HT6170 Question about security questioni

Similar Messages

• Question about security issues regarding 'cp' and 'mv'

  Ok, I wondered about how 'cp' and 'mv' are really working. I have some guesses but I need these things to be confirmed.
  Here is what I have:
  A partition with a unix file system, say ext2 or 3 (does this make a difference here?) containing *very* sensitive data. The filesystem is encrypted (whirlpool/serpent) but that shouldn't matter. As I do not want corpses of dead files lying around that could be recovered, I always use 'shred -zu' with 26 passes to overwrite and then delete the data.
  And that's where I have my conceirns:
  If I want to rename a file or move it to another folder on the same partition. Is it save to 'mv' it? Or should I 'cp' it and then 'shred' the original file. I assume that 'mv' will not touch the actual file and just tell the file system of it's new name or place in the folder-structure. Given that, shredding a 'mv'ed file should not leave a trace of it on the drive (except of the old filename before the 'mv' maybe, but that wouldn't be too critical). I assume that, because it's the only thing that would make sense to me, but have to know it for sure!
  However, on moving the file to another drive I should probably 'cp' it, then 'shred' the original file. The question I have here is as follows:
  How much information which could be recovered leaves 'cp'ing in my RAM? Will I have to find a way to somehow shred the information in the RAM or can I assume that my RAM get's rewritten often enough, that most traces will be gone, say, in a couple of days?
  If you have links at hand to confirm your answer, please post them, too.

  Okay, thanks for that, I will have a closer look on flushing the ram.
  Sure, I care about security and privacy, but -- as you might expect -- the data I have are not really THAT sensitive/confidential/whatsoever. I've just gotten into it somehow and now I'm just curious/intrested in improving it for it's own sake more or less.

• TS3297 When I try to buy a song from iTunes it says something about security questions and when I type them in it says they are not valid and won't let me download the music?!

  iTunes Store is not letting me purchase any songs. When I download them it says something about security questions and when I type them in it says they are incorrect when they are! Hiw can I download song?

  Click here and search the article for '2 out of 3' without the quotes; in the case of forgotten answers, this generally involves either a message being sent to your rescue email address or contacting the iTunes Store staff directly.
  (74834)

• Can I stop Windows 7 from warning about security on every linked PDF?

  I am working on a project for which I have created one central document (an index) and 120 linked documents. Each document, on every page, has links to the next alphabetical document and back to the central index. This project will be distributed on disc to people with unknown computer platforms.
  I am a Mac user, and this works well on my iMac using Adobe Reader. It also works on my ancient Windows XP machine. A tech friend has looked the project over, and he says that on Windows 7 (used by more than half of computer users), every time a document links to a new document, Windows 7 throws up a warning about PDF security hazards. With a large number of documents to open, this could be tiresome.
  Is there a way to stop Windows 7 from warning about security on every linked PDF?
  This tech person recommends joining all the PDFs into one file (around 50 MB by his estimate), which would require relinking every current link.
  Acrobat offers to do the same with its Portfolio, but I'm not fond of the graphic styles offered, and I worry that one large file might be a challenge for older machines.
  Any suggestions?

  Can you get a screen shot of this error message or at least the exact wording? I suspect the error message is being displayed by Reader/Acrobat and not Windows.

• Wondering if I should upgrade from OS 10.6.8 to yosemite as search engines are acting a little weird - fan can come on, slow to shut down and also concerned about Security as my OS is older and no longer upgraded etc...?

  Problem description:
  Wondering if I should upgrade to Yosemite from Mac pro 10.6.8  as search engines are not always responding well - Fan comes on with firefox/safari is not always responding on some sites - also concerned about security issues as my system is older and not able to receive ? I have used etrecheck and copied results here - Any help/suggestions much appreciated  - Thanks kindly!
  EtreCheck version: 2.1.8 (121)
  Report generated February 7, 2015 10:41:15 AM EST
  Download EtreCheck from http://etresoft.com/etrecheck
  Click the [Click for support] links for help with non-Apple products.
  Click the [Click for details] links for more information about that line.
  Hardware Information: ℹ️
      MacBook Pro (13-inch, Early 2011) (Technical Specifications)
      MacBook Pro - model: MacBookPro8,1
      1 2.3 GHz Intel Core i5 CPU: 2-core
      4 GB RAM
          BANK 0/DIMM0
              2 GB DDR3 1333 MHz ok
          BANK 1/DIMM0
              2 GB DDR3 1333 MHz ok
      Bluetooth: Old - Handoff/Airdrop2 not supported
      Wireless:  en1: 802.11 a/b/g/n
      Battery Health: Normal - Cycle count 303
  Video Information: ℹ️
      Intel HD Graphics 3000 - VRAM: 384 MB
          Color LCD 1280 x 800
  System Software: ℹ️
      Mac OS X 10.6.8 (10K549) - Time since boot: 1:24:41
  Disk Information: ℹ️
      Hitachi HTS545032B9A302 disk0 : (298.09 GB)
          - (disk0s1) <not mounted> : 210 MB
          Macintosh HD (disk0s2) / : 319.73 GB (198.41 GB free)
      OPTIARC DVD RW AD-5970H
  USB Information: ℹ️
      Apple Inc. FaceTime HD Camera (Built-in)
      Apple Inc. BRCM2070 Hub
          Apple Inc. Bluetooth USB Host Controller
      Apple Inc. Apple Internal Keyboard / Trackpad
      Apple Computer, Inc. IR Receiver
  Thunderbolt Information: ℹ️
      Apple, Inc. MacBook Pro
  Configuration files: ℹ️
      /etc/hosts - Count: 15
  Kernel Extensions: ℹ️
          /System/Library/Extensions
      [not loaded]    com.olympus.DSSBlockCommandsDevice (1.1.0) [Click for support]
  Problem System Launch Daemons: ℹ️
      [not loaded]    org.samba.winbindd.plist [Click for support]
  Launch Agents: ℹ️
      [not loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
      [loaded]    com.adobe.CS5ServiceManager.plist [Click for support]
  Launch Daemons: ℹ️
      [loaded]    com.adobe.fpsaud.plist [Click for support]
      [loaded]    com.adobe.SwitchBoard.plist [Click for support]
      [loaded]    com.microsoft.office.licensing.helper.plist [Click for support]
  User Launch Agents: ℹ️
      [loaded]    com.adobe.AAM.Updater-1.0.plist [Click for support]
      [loaded]    com.adobe.ARM.[...].plist [Click for support]
      [loaded]    com.google.keystone.agent.plist [Click for support]
  User Login Items: ℹ️
      Flux    Application  (/Applications/Flux.app)
  Internet Plug-ins: ℹ️
      JavaAppletPlugin: Version: 13.9.8 - SDK 10.6 Check version
      FlashPlayer-10.6: Version: 16.0.0.305 - SDK 10.6 [Click for support]
      QuickTime Plugin: Version: 7.6.6
      AdobePDFViewerNPAPI: Version: 10.1.12 [Click for support]
      AdobePDFViewer: Version: 10.1.12 [Click for support]
      DivXBrowserPlugin: Version: 1.4 [Click for support]
      Flash Player: Version: 16.0.0.305 - SDK 10.6 [Click for support]
      SharePointBrowserPlugin: Version: 14.1.0 [Click for support]
      Google Earth Web Plug-in: Version: 7.1 [Click for support]
      Silverlight: Version: 4.1.10329.0 [Click for support]
      iPhotoPhotocast: Version: 7.0 - SDK 10.7
  Audio Plug-ins: ℹ️
      iSightAudio: Version: 7.6.6
  3rd Party Preference Panes: ℹ️
      Flash Player  [Click for support]
      Growl  [Click for support]
  Time Machine: ℹ️
      Time Machine information requires OS X 10.7 "Lion" or later.
  Top Processes by CPU: ℹ️
           7%    WindowServer
           1%    plugin-container
           1%    firefox
           0%    fontd
           0%    Flux
  Top Processes by Memory: ℹ️
      515 MB    firefox
      52 MB    mds
      43 MB    WindowServer
      43 MB    Finder
      34 MB    plugin-container
  Virtual Memory Information: ℹ️
      2.14 GB    Free RAM
      745 MB    Active RAM
      475 MB    Inactive RAM
      929 MB    Wired RAM
      231 MB    Page-ins
      0 B    Page-outs
  Diagnostics Information: ℹ️
      Feb 7, 2015, 09:16:09 AM    Self test - passed

  ... Fan comes on with firefox/safari is not always responding on some sites -
  An SMC reset may resolve the otherwise inexplicable fan behaviour. Be sure to read the procedure carefully and follow all the steps exactly as written, even if they seem inapplicable or trivial.
  Fixing a modified Hosts file requires specific instructions. Apple Support Communities contributor and EtreCheck author etresoft recently added a User Tip discussing that concern, and how to correct it: Fixing a hacked /etc/hosts file
  Back up your Mac prior to making any changes to its file system. To learn how to use Time Machine read Mac Basics: Time Machine backs up your Mac.

• 7 Things every Adobe AIR Developer should know about Security

  7 Things every Adobe AIR Developer should know about Security
  1. Your AIR files are really just zip files.
  Don't believe me? Change the .air extension to zip and unzip
  it with your favorite compression program.
  What does this mean for you the developer? What this means is
  that if you thought AIR was a compiled protected format, alas it is
  not.
  2. All your content is easily accessible in the AIR file.
  Since we now that the AIR file is really just a zip file,
  unzip it and see what's inside. If you have added any content
  references when you published the AIR file, voila, there it all is.
  What does this mean for you the developer? Well, you content
  is sitting there ripe for the picking, and so is everything else
  including you Application descriptor file, images etc.
  3. Code signing your Air app does nothing as far as security
  for you.
  All code signing your app does is verify to the end user that
  someone published the app. I does nothing as far as encryption and
  does nothing to project your content.
  What does this mean for you the developer? We'll you should
  still do it, because getting publisher "unknown" is worse. It also
  means that joe hacker would not be able decompile your entire app
  and republish it with the same certificate, unless they
  somehow got a hold of that too.
  4. All your AIR SWF content is easily decompilable.
  Nothing new here, it's always been this way. Type flash
  decompiler into google and you'll find a variety of decompilers for
  under $100 that will take your AIR content swf and expose all your
  source code and content in no time.
  What does this mean for you the developer? All you content,
  code, urls and intellectual property is publicly available to
  anyone with a decompiler, unless you do some extra work and encrypt
  your swf content files, which is not currently a feature of AIR,
  but can be done if you do your homework.
  5. Your SQLite databases are easy to get at.
  SQLite datatbases can be accessed from AIR or any other
  program on you computer that knows how to work with it. Unless you
  put your database in the local encrypted datastore, or encrypt your
  entire database it's pretty easy to get at, especially if you
  create it with a .db extension.
  What does this mean for you the developer? We'll SQLite is
  very useful, but just keep in mind that your data can be viewed and
  altered if you're not careful.
  6. The local encrypted datastore is useful, but....
  The local encrypted datastore is useful, but developers need
  a secure way of getting information into it. Storing usernames,
  passwords and urls in clear text is a bad idea, since as we
  discussed, you code is easy to decompile an read. By putting info
  into the local encrypted datastore, the data is encrypted and very
  difficult to get at. The problem is, how do you get it into there,
  without have to store any info that can be read in the air file and
  without the necessity of communicating with a web server? Even if
  you called a web service and pushed the returned values into the
  datastore, this is not ideal, since you may have encoded the urls
  to you web service into your code, or they intercept the results
  from the web service call.
  What does this mean for you the developer? Use the local
  datastore, and hope that we get some new ways of protecting content
  and data form Adobe in the next release of AIR.
  7. There are some things missing form the current version of
  AIR (1.1) that could really help ease the concerns of people trying
  to develop serious applications with AIR.
  Developers want more alternatives for the protection of local
  content and data. Some of us might want to protect our content and
  intellectual property, remember not all of us are building toys
  with AIR. Other than the local encrypted datastore there are not
  currently any built in options I'm aware of for encrypting other
  content in the AIR file, unless you roll your own.
  What does this mean for you the developer? We'll I've been
  told that Adobe takes security very seriously, so I'm optimistic
  that we'll see some improvements in this area soon. If security is
  a concern for you as much as it is for me, let them know.

  Putting "secret data" as a clear text directly in your code
  is a broken concept in every environment, programing language.
  Every compiled code is reversible, especially strings are really
  easy to extract.
  There is no simple, straightforward way to include secret
  data directly with your app. This is a complicated subject, and if
  you really need to do this, you'll need to read up on it a bit.
  But in most cases this can be avoided or worked around
  without compromising security. One of the best ways is to provide
  the user with a simple "secret key" alongside the app (best way is
  the good old login/password). The user installs the app, and
  provides his "secret key", that goes directly into
  EncryptedLocalStore, and then you use this "secret key" to access
  the "secret data" that's stored on your server. Then you can
  transfer the "secret data" directly into EncryptedLocalStore.
  As for the whole thread:
  Points 1-5 -> Those points do not concern AIR apps only.
  If you are developing an application in any language, you should
  follow those rules, meaning:
  - Code installed on users computer is easy accessible
  - Data stored locally is easy accessible, even if it
  encrypted using any symmetric-key encryption, because the
  encrypting algorithm and encryption key is in your source code (you
  could probably write a book on using public-key encryption so let's
  just leave it for now ;)
  Point 6 -> Is a valid one. All your app security should
  relay on the EncryptedLocalStore. But it is your job to get the
  data securely into the ELS, because there is no point to encrypt
  data that can be intercepted.

• What about security in adf faces application ?

  It seem that the documentation has a little bit changed about security for adf faces application.
  SRDemo J2EE sample application only implemented the security at the web container and may be for the session beans (don't remember) by using security-role and security-constraint in web.xml configuration file.
  It seem that the documentation recommand now to implement adf security and didn't find anymore the reference to the standard j2ee security implementation.
  We found also that the security constraints checked by the web container was sometimes ignored and the container didn't ask us to login before displaying a page.
  Is ADF security a clear Oracle recommandation for ADF Faces application ?
  What about j2ee security for this type of application (why it is not recommended to use it) ?

  Hi,
  there is no single recommedation about security because security ideally is applied on several levels to implement security in depth. Container managed security with J2EE is a good option to secure page access and - if using EJB - to propagate the user identity for method level access control.
  Using ADF Security, which is security added to the binding layer based on JAAS, a second layer of the security onion becomes available that allows you to define which user is allowed to perform which operation on an iterator or attribute binding. This goes beyond of what container managed security can do for you.
  The thrid layer is business layer security and eventually database security.
  For Oracle Open World we will have a developmengt track and one of the presentation I am giving with Ric Smith from our team is about end-to-end application security for ADF Faces, ADF, ADF BCor TopLink/EJB and the Oracle database.
  The plan is to also write this up in a paper, but this would come late because of other priorities I have on my plate. So attending OOW probably is the best option for you to get the big picture
  Frank

• Audio warning about security on computer.....

  I am getting frequent loud audio warning about security on my computer.  The message plays continuously until I turn it off.  it tells me to go to (I think this is it,but I threw the paper away with the exact address) but there is no web address like that.  Is it a hoax and can I block it if so?  Is it real and do I need to do something?  Call from NOTIFICATION® - URGENT ONLINE NOTICE, duration 01:45 is what shows on the log.
  Thank you, Tovarishtina

  please visit the thread below for instructions and suggestions on how to deal with such unwanted and suspicious activities;
  How to Handle Suspicious Calls, Messages and Contact Requests (Scam/Spam)
  CONTACT SKYPE CUSTOMER SERVICE   |  HOW TO RECORD SKYPE VIDEO CALLS  | HOW TO HANDLE SUPICIOUS CALLS AND MESSAGES   |  WINDOWS PROBLEMS TROUBLESHOOTING   |  SKYPE DOWNLOAD LINKS  
  MORE TIPS, TRICKS AND UPDATES AT
  skypefordummies.blogspot.com

• Any one have any information about Security Group to send it to me

  any one have any information about Security Group to send it to me
  what is it and how can we use it in our work

  Have a look in the general R12 MOAC and FA concepts.
  With security groups, you can defined a set of organizations with a shared access.
  E.g. you defined one Secruity groups and assigned in these group 5 organizations.
  The security group is assign to a responsibility.
  You have access to these 5 organizations over one responsibility, you must not change the responsibility, if you will enter transactions for a other organization.

• Firefox will not open on my Mac, it says something about security settings but I don't know where to go

  it says something about security settings

  The button would be on your iPod version of Skype, not the computer version. They are not the same.

• Doubt About Security Levels

  Hi Experts,
  I want to know more About Security Levels.
  1..What r the Security Levels
  2..Why Do we need
  3..Where we can give the Security Levels
  Please Clarify me
  Regards
  Khanna

  Hi Rajesh,
  You can define a security level for incoming messages handled by certain HTTP-based sender adapters.
  Possible HTTP security levels are (in ascending order):
  -- HTTP without SSL
  -- HTTP with SSL (= HTTPS), but without client authentication
  -- HTTP with SSL (= HTTPS) and with client authentication
  This will clear most of ur doubts
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  Regards,
  Prateek

• I have several times tried to stop following a thread in the PDF's forum about security issues and i still keep getting flooded with emails from this thread. I used the action within the thread that says stop following but appears to have no effect I stil

  I have several times tried to stop following a thread in the PDF's forum about security issues and i still keep getting flooded with  emails from this thread. I used the action within the thread that says stop following but appears to have no effect I still keep  getting from 5 to 20 emails daily. Please help!!!!!!!

  This may be helpful: How do I disable email notifications?

• About security management

  hi all,
  i want to know about security management system.cn any one send me the documentation or any related presentations to the below mail gupta1428(@ gmail)
  if possible plz explain me clearly.......
  please help me to get out this problem
  thanks in advance.....
  thanks,
  gupta.
  Edited by: gupta pullipudi on Apr 10, 2008 4:40 PM

  >
  gupta pullipudi wrote:
  > can u provide me any links for compleate documentation............
  Dear Gupta,
  I guess you're asking for the training manual from the SAP courses ADM940, ADM950, ADM960?
  You'll find the extract of these fine courses in the SAP Help Portal: [http://help.sap.com|http://help.sap.com]
  There you have to click on "SAP Solution" -> "SAP NetWeaver" -> "Overview" -> "System Configuration and Administration" -> "Security Guide".
  As easy as !!!
  Regards,
  Klaus

• Doubtful about security of oracle's Wrap code!

  Dears
  I am little bit doubtful about security of oracle's own Wrap code like package "sys.utl_smtp" .
  Someone can easily Unwrap it without source code?
  How it possible? whats your opinion about this? please can anybody clear me.
  Regards
  Abdul Halim
  Edited by: Abdul Halim on May 31, 2013 8:14 PM

  Halm, you are operating under the mistaken belief that your code deserves hiding from the customer and competitors to begin with. Why? All you are doing in the code is performing DML. It is not like your application is the only one in the world that performs its function.
  If someone really wanted to they could figure out what your code is basically doing just by looking at the table and file data before and after running the code. By careful manipulation of the data and studying the results they can figure out what is being done and then develop their own specific of the how it is done. One can also look at Oracle's internals as the code is being processed both using Oracle provided views and direct peaking at Oracle's shared memory. Then there are tools like sql trace which will captute the SQL, waits, and binds for the process.
  But all of this is kind of mute in that most shops do not have the talent to write their own unwrapper nor has the shop purchased an unwrapper so if you wrap the code it is going to be secured from most users and competitiors. I would just recommend that potential customers not purchase your product becuase the customer is going to need access to the code either for debugging (bugs will exist in the code) or tuning. Likely both.
  IMHO -- Mark D Powell --

• I cant get information about security questions . How to get it back

  Security question . I cant reset the information . About it . How to get the answer or how to change it .

  Security questions:
  https://discussions.apple.com/docs/DOC-4551
  http://support.apple.com/kb/HT5312
  http://support.apple.com/kb/HT5665
  If you don’t know your security questions, phone Apple (using the number listed here:  http://support.apple.com/kb/HE57  ) and ask for the Account Security Team.
  About 2-step verification of your Apple ID:
  http://support.apple.com/kb/ht5570
  This is also useful:
  http://www.macworld.co.uk/ipad-iphone/news/?newsid=3463233&olo=email