that I am not aware of.

  You probably need to "Publish All" to make all of the
  pages republish and fix their nav bars.
  Hi Allyson
  I did as you said but oh oh.......... it didn't work. I have also been told that I must add the name of the second site to my first site, so that it would look like this:
  http://web.mac.com/lorna6/secondsitename
  I am told to then use this URL and make it a hyper-link to my first site and then my sites will be linked. I take it to mean that when I hyper link it to my first site, this new URL has to be in the Navigation bar at the top of the page.
  Can I name the second site anything I want or am I constrained as I was in the naming of my first site? (the .Mac constraint of having us all use our .Mac name in the URL. BTW, I don't mind this at all, and in fact I think it's a good thing, because that way I can spot another .Mac person.
  Lorna in Southern California

• Questionable website and security concern

  I was searching google images and clicked on an image which took me to:
  *(do not click if you don't know what your doing please!!)*
  < Edited by Host >
  More specifically:
  < Edited by Host >
  Is this of any concern to me? It seemed like some possible crapware saying I had vulnerabilities on my computer (funny enough it was a windows background/layout being used on the website)
  I am new to mac and try to browse safely, but when I saw this I was an idiot clicking cancel on the popup window thinking it was a safari window and it pretended to scan the computer with what looked like an animated gif. I quickly shut down safari and re-opened it. I searched my history and grabbed the website and that's what I posted here.
  I feel like an idiot and lesson learned, but I just wanted to find out if I should be concerned and if so what to do about it.
  Thanks!!

  Generally that's right. One of the things that keeps Macs fairly trouble free is the OS is built on UNIX, which uses a tiered permission system.
  That particular one you went to, did require the person's involvement. There was nothing automatic.
  Some applications you download ask you to supply your password to install things, well this is a bit like a gate any malware has to get through. So without downloading anything from a dodgy site, nor installing anything you are not sure about particularly if it asks for your password, this keeps you fairly safe, ( but not bullet proof).
  Making sure you have the latest Security Update installed is also a good practice.

• Security Concern

  Hello there!
  Yesterday I Noticed that Some Messages where sent from my Skype Account to one of my Contacts during a time I wasn`t here! I`m really concerned about that. Is there any way we could track the Login Activity of my Account so as to check if someone else Logged in my account during that Time?
  The time was 20:39 (Skype`s Time) Until 21:25 (Skype`s Time).
  I`m having some Suspects in mind, Is there any way we could track the IP they used to Log in and through that at least the Country?
  Thanks in Advance.
  Friendly,
  Constantine

  If the network is unsecured, access is immediately possible.
  The person is able to access the internet and do illegal things through your internet connection.
  The person can try to hack into your computers. Computer firewalls are generally lowered for LAN computers (file sharing, etc.). That means it may be quite easy to access the computer, install backdoors or keyboard sniffers, or access files or store files.
  The person can also try to hack into your router. Again, on the LAN side the security is relatively weak. The person can run a simple brute force program trying to crack the router password (if it's not a simple one or the default 'admin'). Once in the router, the person can change the configuration or even install a customized firmware giving full control of the whole router and all traffic going through the router.
  Some routers can be configured to disallow access to the web interface from a wireless connection. That may help, but of course, once hacked into a wired computer it doesn't make a difference anymore...
  Thus: never run a open wireless network or a WEP protected. Use WPA2 Personal with AES and a strong passphrase. Also set a strong router password. That will effectively protect your wireless network.
  Anything else is irresponsible and sometimes even may have legal consequences if something happens through your computers or your internet connection.

• Table security concerns with form on intranet

  We are trying to maintain database security for forms that run
  on the intranet. The first line of security is to require all
  users to logon to the application. The main concern is the
  database user being asscessed without the application. Here are
  the current ideas:
  The easiest solution would be to hide the user/password
  information on the html that launches the form, however (to my
  knowledge) this is not possible.
  I moved the table containing application users passwords to a
  second user (db user) and am using a function to validate logon
  information. This works great, the problem is where to put the
  actual data tables user by the application. If they are in the
  first user which the form logs into by default then a "curious"
  person may access the tables via a sql session using the
  user/password from the html. The best thing I can come up with
  is to put the data tables in the second user containing the
  logon password table, however if the grants exist for the user
  that the form defaults to we have the same problem.
  Dynamic grants would be perfect however you can not create
  grants with the logon function.
  Any input would be greatly appreciated.
  -Doug
  null

  You can mantain this table in a separate user (administrative
  user) and create a function under this user to validate
  user and password. Grant privilege for the users to execute
  this function, but not to select the table. In this way, any
  user can execute this function but cannot query the table.
  The only one allowed to query and update this table is the
  owner. Based on Oracle concepts, if the user has rights to
  execute a function or procedure, he automatically has implicit
  rights to the objects being accessed by this function or
  procedure. But to access these implicit objects directly,
  he must have specific rights. I hope this can help you.
  null