ICloud and HeartBleed security issue
Are the iCloud servers ok with respect to heartbleed security issuse? is our applemail on icloud ok? is data store on iCloud ok? are our iCloud backups ok?
Not to quibble, but at this writing, this is not actually the case - Apple didn't "release a statement." A unnamed "spokesperson" told a writer at recode.net that "Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected."
http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affecte d-by-heartbleed-security-flaw/
If someone is really a spokesperson, I'd expect there would be a name attached to an official communication, and the recode.net reporter, Mike Isaac didn't name anyone. There's nothing from Apple in the Hot News section of their web site, which is where I'd expect to see an official statement. Search the web for that quote, and everything links back to the recode.net story.
The substance of what Isaac reported may indeed be true, but Apple didn't release a statement.
Similar Messages
-
CMI adapter and Vista security issues
Hi,
We have recently noticed that most of our vista users are complaining that they are unable to run courses despite downloading the latest JRE. On investigating we found that unless we lower the security in IE on Vista CMI adapter aplet is blocked by Vista.
We run iLearn5.0 - any solutions?
KgSee if using the signed applet resolves the security issue.
Add the following parameter at the end of the CMI Adapter URL:
?lms_signed=on -
Acrobat X (performance) and (probably) security issues
Hello,
I'm new with Acrobat X and there are two main problems:
1) I have lots of large OCR scanned documents (PDF/A). I(!!) am the owner of the documents! There is no security build in. When I view the security settings (document properties), all actions are allowed, no restrictions. However, when I want to "compress" (optimize) the pdf document, Acrobat X says: not allowed, I should change the security settings. But there is nothing to change ... when I created the documents I have set all security features to off , all things allowed (but in Acrobat-X the document settings, which show that all actions are allowed, are - on the other hand - not changeable, fields are locked). What can I do ??
2) Performance ! When I save large pdf documents (all such OCR scans of pdf/a-type) to another location (hoping that this will "optimize" the file) the saving process (to a local HD and a 8 GB dual ciore machine) takes 1/2 hour or more (not 1/2 minute!!, what I expected ...). As I have hunderts of those files it can takes weeks or even months to re-save all these documents with Acrobat-X. This must be a malfunction !? Or what else could I do ??
Thanks.
kpl1949Hi, thanks. Very helpful !
Dave Merchant wrote:
If you're viewing a PDF/A document in PDF/A View Mode, all editing is disabled. You can turn it off but are advised to do so only when necessary
OK, but these are MY documents: PDF/A was only an option when scanning - but size is a much more important criterium.
Hope, the "performance" topic of my posting is as easy to solve as the pdf/a issue.
Thanks again.
Klaus -
Select Data Source and Microsoft Security Issue
Hi,
Tool- Xcelsius 2008, QAaWS
When I open dashboard, it gives message "Microsoft Office has identified a potential security concern" "Data Connection have been blocked. If you choose to enable data connection, your computer may no longer be secure. Do not enable this content unless you trust the source of this file." with <Enable> and <Discable> buttons.
If it Enabled then leads to "Select Data Source" screen and asks details for DSN.
At every open it shows same messages.
Please, help if anyone knows or faced this issue.
Regards,
Ashishhi,
this is a really old post.
please could you specify your exact workflow ?
what connectors your dashboard is using?
also, what version and SP and patch are you using for Xcelsius client?
i.e. Are you up to date with latest compatibility updates?
regards,
H -
MII Workbench and java security Issue for jdk7
Hello all,
I am using MII version 12.2.2 Build(234) and java version jdk7.
Now,I am not able to open or create a transaction in workbench.
In java console, an error is shown below:
AWT-EventQueue-0 [ERROR] - java.lang.ExceptionInInitializerError
at com.sap.lhcommon.expressioneval.ExpressionLoader.<clinit>(ExpressionLoader.java:282)
at com.sap.xmii.bls.expressioneval.TransactionFunctions.<clinit>(TransactionFunctions.java:27)
at com.sap.xmii.xacute.editors.common.FunctionsComboBox.createBox(FunctionsComboBox.java:45)
at com.sap.xmii.xacute.editors.common.FunctionsComboBox.<init>(FunctionsComboBox.java:39)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.createExpressionEditorPanel(LinkEditorPanel.java:1033)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.initialize(LinkEditorPanel.java:316)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.<init>(LinkEditorPanel.java:198)
at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorBottomPanel.<clinit>(LinkEditorBottomPanel.java:28)
at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.initDisplay(TransactionInfo.java:353)
at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.createNewFile(TransactionInfo.java:149)
at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction.createFileInfoObject(NewAction.java:194)
at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction$1.construct(NewAction.java:115)
at com.sap.lhcommon.gui.ThreadCreator$2.run(ThreadCreator.java:96)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.action")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass0(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.sap.lhcommon.expressioneval.functions.DecodeFunction.<clinit>(DecodeFunction.java:83)
... 14 more
I also modified the 'java.policy' file. But it did not work. I am still getting the same error.
Kindly advise..
Thanks,
Ritwika.I do not yet know the security implications of doing what I did to fix this issue, but here is my solution.
I added the following to the jre7 java.policy file in the section "grant {":
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action"; -
Crawl and drafts security issue
Hi all!
I'm having problems with an specific document library. In our environment I have at least 5 document libraries with 50000+ documents each one.
One doclib began working wrong last week. After a lot of hours of investigation I found the root cause:
- If draft security is setted-up as "Only users who can edit items", then the crawl failes to read the doclib.
- When I change draft security to "Any user who can read items", the crawl begins to run normally.
Some premises:
- All document libraries are configured with same settings.
- This is the only doclib in the site and entire farm that is causing me a headache.
- Crawl account has FULL CONTROL to WebApplication and content.
- I have three search service applications and the same problem appears in all of them.
- I tried reseting the index but the problem persists.
Some error messages:
- The server is unavailable and could not be accessed. The server is probably disconnected from the network.
- Error from SharePoint site: Operation is not valid due to the current state of the object.
Any idea?
Thanks in advance,
Pablo.
Pablo Alejandro Fain
MCP, MCSA, MCTS, MCITP
This posting is provided AS IS, with no warrantiesIt sounds like the crawler is having difficulty crawling the site, perhaps due to WFE or SQL performance. Are you aware of any performance issues during a crawl?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Planning and Essbase Security Issue
Hi, we just upgraded to 11.1.2 and have been noticing occasional loss of security on LDAP groups. Hyperion SS refreshes the LDAP groups from LDAP periodically and the Workspace/Planning/Essbase servers refresh cache from SS. However, some times, these cache refreshes fail leaving users without any access. We have been working with Oracle to find a resolution, however, haven't had much of a luck so far.
Just wanted to check if anyone has faced and resolved such an issue.
Thank youHi,
Could you please explain more on "Hyperion SS refreshes the LDAP groups from LDAP periodically and the Workspace/Planning/Essbase servers refresh cache from SS" what kind of refresh is it and what does it provide and what does cache refresh mean from SS?
Am a beginner but still will try suggesting if you explain things.
Thanks
Amith -
Outlook 2010 and smtp security issue
I get this message when I "Test Settings"
Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.
I have checked to make sure SSL is being used and also the port 587 is used. Can anyone help me, please?There was no need to play around, these are the recomended settings from Apple, published for all to see:
IMAP (Incoming Mail Server) information:
Server name: imap.mail.me.com
SSL Required: Yes
Port: 993
Username: [email protected] (use your @me.com address from your iCloud account)
Password: Your iCloud password
SMTP (outgoing mail server) information:
Server name: smtp.mail.me.com
SSL Required: Yes
Port: 587
SMTP Authentication Required: Yes
Username: [email protected] (use your @me.com address from your iCloud account)
Password: Your iCloud password
Note: If you receive errors using SSL, try using TLS instead. -
File and Folder Security Issue
Hi,
I'm facing some problem in my windows server 2012 r2. Problem is, when i set a users permission to modify a folder and it's content then that user can delete this folder and it's content. But I want user can write, edit a file (like .doc or .xls) but he
cannot delete this file. Is it possible?
Regards,
MahfuzHi,I have been facing the same problem.
The security measures which were already mentioned here will not gonna work for MS office
file extension because without providing modify permission,its not possible to edit them as this protection is working on this way "edit=delete+create".
So without providing delete option,is there any other way out to manage the staffs?Please let me know.
Thanks,
Ashief Ahmed -
I cant seem to get my previously purchased TV shows, movies on icloud to appear on my apple tv. Any suggestions. I searched this site without much success
Being in UK I'm not 100% certain but Music yes, TV Shows I think so, and Movies currently no.
If they are on the cpmputer or can be accessed in Purchased in iTunes to download to iTunes then they could stream from iTunes to the AppleTV2 over the LAN.
AC -
WRT55AG and Macbook security issues
Hi... I currently have the WRT55AG which is connected to a PC and cable modem. I also have a macbook laptop. The combo has been somewhat smooth for almost a year (just a few power cycles a month).
A few days ago the macbook stopped picking up the router. Power cycles didn't help. I decided to reboot the router and install the latest firmware. I've spent HOURS trying to reconfigure everything.
For some reason, my macbook won't connect to the router with WPA settings, both TKIP and AES. I finally got it to work with the security set on WEP, 128bit encryption and with a key that the router generated.
After reading a few postings, a lot of people suggest WPA for maximum security. Is there anything I can do to make my macbook work with WPA or is it a lost cause? Is it really THAT big of a deal? I'm just glad I finally got my macbook working after about 4-5 HOURS of fooling with all this!
Thanks for reading. =)So i assume that you have already Resetted your Router and Re-configured all the settings on your router back again. Have you created a New Wireless Network Name or stil the same Old SSID. If the SSID is still old, may you can create a New Wireless Network Name and try connecting to that network.
If required you can remove all the Prefered Network list from your MAC computer and later you can try connecting to your Wireless Network using WPA security and check if you are able to go online or not. -
VSFTPD and GVFS security issue
Hi!
I post this here because I don't know where to, maybe it should be done in those projects forums, but here is the deal.
I have recently set up an FTP server on my desktop computer, so I can access my files from anywhere in my notebook. Using AutoFS and Curl I have no problem. I login as my desktop user, and I see my $HOME as I should. everything is in order! I even enter from a web browser and everything looks as it should.
Then I tried using gvfs and run "gvfs-mount ftp://mothership.mulgore"[1] it asked for my user and password, as it should. But when I enter the folder that gvfs created I see de root file system of the other computer, I even get write access to al files there. I can edit all files, from /etc /boot and all that stuff that I shouldn't even be seeing!!
Any idea what's going on? has any got into something like this?
I don't get how could I log in to the FTP server as a common user and still get root access to all files!
[1]: that is the host name defined for my desktop PC in /etc/hostswonder wrote:
@Anarion.h well, you can go to / as well from every ftp client, just move up in the directory. most ftp clients enter in the the home directory by default and that's why you cannot see it.
what are you experience is an improper configuration of vsftpd and has nothing to do with gvfs
What I'm saying is that the configuration I did on vsftpd was such that no one could see the root file system. And THAT is consistent with every client I've used except from gvfs! -
Bit locker security issues (easy to crack) disk encryption?
Bit locker security issues (easy to crack) disk encryption?
Problem 1: When the PC run I think its too easy to get malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
youtube.com/watch?v=0npTlOq6q_0
Problem2:not resistant with bruteforce attacks
youtube.com/watch?v=zvaJxnvbGic
Problem 3: not resistant with boot hacking
Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).Where is your question, sir?
If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
"Problem 3" is not clear, please describe what scenario you are talking about. -
Security issues on Audio Stream
I'm writing a streaming audio player in flex for a client of
mine. Everything is going fine except for the security issues.
I'm using computeSpectrum to draw a sound channel
visualization and that function is one of the one's flash security
limits without proper use of a crossdomain file.
Basically its set up on two servers.
www.clientswebsite.com/somedirectory/AudioPlayer.html is the page
with my .swf.
streamstation.clientswebsite.com is a server with shoutcast
set up. I had my client install IIS on port 80 so now theres a
crossdomain file at
streamstation.clientswebsite.com/crossdomain.xml.
The file is on the up and up:
<cross-domain-policy>
<site-control
permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
</cross-domain-policy>
but for some reason I still get security issues poping up in
my debug flash player.
I am not at all a server or hardware guy, I'm a humble flash
developer and this security issue has me stumped. So, I would
greatly appreciate any advice you guys have.
Also, if its relevant, I'm writing this in Actionscript 3.0
and Flex 3.That's avery broad question. Without knowing what apps you run, how you are connected to the internet, whether or not you download pirated stuff or whatever how can anyone give you a definitive answer?
-
I'm using Flash 8 and in my code i use the XMLSocket.connect
command. When i try to connect to another computer in my LAN i get
a security warning that says that flash stopped an unsafe
operation. When i select "Settings" and add the swf path to the
trusted locations everything works well.
My question is, what if i'm not connected to the internet?
How can i pass this security warning without an intenet connection
to get to the URL in which i add trusted locations?Unfortunately, that doesn't help me pin it down much. It sounds like we tightened restrictions on a behavior that was previously allowed, which caused them to need to update their content. The web is a dynamic place, and Flash has an obligation to be a good citizen in the larger ecosystem. As new web standards evolve and emerge, it's important that Flash Player is aligned with them to the extent possible. In the same vein, we work closely with partners in industry, academia and government to identify and resolve security issues based on the latest research and intelligence.
While we take backwards compatibility seriously, the security landscape looks very different than it did 5-10 years ago. The security of both end-users and the network is of paramount importance. With the quantity and age of existing Flash content (not all of which is generated by Adobe software), it's incredibly difficult to anticipate whether or not content will break when we change something, particularly if it's esoteric. We operate a public beta program and encourage content providers to participate in order to prevent unexpected outages as the result of changes to Flash Player. The beta can be found at http://www.adobe.com/go/beta/.
If your cable provider needs assistance in resolving the issue, their engineers are more than welcome to reach out to me directly.
Maybe you are looking for
-
Hi all, I have Elements for the PC and really enjoy using the organizer function and the cataloging function. As I moved to the MAC version, Adobe seemed to have omitted the catalog. Any advice or 3rd party applications that can bridge that gap? Does
-
How can I stop Buffering on my Ipad2?
My Ipad buffers very often when watching a video...how can I stop this?
-
Have just worked a load of Raw Photo Files in Photoshop as on previous occasions but this time they have saved as VIDEO + JPG, also turned all other CR2 files into video in the folder. Can anybody help please.
-
Implication of Namespace Prefix
Hi All, Something I need to understand: What is the implication do creating a namespace prefix? For example, I have create a SC with: Vendor: trial.com.ex1 Name: TEST_PROD Then I create an SC with: Vandor: trial.com.ex1 Name: TEST_SC Now I create a D
-
Any tips for editing an HDV time lapse?
I have done some extensive Googling on time lapse and understand the limitations of video as compared to film, and how most professional time lapsers use still cameras. Be that as it may, I am just having some fun with my new HDV camera and its built