Lion OS X Security & Stability Questions

Similar Messages

• Not able to get rid of security-related questions in runtime

  Hi,
  I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
  I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
  Would anyone please advise me how to get rid of that?
  Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
  Thank you

  Right clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
  Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
  Was seen here :
  https://discussions.apple.com/message/16447109#16447109
  Thank you for stepping in. Good to know that people are still willing to help in this community.
  Greetz to the UK from France

• Security upgrade question - Getting 6.1.6 downloaded to iphone.

  Security upgrade question - I have a 4S phone v6.01 with an upgrade to IOS 7.04 already downloaded and ready for install.  I would like to install the 6.1.6 security upgrade instead. How do I delete the ios7 in the queue or have the 6.1.1 pushed as an option to the phone?

  You can't install iOS 6.1.6 on that device and must update it to 7.0.6.
  (101120)

• I foreget my  security answer questions. --app store

  I foreget my  security answer questions . --app store
  I can not buy any thing without answeing this questions
  Pls help me to repair this problem

  Q - Can I change the answers to the security questions for my Apple ID?
  A - Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID and click Manage your account.
  http://support.apple.com/kb/he37
  Manage your Apple ID -
  https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/

• Security/session questions

  Hi,
  I have some security/session questions for you guys.
  My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
  Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
  Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
  Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
  Hope someone got the time to help me out.

  I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
  Following are the main changes in my application: (Introducing spring security)
  Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
  The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
  On the server:
  web-xml:
  <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>
              /WEB-INF/config/web-application-config.xml
              /WEB-INF/config/web-application-security.xml
          </param-value>
      </context-param>
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      <servlet>
          <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>/WEB-INF/config/flex-application-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
      </servlet>
  flex-application-context:
  <flex:message-broker>
          <flex:secured/>
      </flex:message-broker>
  web-application-context:
  I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
  <bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
          <security:custom-authentication-provider/>  
  </bean>
  web-application-security:
  <http entry-point-ref="preAuthenticatedEntryPoint" />
      <beans:bean id="preAuthenticatedEntryPoint"
          class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
      <!-- Securing the service layer -->
      <global-method-security>
          <protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
      </global-method-security>
  On the client:
  private function login():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken;
      token = cs.login(username, password);
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
  private function logout():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken = cs.logout();
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler));

• Forget security answer question

  im forget the security answer question

  If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then go to https://appleid.apple.com/ and click 'Manage your Apple ID' on the right-hand side of that page and log into your account. Then click on 'Password and Security' on the left-hand side of that page and on the right-hand side you should see an option to send security question reset info to your rescue email address.
  If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5312

• HT201413 forgot my itunes security secret questions for purchase music

  Iforgot my itunes security secret questions for to purshase music how do i get to redo it again plz

  same thing is happening to me aswell please i dont know what to do

• HT5699 I forgot my security support question and answer, what should i do?

  I forgot my security support question and answer, what should i do

  See Kappy's great User Tips.
  See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
  Rescue email address and how to reset Apple ID security questions
  http://support.apple.com/kb/HT5312
  Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
  Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
   Cheers, Tom

• HT5312 i forgot my security my question . i need to send my security a gain .

  i forgot my security my question . i need to send my security a gain .

  Try calling your country number from http://support.apple.com/kb/HE57 and ask to speak with Account Security.

• I am not receiving security rest question from apple

  i am not receiving security rest question from apple, i need to buy some app. please help

  Read here  >  Apple ID: All about Apple ID security questions
  If necessary
  1)  See Here > Apple ID: Contacting Apple for help with Apple ID account security
            Ask to speak with the Account Security Team...
  2)  Or Email Here  >  Apple  Support  iTunes Store  Contact
  Note:
  You can only set up a Rescue Email BEFORE you forget the questions/answers.

• I forget security info question, i forget security info question

  i forget security info question, i forget security info question

  The Three Best Alternatives for Security Questions and Rescue Mail
      1. Use Apple's Express Lane.
            Go to https://expresslane.apple.com ; click 'See all products and services' at the
            bottom of the page. In the next page click 'More Products and Services, then
            'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
            ID security questions' and click 'Continue'. Please be patient waiting for the return
            phone call. It will come in time depending on how heavily the servers are being hit.
       2.  Call Apple Support in your country: Customer Service: Contact Apple support.
       3.  Rescue email address and how to reset Apple ID security questions.
  A substitute for using the security questions is to use 2-step verification:
  Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

• HT1689 How Do You Change Security Confirmation Questions/Answers?

  I am trying to purchase from my new iPod Touch.  It keeps asking for answers to security confirmation questions.  I have forgotten the answers.  How do I change my security confirmation answers/questions?

  Try:
  https://discussions.apple.com/message/18401752#18401752
  https://discussions.apple.com/thread/3955432?tstart=0

• HT204088 I forgot the security conformation question

  I forgot my security conformation question answer.  What can I do?

  That email option is not there anymore. I found out the other day when I tired.
  Happened to me the other day. I went to https://expresslane.apple.com/Issues.action and asked what to do there. Less that 24 hours later I got a response to go to the account management on the page linked above, select lost or forgotten password, and then you will have the option to have an apple rep call you back. Most times there is an option to have them call you immediately. From there they will reset your questions if you can prove a few thing to them. Give it a try, it is fast!
  Oh...  answers are case sensitive. Rep I spoke to suggested to use one word answers to the questions and use all upper or lower case. When you answer the questions again it is probably best to just write them down EXACTLY as written put it in a safe place.

• Question regarding Lion's Versions security

  I am wondering if whether a potential security issue affects Versions.
  Let's say I have a encrypted text file (maintained with TrueCrypt) that I use to store all of my passwords. The list starts out with a single entry, but over time I add more information, until I have a few dozen edits. I use Lion's TextEdit app to edit the document. Each time I save the document the versions information being stored outside my encrypted file, in the DocumentRevisions-V100 folder now holds information from the saved versions. Question: is this Versions information in "cleartext" (unencrypted), and therefore my passwords are essentially being stored two places? One place in an encrypted text file, and in the DocumentRevisions-V100 folder open to anyone who obtains root access? After all, root access is exceedingly easy on Lion.
  I suppose the easy answer, just to be safe is to never use a Versions enabled app to edit an encrypted file. But is it really necessary?

  Linc Davis wrote:
  If you're serious about encryption, you need FDE. If you're not serious, don't use it at all.
  Really?
  http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
  http://www.macworld.com/article/165202/2012/02/apple_filevault_2_encryption_crac ked_by_forensic_software.html
  I think TrueCrypt is at least as safe as FDE.
  Upon further investigation, nothing is saved outside the container, as Lion treats the container as an external drive, wherein Versions is not applicable.

• ASA 5505 Interface Security Level Question

  I am wondering if someone can shed some light on this for me. I have a new ASA 5505 with a somewhat simple config. I want to set up a guest VLAN on it for a guest wireless connection.
  I set up the ASA with the VLAN, made a trunk port, set up DHCP (on the ASA) on the guest VLAN, configured NAT, etc. Everything seem to be working with that. Guests are getting address on the correct subnet, etc.
  The only issue I have is that the Guest VLAN (192.168.22.0) can get to the secure (VLAN1 - 172.16.0.0). I set up the guest VLAN (VLAN 5) with a security level of 10, the secure with a level of 100. I figured that would be enough. To stop the guest from accessing the secure, I had to throw on an ACL (access-list Guest-VLAN_access_in line 1 extended deny ip any 172.16.0.0 255.255.255.0)
  Can someone  show me what I did wrong?
  Thank you for any help!
  To create the VLAN, I did the following:
  int vlan5
  nameif Guest-VLAN
  security-level 10
  ip address 192.168.22.1 255.255.255.0
  no shutdown
  int Ethernet0/1
  switchport trunk allowed vlan 1 5
  switchport trunk native vlan 1
  switchport mode trunk
  no shutdown
  below is the whole config.
  Result of the command: "sho run"
  : Saved
  ASA Version 9.1(3)
  hostname ciscoasa
  enable password zGs7.eQ/0VxLuSIs encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  switchport trunk allowed vlan 1,5
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.16.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address <External IP/Mask>
  interface Vlan5
  nameif Guest-VLAN
  security-level 10
  ip address 192.168.22.1 255.255.255.0
  boot system disk0:/asa913-k8.bin
  ftp mode passive
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network Inside_Server1_80
  host <Inside_server1_IP>
  object network Inside_Server1_25
  host <Inside_server1_IP>
  object network Inside_Server1_443
  host <Inside_server1_IP>
  object network Inside_Server1_RDP
  host <Inside_server1_IP>
  object service RDP
  service tcp destination eq 3389
  object network Outside_Network1
  host <Outside_Network_IP>
  object network Outside_Network2
  host <Outside_Network_IP>
  object network Outside_Network2
  host <Outside_Network_IP>
  object network TERMINALSRV_RDP
  host <Inside_server2_IP>
  object network Inside_Server2_RDP
  host <Inside_Server2_IP>
  object-group network Outside_Network
  network-object object Outside_Network1
  network-object object Outside_Network2
  object-group network RDP_Allowed
  description Group used for hosts allowed to RDP to Inside_Server1
  network-object object <Outside_Network_3>
  group-object Outside_Network
  object-group network SBS_Services
  network-object object Inside_Server1_25
  network-object object Inside_Server1_443
  network-object object Inside_Server1_80
  object-group service SBS_Service_Ports
  service-object tcp destination eq www
  service-object tcp destination eq https
  service-object tcp destination eq smtp
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in extended permit object-group SBS_Service_Ports any object-group SBS_Services
  access-list outside_access_in extended permit object RDP any object TERMINALSRV_RDP
  access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server1_RDP
  access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server2_RDP
  access-list Guest-VLAN_access_in extended deny ip any 172.16.0.0 255.255.255.0
  access-list Guest-VLAN_access_in extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  mtu Guest-VLAN 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-714.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network obj_any
  nat (inside,outside) dynamic interface
  object network Inside_Server1_80
  nat (inside,outside) static interface service tcp www www
  object network Inside_Server1_25
  nat (inside,outside) static interface service tcp smtp smtp
  object network Inside_Server1_443
  nat (inside,outside) static interface service tcp https https
  object network Inside_Server1_RDP
  nat (inside,outside) static interface service tcp 3389 3389
  object network TERMINALSRV_RDP
  nat (inside,outside) static <TerminalSRV_outside)IP> service tcp 3389 3389
  object network Inside_Server2_RDP
  nat (inside,outside) static interface service tcp 3389 3390
  nat (Guest-VLAN,outside) after-auto source dynamic obj_any interface
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  access-group Guest-VLAN_access_in in interface Guest-VLAN
  route outside 0.0.0.0 0.0.0.0 <Public_GW> 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 172.16.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.22.50-192.168.22.100 Guest-VLAN
  dhcpd dns 8.8.8.8 4.2.2.2 interface Guest-VLAN
  dhcpd lease 43200 interface Guest-VLAN
  dhcpd enable Guest-VLAN
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 129.6.15.30 prefer
  username <Username> VAn7VeaGHX/c7zWW encrypted privilege 15
  class-map global-class
  match default-inspection-traffic
  policy-map global-policy
  class global-class
    inspect icmp
    inspect icmp error
    inspect pptp
  service-policy global-policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7f5d70668ebeb94f49f312612f76c943
  : end

  Hi,
  To my understanding they should not be able to connect to the more secure network IF you DONT have an interface ACL configured.
  One very important thing to notice and which I think is the most likely reason this happened is the fact that as soon as you attach an interface ACL to an interface then the "security-level" looses its meaning. The "security-level" has meaning as long as the interface is without an ACL. This makes the "security-level" only usable in very simple setups.
  What I think happend is that you have "permit ip any any" ACL on the interface that allowed all the traffic.
  Your option is to either remove the interface ACL completely or have the ACL configured like you have now. I mean first block traffic to your secure LAN and then allow all other traffic which would allow the traffic to Internet
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed.
  - Jouni