SERIOUS PRIVACY/SECURITY CONCERN. Easy access to private files when iPhone stolen.
I've just realised that when your iPhone is stolen, anyone with a working computer with iPhoto or Preview and an iPhone cable can download your pictures and videos without any trouble. There is no option in your iPhone to block it from being recognised as a camera when connected to a computer. Any computer, trusted or not, can access your iPhone's personal data.
Um.. I don't think so. IF you have a passcode on the device, any computer that you have not connected the device to before will not be able to access the contents of the device.
Similar Messages
-
I installed iCloud drive in my mac and saved a .xls file to be viewed and used with my iPad and iPhone. Though these devices are upgraded to IOs8 and Icloud drive is 'on' in these devices, I am unable to access this particular file in iPad or iPhone. Request help on how to open, view and amend files thru iPhone or Ipad.
Do you have Excel installed on your iPad and iPhone? https://itunes.apple.com/us/app/microsoft-excel/id586683407?mt=8
-
Concerned about losing 7 Express files when installing Logic 8
Will my Logic Express 7 files be deleted or corrupted when I install Logic 8?
From, "Before You Install Logic Studio":
WARNING: If you have installed Logic Express or Logic Pro 7 on your computer, the Logic Studio installer will delete some of the files in the Logic 7 factory content folder: Files with names identical to the default Logic 7 factory content files are deleted. Files with different names are moved to a new folder, called Previous Logic Settings. Logic Studio uses a new location for impulse response settings; Logic Pro 7 impulse response files remain unaffected. An existing installation of the Logic Express or Logic Pro 7 application will not be deleted by Logic Pro 8, allowing you to continue working with it.Corrupted? I don't see why it would corrupt files per se. But if you want to be totally safe about things, make a backup first. Don't just install the new software and "hope for the best", cuz Murphy's Law is guaranteed to take effect. Back up first, install new software, play around with it. If something ends up sounding funky or whatever you can always access your original files from the backup.
-
Apache access to private files, security question . . .
could someone explain how to keep files hidden from the
public but still available to be read by apache server. my website
appears to have the www root under a public_html file, which makes
sense, since that's where a lot of the display pages are, but if
the root is public, how can you be certain that admin pages are
secure, even if they are in a password protected file?On 03 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr
wrote:
> could someone explain how to keep files hidden from the
public but
> still available to be read by apache server. my website
appears to
> have the www root under a public_html file, which makes
sense, since
> that's where a lot of the display pages are, but if the
root is
> public, how can you be certain that admin pages are
secure, even if
> they are in a password protected file?
The Apache server can read files from anywhere in the
filesystem it has
access to, including above the public_html/ directory. On
many
systems, you'll find public_html's physical location to be
something
like /home/username/public_html/. A lot of systems are set up
such
that, say, a cgi directory on that same system would be
/home/username/cgi-bin/. The server uses those files, even
though
they're outside the site root.
I think that your actual question might be how to password
protect a
page or a directory? In that case, it depends on how secure
you want
it and on how many username/password pairs you want. If it's
only a
few, look into using htaccess/htpasswd; if it's more than
that,
Dreamweaver's Help files (F1) have information about setting
up
password-protected pages.
Joe Makowiec
http://makowiec.net/
Email:
http://makowiec.net/email.php -
New server with same software allows access to private files
I purchased a new mac mini with Snow leopard server software and had the Apple Store transfer data from the old server (also Snow leopard) to the new mini. The server only stores files at this time and acts as a Central File Server. Before the transfer, we had individual file folders on the server which were accessible only by the owner of that folder. Now, however, the folders are all open to anyone who has access to the Central File Server. How can I limit access to each one of the six personal folders on our Central FIle Server?
Check the permissions settings on the folders in Server Admin. My first guess is that the "Others" permissions are set to Read Only or Read and Write.
-
Accessıng NAS files from iPhone and iPad
Hello,
İ do have the WD my book live duo, until now I have always accessed my files via the APP (WD2go)
recently I had my cousin visiting and he was able to access my files on my Book live duo
just by connectıng to my network without the use of the APP. İs ıt possıble on the iPad or iPhone?
Many ThanksThe question is what was your cousing using to access?
A computer can access the NAS directly without needing an APP, and a different type of device may have built in features to access NAS drives.
The iPad and iPhone do not have these features, and so require the App to access it. -
Two VMs and exclusive write access to one file
How can one guarentee exclusive write access to a file when two vms want to write to it?
I looked at
http://developer.java.sun.com/developer/JDCTechTips/2003/tt0304.html#2
However, I am not sure whether a race condition could happen or not.
(I thinking like:
if file is not writable, change to writeable,
else if file is writable, wait for a while and check again.
write what you want
change file back to not writeable.
Is there some OS level exclusive access thing we can take advantage of? The follow up question would be, what about system crashes?
Thanks.The problem with what you describe is that two JVMs
could discover the file is not writeable at the same
time, and then change it to writeable. You need some
sort of action which can only be successfully
completed by one JVM. Here's an idea:
Create a dummy file which represents a "lock" (only
one JVM may hold the lock). When a JVM wants the
lock, it attempts to delete the file. This can only
succeed for one JVM. Once you have the lock, you do
your business and then restore the file.http://java.sun.com/j2se/1.4/docs/api/java/io/File.html#delete()
not bad. It's a false situation too.
However, deadlock can happen if the other VM goes down while the lock is taken. -
Hello,
I have C# dll which is invoked through a C++ cgi executable which is deployed on apache 2.2. I am getting the following error when I am trying to access the private key of a certificate which is stored in the Localmachine store. It works fine while
debugging in visual studio.
It also works fine when I try to access the same certificate from the current user store through apache.
I have tried running apache as "SYSTEM", even then I get the same error.
I have followed the right process to import the certificate into the localmachine store through mmc.
Error Message:
The specified path is invalid.
caused by mscorlib
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at SamlImplLib.SamlImpl.GetSamlResponse(String sInParamXml, String sInAttrXml)
The above error is not really helpful as it doesnt tell me which path is invalid as I am not passing any path in my code. I am just accessing the certificate through the X509Certificate2 store
Thanks in advanceHi,
This is probably because the worker process identity does not have read permission to the machine key store.
And I agree with you. "The specified path is invalid" is a typical misleading message.
You may need to clarify the difference between "SYSTEM- User" and "Current-user "through apache. Good Luck!
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Serious Privacy Issue On Vdo Calling
Posts
Outbox
Privacy Issues On Encryption in Pakistan
From: Burraq
To: privacy
Sent: 8:45 PM
Read: Not Yet Read
Me And My Wife Use To Talk On Video Callings On Skype And Imo.im But I Have Some Serious
Concerns About My Privacy.
(1) I lives In Pakistan.Is Skype Encryption Is Really Not Work here Due To Govt Security Concern Or This Software Builtin Encrypted System?
(2) Our Video Callings After Call,Saves Some Where ..Or Tap By Others like Govt Agencies ?
(3) Does Skype Save Our Callings Or It May Be Recorded by Others, if Encryption does't Support For Voip Calling In Pak Then Our Video Callings Are Not Secured and No More Private?
Please Answer......Posts
Outbox
Privacy Issues On Encryption in Pakistan
From: Burraq
To: privacy
Sent: 8:45 PM
Read: Not Yet Read
Me And My Wife Use To Talk On Video Callings On Skype And Imo.im But I Have Some Serious
Concerns About My Privacy.
(1) I lives In Pakistan.Is Skype Encryption Is Really Not Work here Due To Govt Security Concern Or This Software Builtin Encrypted System?
(2) Our Video Callings After Call,Saves Some Where ..Or Tap By Others like Govt Agencies ?
(3) Does Skype Save Our Callings Or It May Be Recorded by Others, if Encryption does't Support For Voip Calling In Pak Then Our Video Callings Are Not Secured and No More Private?
Please Answer...... -
Windows Server 2008 R2 RRAS NAT Security Concerns
Recently we are deploying Windows Server 2008 R2 as the NAT gateway of our private network. During the testing, we found that the RRAS was doing its job as the NAT gateway,
however it seemed that hosts in the private network were allowed to access any listening port opened on the server side (2008 R2). In the normal scenario, the server side will have the process "wininit.exe" running and listening on the TCP port 49152.
We confirmed that all hosts in the private network were be able to connect to TCP port 49152 opened on the server (connecting by using the NAT's public IP), which introduced lots of security concerns and made us nervous. Since the server is acting as a NAT,
IP packets sent by hosts in the private network will be translated and forwarded as if it is generated by the NAT server itself. Thus, the windows firewall will not block the connection at all while dealing with "local" traffic, which actually is
the traffic from the host in the private network.
What we need is a mechanism that can block the hosts in the private network to access the TCP/UDP ports opened on the NAT server side. Since the NAT server has it IP on
the public network assigned dynamically (DHCP), static IP filtering on the private NIC does not fit our needs (Or probably we may use some hidden but advanced filter settings?). Which policy or setting should be used in our case?Hi Daniel,
I am aware of what you are suggesting. Actually I have active the windows firewall to protect the server.
Suppose I have a network configuration as follows:
Private Network: 192.168.149.0 / 255.255.255.0 (Private NIC on server side IP:192.168.149.1)
--------------Windows 2008 R2 RRAS NAT--------------------
Public Network: 10.1.0.0 / 255.255.255.0 (Public NIC on server side IP:10.1.0.100 )
The problem is that while the windows firewall is effectively protecting my server by filtering inbound traffic from the public network, the windows firewall will not filter the traffic from
192.168.149.0 /255.255.255.0 to 10.1.0.100 (NAT's public IP)
The reason is that the TCP/UDP connection from the private network (192.168.149.0 / 255.255.255.0) to any other networks will be NATed. Suppose TCP connection from
192.168.149.23:50000 -> 10.1.0.100:1023
It will be translated by NAT and becomes
192.168.149.23:50000 <-NAT-> 10.1.0.100:60100 -> 10.1.0.100:1023
From the windows firewall's point of view, the connection is essentially a 'local' TCP connection and should be allowed regardless of any inbound filtering rules. So vulnerability is introduced. After some research, we are almost sure that the windows firewall
does not filter local traffic. Also, we are not able to guarantee any firewalls on the client side to be installed, since the nature of a NAT server is to provide such network access ability to clients and should not require the client side to change its configuration.
I do think it is a common security concern in lots of enterprise networks where Windows Servers are deployed as NAT servers. Would you mind help us address this issue and give us some advice about best-practices related?
Thank you -
Privacy/Security Issue with Adobe Flash 10
Not sure if anyone has noticed this or not, but there is a
bizarre (if minor) privacy/security issue with Adobe Flash Player
10. I came across it while attempting to upload a file to Flickr.
Previous versions of AFP do not exhibit this problem.
Specifics: using Firefox 3.x, Vista.
The problem: When Flickr calls the "open file" dialogue in
Flash 10 (in order to upload files) via the "Upload Photos and
Videos" link, at the bottom of the dialogue, to the right of the
"File Name" box, sits a common UI element that brings up a dropdown
menu of what appear to be (or at least are supposed to be) recently
viewed or downloaded or accessed files. Actually I'm not sure how
Flash 10 compiles or accesses this list of files, but at any rate,
a list of files come up.
The problem is that, as far as I can tell, the list of files
that come up reference a long list of files, some that are very old
and that no longer exist, and that there is no way that I can find
to clear the list. This is a minor security/privacy issue, as
generally there should be a way to prevent a dialogue from
displaying a long list of past-accessed files by clearing a cache
somewhere or other -- imagine if it was impossible to clear the
history of a web browser, for example -- this would be considered a
pretty significant privacy issue. I have tried everything from
flushing the browser cache to uninstalling and reinstalling the
browser to uninstalling and reinstalling Adobe Flash to using the
Flash Settings Manager to clear out the Flash saved sites to
turning off Vista indexing to clearing out Vista's Recent Items
list. None of these actions did anything to clear out this list of
files. I can find no references to these files anywhere when I use
Vista Search (with unindexed and system files searched as well),
and I can find no reference to the files anywhere in the registry
(I checked just in case Flash 10 was storing this index in some
really bizarre place.) I've linked to a screenshot below of what
I'm talking about -- most of the files listed below were deleted a
long, long time ago, and so I have no idea why this dialogue refers
to them.
Screenshot
Is there a simple work-around for this that I'm unaware of?
Even if there is, there needs to be some more obvious way to clear
out this list. Where is this information being stored, and what
criteria does this list use to "put a file on the list"?Thanks for putting me on the right scent. That's what I'd
originally thought, too -- it's just that the file-> open dialog
was giving an entirely different list of files with other
applications, so I assumed that it must be Flash that was the
culprit. Turns out the reason it was different with Flickr was
because it was restricting the file results via a long string of
video and picture filetypes that are compatible with the Flickr
service.
It turns out the information I'm looking for is buried deep
within the registry. The only way to clear out this list of files
is to delete the following key (or specific subkeys):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
Seems more than a little stupid to store such information in
the registry if security is your concern. Vista beguiles me
sometimes. -
I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030
Hello ?? I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030 Pace Plc 5031NV-030 Ser # 48131N052034 Hardware Version 2701-000875-004 Software Version 9.8.1.489233-att All someone Needs is a Ethernet cord in his back pocket. Connected to Your Router and They Can Find My "Secure" Network Wireless Key is Visable Just By Typing the Default http://192.168.1.254/ IP for my Gateway, in to a browser device on a portable device, so They Can Next Access My Network without My Permmission Net Time !!!! This is a Serious Security Concern on A&TT's Part !!! AT&T Should Have a Concern Over This Too, I Do All I Can to Prevent Theft of My Intenet Service, But If I have a Guest Visit Me, And I Leave the Room Where This Router is Located, I Will Not Know If This Has Taken Place !!!?? AT&T Should Be Very Concerned in This Regard !!!!
No, you should be concerned about the friends you have at your place. If you think they will do that, I'd suggest you get some more trustworthy friends.
Take some personal responsibility to protect your internet service.
Personally I only use a wired ethernet connected laptop and have wireless turned off, so that concern is mitigated.
Chris
Please NO SD stretch-o-vision or 480 SD HD Channels
Need Help? PM ATT Uverse Care (all service problems)
ATT Customer Care(all other problems)
Your Results May Vary, In My Humble Opinion
I Call It Like I See It, Simply a U-verse user, nothing more -
Malicious Connections (Security Concerns)
Hello,
I registered an account here hoping to get in contact with someone who understands the internals of skype a bit better than I do.
Here is my major concern:
So maybe someone can explain to me why random TCP connections are able to pierce my stateful firewall and have to be trapped by peerblock? The scary thought that my computer is initiating connections with random IP addresses the whole time Skype is running is not appealing at all. And what about the random uninitiated UDP traffic? This happens constantly while Skype is running and stops immediately when it is closed. Why is this happening, is it necessary, can I shut it off, etc are all questions that I have. You can see from the images above that this all directly corresponds to Skype. Any advice on this matter would be greatly appreciated!
ThanksHi Rick,
Unless you're making a website for a bank, I wouldn't be concerned about the connection.php file as a vulnerability. You might try giving it a less obvious name or further obscuring it by adding some fake ones in the same directory.
Other Security Tips:
Definitely use validation on all form fields. Set max char limits.
Do not allow HTML or JS in forms if it can be avoided.
This goes a long way to locking a site down.
Also, when using levels, DO NOT use obvious level names like '1, 2, 3' pick codenames for the levels which are hard to guess. Otherwise, it's easy to change a user's level through the browser when the level is apart of a 'show if' conditional or a hidden form field.
Generally, avoid putting any info in cookies also helps.
If security is a major concern you can add extra code to hide your html and php output (but php is already hidden).
You can also use HTTPS.
Lastly, you could use custom transactions and only allow access to a page based on the referer, or based on a referer and a token. HTTPS would probably be easier to use than this.
But if you're really concerned about security, then make use of the history tables which are apart of the user reg wizard and keep an eye on your stats--no sense in worrying about suspicious activity where there isn't any.
- Mark -
Inheritance and access control - "private protected"
I'm reopening an old topic, seems to have been last discussed here 2-3 years ago.
It concerns the concept of restricting access to class members to itself, and its subclasses. This is what "protected" does in C++ and "private protected" did in early versions of the Java language. This feature was removed from Java with a motivation along the lines of not being "simple", and "linear" (in line with the other access modes, each being a true subset of the next). Unfortunately, the article which explained Sun's position on this keyword combination seems to have been removed from the site, so I haven't been able to read its original text.
But regardless of simplicity of implementation or explaining Java's access modifiers to newbies, I believe it is a fundamental part of OO programming for such an access mode to exist. The arguments for having the standard "private" mode in fact also apply for having a C++-style "protected" mode. (Arguing that classes within a package are related and it therefore doesn't hurt to also give them access to Java's "protected" members, is equally arguing that "private" is unneccessary, which noone of course believes.)
The whole concept of inheritance and polymorphism and encapsulation builds on the access modes private, protected, and public (in the C++ senses). In Java the "package" concept was added - a nice feature! But I see no justification for it to negate the proper encapsulation of a class and its specializations.What effect upon inheritance other than hiding members
from subclasses is there?
None. And I cant think of another declaration that prevents members from being inherited but private.
Of course the onus comes on the programmer with Java's
definition of "protected" - but
1) there is rarely a single programmer working within
a package
The point was the package is a unit which does not hide from itself. Just like all methods within a class can see each other, all classes within a package can, and all packages within a program can.
2) it muddies the encapsulation in the design - when
you see a "protected" method someone else, or yourself
some time ago - wrote, how do you know if the design
intention is to have it accessed solely by the class
and its subclasses, or if it is indeed intended to be
shared with the whole package? The only way to do
this today is to always explicitly specify this in the
comments, which may be lacking, inconsistent, and
abused (since it isn't enforced).Encapsulation would be implementation hiding. Not method hiding. The only thing you should probably allow out of your package is an interface and a factory anyway.
I understand where you are coming from, but I really have not had occasion to take issue with it. I can't think of a real codeing situation where this is required. OTOH, I can't think of a coding situation where I need to access a protected method from another class either. -
Inter-AS L2VPN security concern
hi all,
i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.Hi Ahmad
Looking at your configuration it seems the setup is as below
CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
Is that correct ?
In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
Hope this helps you.
Regards
Varma
Maybe you are looking for
-
Error while changing the sales order
hi, Thanks in advance.i am trying to change already created sales order in va02.system is throwing an err "the sales document cannot be blocked".my purpose is to create a delivery with reference to this sales order..when i try to create delivery wit
-
Calling a method from another file
This is pretty basic stuff but i can't seem to get it right. I am calling a method from another file. The other file IS located in the same folder BUT when i compile i get errors "cannot find symbol" <===referring to limit and sieve i believe. The me
-
Windows 7 and iTunes 9.02 Cannot Skip Tracks
I can hit "play" and hear a song but cannot skip a track. When I hit the skip track button, it just stops playing. Any thoughts on how to fix this?
-
Hi, All my client needs to archive Data in SAP 8.8 each year having only 1 year completed.Can we archive data less than 3 year? Thanks in Advance
-
Something simple which won't compile
I downloaded the new beta, why won't the following code compile (copied from 1.5 in a nutshell)? Thanks import java.util.ArrayList; public class Test public static void main(String[] args) ArrayList<Integer> list = new ArrayList<Integ