SECURED ?
Adobe Reader 9 on Windows XP.
Not a problem, just a question. When I open a local PDF document with Adobe Reader, the Windows title bar shows
> docname.pdf (SECURED)
Anybody knows what the meaning of this is?
The document contains some security settings.
Similar Messages
-
Error while invoking a WS-Security secured web service from Oracle BPEL..
Hi ,
We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
Any pointers in this regard will be highly appreciated.
Thanks,
SaurabhHi James,
Thanks for the quick reply.
We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
But on the BPEL console, we are getting the error as mentioned.
Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
Thanks,
Saurabh -
I was looking at youtube.com, which always tells me my browser is not supported and recommends I download Firefox, but that is what I was using, so I went to Firefox to check for updates. (I think I also had freecycle.org open.) Then this message popped up in a new page: Mozilla security found (something like "too much", forget exact word) activity on your computer so it will do a fast scan of system file. There was an OK button. The page address was: http://update17.stegner.ce.ms/index.php?Q7Lhl9ShbRxGJXpkM1VLSi4ZE8H4pTedoVPySgeppM3VpC+thEspcFG7qxHgn1pdsC2h5ygPGWI3t5hXqMzL9EQaZZ3J1e3CKXgCb0Qp. I did not click OK but copied the link and closed the window which closed the internet. I have never seen this before and would like to know if it is really Mozilla or possibly something malicious. Thank you.
Good catch. That almost certainly is an invitation to download malware.
There are a lot of infected web sites pushing "fake antivirus" software. If you have any doubts about whether your system might have become infected, you can supplement your regular security software with these two highly regarded scanners:
Malwarebytes Anti-malware : http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware : http://www.superantispyware.com/ -
My phone want let me download any apps when I put the password in it take me to billing option which tell me I have the wrong security code and that's the security code that was on the card on the account
iTunes Store: My credit card's security code or zip code does not match my bank's records
http://support.apple.com/kb/TS1646 -
My iPad wont let me download apps bc security questions, but when I try to make them it freezes
Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it
The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.
-
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basic secure web
app.
I created an App and created a web project. In it, I deleted the controller, etc
and just have index. jsp. All the index.jsp does is: <%= request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
When I run the app, it just renders the JSP and does not challenge me to login.
Can you please help what is that I am doing wrong here?
Thanks,
John"john hryn" <[email protected]> wrote in message
news:3fce2551$[email protected]..
>
Hi,
I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
app.
I created an App and created a web project. In it, I deleted thecontroller, etc
and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
%>
In web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Success</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>I think you should have dealers instead of *
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>And here too.
</security-role>
In weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment> -
Web Service Security is not working when migrating application from Tomcat
Hi,
We have a application running successfully in tomcat6 It calls a Webservice call through TIBCO BW interface.
When we deployed the same WAR file in Weblogic 10.3.2, it gives me a error on Prefix[ds] not able to locate namespace URI not found error.
IN Tomcat, its a existing application uses AxilUtility to get the soap messages after signing document for bothe encyption and decryption.
Please anybody help me out, is there any other jars needs to be locate in Weblogic to run this application. Its fine with Tomcat and gives error in Weblogic10.3.2
Please help me out
Thanks in advanceHi Rajkumar,
Thanks for you reply. Please let me now if you have any ideas..thnks a lot....
Below is the error message what i am getting through weblogic console.
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.io.IOException: error:weblogic.xml.stream.XMLStreamException: Pr
efix [ds] used without binding it to a namespace URI
at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:744)
at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
at weblogic.xml.xmlnode.XMLNode.readChildren(XMLNode.java:1054)
at weblogic.xml.xmlnode.XMLNode.read(XMLNode.java:742)
at weblogic.xml.xmlnode.XMLNode.readInternal(XMLNode.java:713)
at weblogic.xml.xmlnode.XMLNode.readInternal(XMLNode.java:722)
at weblogic.xml.xmlnode.NodeBuilder.build(NodeBuilder.java:44)
at weblogic.xml.xmlnode.NodeBuilder.<init>(NodeBuilder.java:24)
at weblogic.webservice.core.soap.SOAPEnvelopeImpl.<init>(SOAPEnvelopeImp
l.java:154)
at weblogic.webservice.core.soap.SOAPPartImpl.getEnvelope(SOAPPartImpl.j
ava:200)
... 78 more
java.lang.NullPointerException
at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
at com.db.alat.wss.WSSClient.postSoapMessage(WSSClient.java:358)
at com.db.alat.wss.WSSClient.WSSEncDec(WSSClient.java:102)
at com.db.alat.service.CollateralAccounts.getAccountsSummary(CollateralA
ccounts.java:55)
at com.db.alat.CH.CHMapper.getGroup(CHMapper.java:281)
at com.db.alat.BackingBeans.BorrowerDetailsBean.getClientDataCH(Borrower
DetailsBean.java:1034)
at com.db.alat.BackingBeans.BorrowerDetailsBean.<init>(BorrowerDetailsBe
an.java:766)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
orAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
onstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.sun.faces.mgbean.BeanBuilder.newBeanInstance(BeanBuilder.java:186
at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:106)
at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:368)
at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:222)
at com.sun.faces.el.ManagedBeanELResolver.getValue(ManagedBeanELResolver
.java:86)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:143)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELRe
solver.java:72)
at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:68)
at com.sun.el.parser.AstValue.getValue(AstValue.java:107)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
And i have the loggers which gives the system out statements. You can identify the difference in both logs is the sys out ...Convert Signed Document back to Soap Message.
IN tomcat i am getting the return object after calling the method
SOAPMessage signedMsg = (SOAPMessage) AxisUtil.toSOAPMessage(signedDoc);
But in Weblogic i am getting NULL. You can c in SOAPMessageImpl[SOAPPartImpl[null]]
Tomocat Logs:
Message Context..................1.........................org.apache.axis.MessageContext@c393a1
2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Unsigned Envelop............2.........................<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><RqDetail xmlns="http://schemas.db.com/esb/emf/pwm/ALAT/Services/CLIENT-getCandidateCollateralAccounts-RR" xmlns:cli="http://schemas.db.com/esb/emf/pwm/ClientElements" xmlns:com="http://schemas.db.com/esb/emf/pwm/CommonAggregates" xmlns:com1="http://schemas.db.com/esb/emf/pwm/CommonElements">
<cli:ClientID BusinessUnit="CH">7cf8e78f86212a65398d50766de95a762318d3eee1350c1105d4b751825a690b</cli:ClientID>
<cli:ClientType>B</cli:ClientType>
<com:Field>
<com1:Name>INITIALPAGE</com1:Name>
<com1:Value>YES</com1:Value>
</com:Field>
</RqDetail></SOAP-ENV:Body></SOAP-ENV:Envelope>
2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) DOCUMENT is .......:[#document: null]
2011-04-21 05:35:56,906 8672 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) KEYSTORE is .......:java.security.KeyStore@127fa03
2011-04-21 05:35:57,078 8844 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................3.........................
2011-04-21 05:35:57,094 8860 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................4.........................
2011-04-21 05:35:57,297 9063 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Signed Document is .......:[#document: null]
2011-04-21 05:35:57,437 9203 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) Convert Signed Document back to Soap Message .......:[email protected]33662
2011-04-21 05:35:57,469 9235 INFO [com.db.alat.wss.WSSClient] (http-8080-1:) ..................................5.........................
Weblogic Logs:
Message Context..................1.........................org.apache.axis.MessageContext@460d4
2011-04-26 01:15:45,859 2640 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Unsigned Envelop............2.........................<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><RqDetail xmlns="http://schemas.db.com/esb/emf/pwm/ALAT/Services/CLIENT-getCandidateCollateralAccounts-RR" xmlns:cli="http://schemas.db.com/esb/emf/pwm/ClientElements" xmlns:com="http://schemas.db.com/esb/emf/pwm/CommonAggregates" xmlns:com1="http://schemas.db.com/esb/emf/pwm/CommonElements">
<cli:ClientID BusinessUnit="CH">2b285aa27f1899d87de00f04099506ad24aaf1c18b0b6b071a8acd19b1732fb9</cli:ClientID>
<cli:ClientType>B</cli:ClientType>
<com:Field>
<com1:Name>INITIALPAGE</com1:Name>
<com1:Value>YES</com1:Value>
</com:Field>
</RqDetail></SOAP-ENV:Body></SOAP-ENV:Envelope>
2011-04-26 01:15:45,875 2656 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) DOCUMENT is .......:[#document: null]
2011-04-26 01:15:45,875 2656 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) KEYSTORE is .......:java.security.KeyStore@167d3c4
2011-04-26 01:15:45,984 2765 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................3.........................
2011-04-26 01:15:46,016 2797 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................4.........................
2011-04-26 01:15:46,234 3015 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Signed Document is .......:[#document: null]
2011-04-26 01:15:46,313 3094 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) Convert Signed Document back to Soap Message .......:SOAPMessageImpl[SOAPPartImpl[null]]
2011-04-26 01:15:46,328 3109 INFO [com.db.alat.wss.WSSClient] ([ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)':) ..................................5......................... -
How to disable IE Security Warning on opening a "local" visio file with Visio Viewer ActiveX?
Hello all,
Everyone knows that Microsoft released ActiveX based Visio Viewer for free and allow the users to open Visio drawing and view/print via IE browser.
The problem that I am facing is that some users are complaining about IE browser's security warning on "active content to run in files on My Computer".
It means that opening .VSD files from the network, internet, intranet would be all OK but if the user wants to open .VSD files from the local hard drive (or open it as a mail attachment, which will extract it to a temp folder), it prompt the user to select "Allow Blocked Content" EVERYTIME they open them.
I know that I can GLOBALLY disable this warning by going through Tools - Internet Options - Security section and enable "Allow active content to run in files on My Computer" but I hope that there is a way (or workaround) to allow them by file type or location, etc.
Questions:
1. Is there any way to disable those warning for all .VSD only while we still UNCHECK the option on Internet Options?
2. Is there any 3rd party Win32 based viewer which wouldn't have those restriction?
3. Is it safe assumption that McAfee VirusScan and Host IPS protection is sufficient enough to remove the IE's security warning feature?
Thanks in advance?
Young-Are you able to host/launch the VSD file via an HTM page? In that case you can format the HTM page as shown below. This will trick IE into thinking it is loading the file off of a website. Commonly called 'mark of the web'.
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=(0014)about:internet -->
<html>
</html> -
I only sign in to iTunes' store about once a week or so. But during each of my last 3 attempts (on different days, several days apart) on my first attempt to enter my password and hit submit, I am immediately told that my Apple account has been locked for security reasons and it wants to take me to a page to reset my 'forgotten' password. I am using the CORRECT password.
Perhaps someone else is trying to break into my account or is mis-entering theirs but my account should not be getting locked like this. It is very frustrating to have to go through the reset password procedure each and every time I want to go into the store. It seems to me that Apple really doesn't want me to buy any more apps from them as they keep refusing me entry into my own account, each and every time I have tried to use it, for the past few weeks. I am not their best customer, but they aren't giving me much of a welcome invitation to become one, if I'm going to be treated like this.
I just bought my iPhone 4 less than 2 months ago. I paid extra money to upgrade early, just to get this phone because it was so highly recommended by everyone I spoke with in different stores (BestBuy and Verizon). I even bought the 2 year upgrade to my Apple services in case I needed to ever call them, and so far I haven't had to, yet. But I definitely will call them if this isn't straightened out.
It looks like this other user could be tracked and an email could be sent to them from Apple to let them know what they are doing - trying to sign into the wrong account, and are locking somebody else out of their own account because of their error....and to remind them of their correct information or how to get it and to write it down or save it somewhere so they don't keep on doing this.
I have seen literally DOZENS of other people in these discussions with exactly the same issue that I'm having so it is NOT an isolated incident, and it seems to be a growing problem as Apple's sales and user base continues to grow, so this problem is seriously needing to be addressed in some way, and soon, before they start losing new customers because of it. If I was still within my original 14 day return period with this phone, I would definitely be returning it and buying an Android model because of how frustrating this is to me. If my bank was doing this to me, I'd have already switched banks by now if they hadn't fixed it - just to give an example of how I feel about this.For what it's worth, you posted this in 2011, and here in 2014 I am still having this same issue. Over the last two days, I have had to unlock my apple account 8 times. I didn't get any new devices. I haven't initiated a password reset. I didn't forget my password. I set up two factor authentication and have been able to do the unlocking with the key and using a code sent to one of my devices.
That all works.
It's this having to unlock my account every time I go to use any of my devices. And I have many: iMac, iPad, iPad2, iPad mini, iPhone 5s, iPod touch (daughter), and my old iPhone 4 being used as an ipod touch now. They are all synced, and all was working just fine.
I have initiated an incident with Apple (again) but I know they are just going to suggest I change my Apple ID. It's a simple one, and one that I am sure others think is theirs. I don't want to change it. I shouldn't have to. Apple should be able to tell me who is trying to use it, or at least from where.
Thanks for listening,
Melissa -
How can multiple users save passwords securely on a shared computer
there are three people in my house that all use the same laptop to access the internet and have all been using the save passwords feature... i have just discovered that in the security preference any of us can see the others passwords. the only way i can see of hiding this is with a master password but as we would all need to know the master password that wouldnt really work. how can i hide everyones passwords from everyone else?
You would have to run separate profiles.
This article explains how it works: [[Managing profiles]] -
Office 2013: where the heck are the security updates hiding?
I built a deployment for Office 2013 yesterday. The source files were downloaded from Microsoft, with SP1 integrated. This is *not* a "Click to Run" deployment. I used the Office Customization Tool to make a few changes (we're
not using OneDrive, so that piece isn't getting installed. I disabled the "First Run" and Customer Experience stuff, and disabled RSS Feeds and SharePoint integration. And I put in our volume license key. Overall it's a pretty vanilla
build.)
I wanted to include all available security updates since SP1 has been released, and stick them into the "Updates" folder of my deployment. So after I installed Office 2013 x64 on my Windows 7 x64 system (the base package that I built installs
just fine), I went to Windows Update to see what was available. There is nothing there. I rebooted, and tried again. Still nothing. If I go into one of the Office 2013 apps, and go to File -> Account, I do *not* have any "Update"
buttons or options.
If I go to Windows Update in my Control Panel, and click "Change Settings", I have two things checked. "Give me recommended updates the same way I receive important updates", and "Allow all users to install updates on this
computer." There are no other options to look for alternative Microsoft products, or at least no options that I can find. This is Windows 7 x64 SP1, fully patched.
I know that there have been security updates released for Office 2013 since SP1 came out in February 2014. I manually downloaded a security patch for Lync 2013, and installed that MSP onto this test system with no
issues. So there are applicable security updates out there. So why in the world can't I find the updates through the normal mechanisms? Ideally, we'd want for end users to be able to install security updates manually in an
emergency, but either I'm missing something, or that is not possible in Office 2013. Hopefully distributing Office 2013 updates through SCCM will work, but from what I'm seeing so far, I'm not sure the machines will be "detected" as having
Office 2013, because right now it can't even scan itself against Windows Update for that product.
Thanks for any input...I'm quite baffled at how the update routine is supposed to be functioning in Office 2013. I think the missing link is why I can't choose to search for "other" Microsoft products from the Windows Update panel.
The option/checkbox is totally gone.Hi,
By default Windows Update only updates Windows itself. To get updates for Office and for any other Microsoft products as well, you will need to upgrade your Windows Update to Microsoft Update.
On Windows Update panel, click "Find out more" link to install Microsoft Update.
Hope this helps.
Thanks,
Ethan Hua CHN
TechNet Community Support -
A unix-like security question?
Something happened on my Mac the other day, that kind of scared me. First, a little bit about my home setup.
I have a small smtp mailserver running on my desktop Mac for family members - a big whoppin' five accounts. Three of the five of us live at home, two don't and remotely access email via SSL-enabled imap and SSL-enabled smtp. There is a laptop computer at home that accesses the imap and smtp servers on ports 143 and a non-standard smtp port. Traditionally, it has been used at home only, so I don't require SSL because it runs inside a WPA-protected wireless channel. Its mailserver info, set up in Mail.app, uses {computerName}.local as its mailservers. So, no access from outside my local WLAN. I also get my foreign mail, virus-scanned and spam-assassinated, from an MX agent that downloads that traffic to me on that same non-standard smtp port. For what it's worth, outbound smtp from the home mailserver is via port 25.
On the desktop Mac, I also have ssh running, but on a non-standard port, and in sshd_config, I specify protocol 2 only, root login disabled, no password/no PAM authentication, only DSA public key authentication. In NetInfo Manger, I keep the root account disabled.
On the Mac, in System Prefs' Sharing firewall, I have the non-standard smtp port, imap, imaps, non-standard port ssh, ard and vnc (so I can run CotVNC from the laptop at home), and afp (also for the laptop at home) open for uinvited traffic. Also ntp (probably don't need that since I'm not running a time server), and dns (for reasons discussed below). On my DSL router, I only have the non-standard smtp and ssh ports, and the imapS ports open. (When outside my home WLAN, on a foreign network, I port-forward VNC and afp over ssh if I want to do one of those things)
So anyways, for the benefit of the laptop, I enabled DNS on the desktop, so that I could change the laptop's Mail.app's accounts' preferences to point to the same imaps and smtp server using my external WAN host name, whether it was inside or outside my home LAN (inside the home LAN, the laptop couldn't resolve my external domain name, and outside the home LAN, {computerName}.local was not routable). But by enabling DNS, I could reference my external host name to my 192.168.x.x IP address, and the laptop would find the server inside the home LAN, as well as find it outside the home LAN (by virtue of services like DynDNS and NoIP DNSs resolving it to my ISP-assigned dynamic external WAN IP). For what its worth, yes, the laptop's mail preferences enabled SSL for both smtp and imaps, so SSL would be used even inside the WPA-protected channel, just as my users that don't live at home have SSL enabled as they network .
Now for the scary part: the other day, while at home and with the laptop affiliated to my home wireless (WPA-protected) LAN, I ssh'ed into my desktop computer. Either the ssh connection or the desktop computer was running dirt slow. For some reason, I decided to do a tcpdump, and I saw all kinds of traffic going out to hosts all over the world.
After the fact, I think it was just my DNS talking to the sixteen or so root servers, although none of the tcpdump entries used names like "a.root-servers.net" -- there was stuff with an army.mil, a nasa.gov, etc. I think I remember seeing something with a "umd.edu" in it, which there is a commented entry in /var/named/named.ca that has that has a "umd.edu" in it, so that's why I am thinking that my DNS was just gabbing with a bunch of root servers. Not sure why it was gabbing with them since I can't think of any reason why it would have been trying to do name resolutions or anything. At the time, seeing all these packets being initiated by my computer and being sent worldwide freaked me out.
But what really freaked me out is when I control-C'ed the tcpdump and did a "users" to see who or what might be generating them and saw my username and ... root! Repeating the "users" command a few times more, and it still showed "root" as one of the active users. I immediately ran to the computer and pulled the DSL plug out of the wall, and tried to figure out what was going on. I've got HenWen running, and didn't see anything outside of the usual unicast ARP warnings. After thinking that it might be DNS itself, I disabled DNS just to see what sort of traffic I would see in a tcpdump. Just local subnet broadcasts and arp requests. I have not re-enabled DNS yet.
And the story gets better: a day or two later, I glance at my System Preferences firewall settings, and the firewall was OFF! Fortunately, the DSL modem's firewall was still on, only allowing uninvited inbound imaps, smtp, and ssh traffic. I don't remember ever turning off the desktop's firewall, and no one else uses that computer -- they all hop on the laptop, plus they don't know the admin password anyways. So that was a little freaky, too, but, I'll assume for now that I must have inadvertently turned it off when I was doing something, and never turned it back on.
My immediate question is, if you have DNS turned on, would it ever do anything as root, and hence, show up as an active user in response to a "users" command? And not that there were any (/var/cron/tabs) cron jobs scheduled to be active at that particular time, but if there were a /var/cron/tabs/root job actively running, would root then show up as an active user in response to a "users" command?
Signed,
Scared!Hi J.V.
First, I have to say that yours is an impressive setup. If you're not a sysadmin, you certainly could be. Also, you have a knowledge of much of this that surpasses mine so I may be of no help. However, I do use the "who" command to see if anyone has broken in and I've never seen the root user listed.
There are doubtless more processes running as root on a typical system than those running as the user logged into the GUI. However, none of those root processes are the result of a login. I believe that the "users" and "who" commands only report users that are logged in. I don't see the root user with the "who" command even if I create a root shell with sudo. Although I don't know this for a fact, I don't believe that it should be possible to see the root user with the "who" command if the root account is disabled in NetInfo. By the way, I recommend the "who -u" command to the "users" command as it provides quite a bit more information. When I login to my machine via SSH, the domain name of the remote host is included in the output of the "who" command.
There was a situation on Panther where the root user could be listed in NetInfo Manager as disabled when it was actually enabled. I don't believe that is possible in Tiger but you can check with the command,
nicl . -read /users/root
If the password is only a single asterisk or ideally the authentication_authority string contains ";DisabledUser;", the root user should really be disabled.
I can see that you're quite knowledgeable about networking and comfortable with tools that examine packets. However, there are methods of intrusion detections that aren't directly network related. They may be of use in your situation.
The simplest is the /var/log/secure.log. Acquisition of root privileges via sudo does show up in this log but there may be enough information about the circumstances to determine which uses of root privileges are normal.
A more complex method is process accounting. This records every command executed on the system. It provides information similar to the "who" command but doesn't provide the arguments that were used in executing the command nor any process IDs. If you actually do discover unusual activity real time, a full dump of process information with the "ps" command can provide a useful complement to the information recorded by process accounting. You can turn on process account simply by creating a /var/account/acct file and executing:
sudo accton /private/var/account/acct
You can read the result with the command:
sudo lastcomm
I should warn you that process accounting shouldn't be left on without developing a log rotation mechanism for the above file as it can grow large rather quickly.
The mechanism for doing for system what Snort does for the network is Security Auditing. This system was developed by Sun and distributed by Apple for OS X in their Common Criteria Tools. To understand the the output of auditing and to customize the configuration requires at least as much study as mastering snort. It can also output a lot of information. However, like Snort, it is the ultimate at what it does.
There is a minor rootkit for Mac OS X named Opener. Unlike a "real" rootkit it is easy to detect if you know what you're looking for. In reported versions, there is a StartupItem in /Library/StartupItems named "opener". I would check that directory for any unusual StartupItem.
Gary
~~~~
Adam was but human--this explains it all. He did not want
the apple for the apple's sake, he wanted it only because
it was forbidden. The mistake was in not forbidding the
serpent; then he would have eaten the serpent.
-- Mark Twain, "Pudd'nhead Wilson's Calendar" -
I want to use the Apple TV to create an interactive white board type setting in the classroom. I appreciate the help.
My first reply was probably a bit vague but it's not clear exactly what you're planning to do.
Anyhow first off, remember this is simply a user to user forum and is not an Apple staffed technical advice area so no one here can accept any responsibility for the implementation you attempt.
If you intend to do anything that could potentially compromise patient confidentiality you must get appropriate advice from suitable agencies including your IT dept and probably Apple itself. Depending which country you are in you will be subject to local healthcare laws aimed at protecting patient confidentiality.
As users we know next to nothing about AppleTV under the hood security.
AppleTV runs a version of iOS just like iPhones and iPads.
There is no antivirus/firewall software for iOS as it's already pretty locked down.
That does not mean it is 100% secure as nothing is, and all these devices can potentially be hacked.
AppleTV itself does not store any content permanently, losing data when it's unplugged, so that is probably not an issue unless someone was going to attempt a forensic style data rescue from the internal components.
If your IT dept allows iPhones or iPads on the network then in principle it's the same, and in many ways less of an issue as it doesn't support 3rd party apps, only a small selection of features from Apple and selected partners.
I assume for your whiteboard plan this would entail using a touch screen like an iPad for mirroring. Be aware that fullscreen mirroring will send a 4:3 image to the display as the iPad screen is 4:3 not 16:9 (widescreen).
You need to work with your IT dept to assess the feasibility of what you want to do - unless you need internet access, to me it would seem a standalone local network without internet connectivity might remove some concerns about devices connecting to the main hospital network. Maybe their concern is simply wifi and possible interecption of data sent to the AppleTV - this would likely be a proprietary screen sharing format for Airplay but it could still potentially be intercepted on wifi though I can't really see why anyone would want to as the data would probably be pretty useless to them unless this was a specific attempt to capture Airplay streams and people knew what they were doing and had compromised your wifi security.
Good luck.
AC -
"securely" use one ethernet interface for WAN and other for the LAN
I am reconfiguring our dual 2.7 Intel Xserve running MacOSXServer 10.5.4, and had a question.
Is it possible (or advisable) to use en0 to perform LAN services, and then configure en1 to only allow access to very limited service. VPN, FTP, CALDAV and later Mail.
I imagine that this is possible via a firewall configuration, but first I do not know how to specify interface in addition to ports, and second I don't know how advisable this would be.
Currently I have a DSL package from ATT with 5 static IP addresses. I have an Airport Extreme set up as one of those addresses providing DHCP and NAT to the LAN. I am using the LAN ports on the back of that to bridge my three switches (2 managed [clients and oce print server 100 base-T] and 1 unmanaged [ laser printers and copier 10 base-T]).
I have the LAN based on 192.168.0.x, with the Xserve at 192.168.0.5. I have DNS configured and working (Thank you Antonio Rocco)
I have 20 LAN clients, 18 mac 1 PC and one PC via Parallels. I will have no more than 1 or 2 WAN clients at any one time
I provide AFP, SMB, Directory Services currently. As part of the reconfigure, I desire to take better advantage of the collaboration tools to provide wikis and CALDAV services. I also want to allow our employees to publish their individual calendars, so that they can subscribe to them at home, or vice versa.
I would like to configure VPN, one for me to access configurations when I am away using Remote Desktop (I have used command line to some extent, but still feel more comfortable with the GUI tools) and second for limited access to content for certain users.
It would also be very helpful for us to have a FTP site. It is unnecessary for this the be a FQDN service, sending the IP address is perfectly acceptable as we only use a service like this 10-15 times a year.
(Related but unimportant in the grand scheme, is there a way to generate a link to the FTP server that you could email that not only is a link, but also a temporary username and password?)
Thank you in advance,
Ion WebsterFirst, I missed a zero in the network speeds, I have two managed GbE switches that have all of the GbE capable machines connected to them, and an unmanaged GbE switch that has all the 10 or 100Base-T connections. My apologies for the mistake. That was one of the reasons I went with the GbE capable Airport to bridge the switches.
Ok, I had been leaning towards a separate hardware firewall, but here is also where there is a hole in my knowledge. Do I need to look at something like the Linksys RVS4000 which bills itself as a +"4-Port Gigabit Security Router with VPN. Secure, smart Gigabit networking for growing business"+ I would like easy configuration, as I take care of these systems in addition to my job, rather than full time. This will be the first time I have set up a VPN connection, so even though I have spent a lot of time researching the manuals, and reading Schoun Regan (Apple Training Series) I don't have real world experience here. So if I buy more hardware, I want it to be the product that will provide the protection, and also allow me to configure it so that I can get these services running. All my VPN clients are running Macs, most on an AIrport connection and have their IP ranges in the 10.0.1.x range. all but one is on OS 10.5.x so I have a fairly homogeneous set of machines to make work together.
I will review the links you provided regarding static routing, but I do believe the hardware solution is a better one, and wish to pursue it, for all the reasons you give, and that in the brief perusal of the links, it is more than I want to tackle.
As far as FTP vs sFTP, I have no preference. I simply want a way to have online storage for transfer of large files on occasion. Ideally I want a folder, or a series of folders that are accessible for my LAN users to put items in and take them out, and for my (s)FTP users to do the same
So long story short, the hardware solution I would like to purchase, I need to be able to do the following:
VPN connections for content access and ARD access ( knew about and will ensure differing IP ranges)
(s)FTP
Calendar publishing
mail(at a later time)
Thank you for your help thus far.
Ion Webster -
For some reason, an old iD is stuck on my phone. My iPhone 4s is nearly filled with documents and data, to the point where I cannot take pictures, and I can't reset it without using this old iD. I don't know why this is now popping up instead of the one I am registered with. I gained access to the old email the iD is under, but none of the iTunes emails are coming in so I assume it is set up under a different email. For the security question of birthdays, I tried every household member's birthday, and none worked. I have tried the password we used on that account when it was active, along with every other possiblility. I don't know what to do anymore and I have very limited use of my phone if I don't get this sorted out and deleted from my phone.
Thank you for any help!Not without password.
-
My old email account is disabled and I can't remember my itunes password - how can I reset my password or move $ to a new itunes/email account? It seems I must have mis-typed my account information because I can't answer the security questions correctly...
➡ https://iforgot.apple.com/
Maybe you are looking for
-
Hi everyone, I'm having some trouble with Facebook for iPhoto. I recently migrated my buisness profile to a Page, per Facebook's rules, so when I log-in, I only have my Page. I connected the e-mail and password with iPhoto and have been trying to upl
-
Table for finding out the User details
Hi All, We need to create a KPI for number of hours a user has looged into a system. Is there any specific table where all the user related information is captured.If the information is not present in a table where can we find the above information?
-
Generating 32 bit code on 64bit system
redhat el4 update 3, 2.6.9-34.ELsmp on a sun w2100z With the Solaris x86 compiler the default is 32 bit code even on a 64 bit system. Is a way to get 32 bit code generated on a 64bit system with the Linux version? Other than running on a 32 bit syste
-
Error 407 Azure notification hubs
I am trying to configure ios push notifications on Azure Notification hubs. I know I have everything done right because I have done this before and I have a checklist. But for some reason it's failing without any logical explanation. The error I get
-
HttpURLConnection -- getting error 502 passing ftp url w embedded password
I am connecting to http proxy server which supports cern ftp. I specify the -DftpProxySet command line options to point java to the http proxy. I specify a ftp url like following and it works OK: ftp://machine.company.com/readme.txt it works fine. Bu