SERIOUS PRIVACY/SECURITY CONCERN. Easy access to private files when iPhone stolen.

Similar Messages

• Unable to access my .xls file in iPhone or iPad using Icould drive. Request help.

  I installed iCloud drive in my mac and saved a .xls file to be viewed and used with my iPad and iPhone. Though these devices are upgraded to IOs8 and Icloud drive is 'on' in these devices, I am unable to access this particular file in iPad or iPhone. Request help on how to open, view and amend files thru iPhone or Ipad.

  Do you have Excel installed on your iPad and iPhone? https://itunes.apple.com/us/app/microsoft-excel/id586683407?mt=8

• Concerned about losing 7 Express files when installing Logic 8

  Will my Logic Express 7 files be deleted or corrupted when I install Logic 8?
  From, "Before You Install Logic Studio":
  WARNING: If you have installed Logic Express or Logic Pro 7 on your computer, the Logic Studio installer will delete some of the files in the Logic 7 factory content folder: Files with names identical to the default Logic 7 factory content files are deleted. Files with different names are moved to a new folder, called Previous Logic Settings. Logic Studio uses a new location for impulse response settings; Logic Pro 7 impulse response files remain unaffected. An existing installation of the Logic Express or Logic Pro 7 application will not be deleted by Logic Pro 8, allowing you to continue working with it.

  Corrupted? I don't see why it would corrupt files per se. But if you want to be totally safe about things, make a backup first. Don't just install the new software and "hope for the best", cuz Murphy's Law is guaranteed to take effect. Back up first, install new software, play around with it. If something ends up sounding funky or whatever you can always access your original files from the backup.

• Apache access to private files, security question . . .

  could someone explain how to keep files hidden from the
  public but still available to be read by apache server. my website
  appears to have the www root under a public_html file, which makes
  sense, since that's where a lot of the display pages are, but if
  the root is public, how can you be certain that admin pages are
  secure, even if they are in a password protected file?

  On 03 Mar 2007 in macromedia.dreamweaver.appdev, hconnorjr
  wrote:
  > could someone explain how to keep files hidden from the
  public but
  > still available to be read by apache server. my website
  appears to
  > have the www root under a public_html file, which makes
  sense, since
  > that's where a lot of the display pages are, but if the
  root is
  > public, how can you be certain that admin pages are
  secure, even if
  > they are in a password protected file?
  The Apache server can read files from anywhere in the
  filesystem it has
  access to, including above the public_html/ directory. On
  many
  systems, you'll find public_html's physical location to be
  something
  like /home/username/public_html/. A lot of systems are set up
  such
  that, say, a cgi directory on that same system would be
  /home/username/cgi-bin/. The server uses those files, even
  though
  they're outside the site root.
  I think that your actual question might be how to password
  protect a
  page or a directory? In that case, it depends on how secure
  you want
  it and on how many username/password pairs you want. If it's
  only a
  few, look into using htaccess/htpasswd; if it's more than
  that,
  Dreamweaver's Help files (F1) have information about setting
  up
  password-protected pages.
  Joe Makowiec
  http://makowiec.net/
  Email:
  http://makowiec.net/email.php

• New server with same software allows access to private files

  I purchased a new mac mini with Snow leopard server software and had the Apple Store transfer data from the old server (also Snow leopard) to the new mini. The server only stores files at this time and acts as a Central File Server. Before the transfer, we had individual file folders on the server which were accessible only by the owner of that folder. Now, however, the folders are all open to anyone who has access to the Central File Server. How can I limit access to each one of the six personal folders on our Central FIle Server?

  Check the permissions settings on the folders in Server Admin. My first guess is that the "Others" permissions are set to Read Only or Read and Write.

• Accessıng NAS files from iPhone and iPad

  Hello,
  İ do have the WD my book live duo, until now I have always accessed my files via the APP (WD2go)
  recently I had my cousin visiting and he was able to access my files on my Book live duo
  just by connectıng to my network without the use of the APP. İs ıt possıble on the iPad or iPhone?
  Many Thanks

  The question is what was your cousing using to access?
  A computer can access the NAS directly without needing an APP, and a different type of device may have built in features to access NAS drives.
  The iPad and iPhone do not have these features, and so require the App to access it.

• Two VMs and exclusive write access to one file

  How can one guarentee exclusive write access to a file when two vms want to write to it?
  I looked at
  http://developer.java.sun.com/developer/JDCTechTips/2003/tt0304.html#2
  However, I am not sure whether a race condition could happen or not.
  (I thinking like:
  if file is not writable, change to writeable,
  else if file is writable, wait for a while and check again.
  write what you want
  change file back to not writeable.
  Is there some OS level exclusive access thing we can take advantage of? The follow up question would be, what about system crashes?
  Thanks.

  The problem with what you describe is that two JVMs
  could discover the file is not writeable at the same
  time, and then change it to writeable. You need some
  sort of action which can only be successfully
  completed by one JVM. Here's an idea:
  Create a dummy file which represents a "lock" (only
  one JVM may hold the lock). When a JVM wants the
  lock, it attempts to delete the file. This can only
  succeed for one JVM. Once you have the lock, you do
  your business and then restore the file.http://java.sun.com/j2se/1.4/docs/api/java/io/File.html#delete()
  not bad. It's a false situation too.
  However, deadlock can happen if the other VM goes down while the lock is taken.

• Security.Cryptography - The specified path is invalid. while accessing the private key stored in LocalMachine store

  Hello,
  I have C# dll which is invoked through a C++ cgi executable which is deployed on apache 2.2. I am getting the following error when I am trying to access the private key of a certificate which is stored in the Localmachine store. It works fine while
  debugging in visual studio.
  It also works fine when I try to access the same certificate from the current user store through apache.
  I have tried running apache as "SYSTEM", even then I get the same error.
  I have followed the right process to import the certificate into the localmachine store through mmc. 
  Error Message:
  The specified path is invalid.
   caused by mscorlib
     at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
     at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
     at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
     at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
     at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
     at SamlImplLib.SamlImpl.GetSamlResponse(String sInParamXml, String sInAttrXml)
  The above error is not really helpful as it doesnt tell me which path is invalid as I am not passing any path in my code. I am just accessing the certificate through the X509Certificate2 store
  Thanks in advance

  Hi,
  This is probably because the worker process identity does not have read permission to the machine key store.
  And I agree with you. "The specified path is invalid" is a typical misleading message.
  You may need to clarify the difference between "SYSTEM- User" and "Current-user "through apache. Good Luck!
  Best regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Serious Privacy Issue On Vdo Calling

  Posts
  Outbox
  Privacy Issues On Encryption in Pakistan
  From: Burraq
  To: privacy
  Sent: 8:45 PM
  Read: Not Yet Read
  Me And My Wife Use To Talk On Video Callings On Skype And Imo.im But I Have Some Serious
  Concerns About My Privacy.
  (1) I lives In Pakistan.Is Skype Encryption Is Really Not Work here Due To Govt Security Concern Or This Software Builtin Encrypted System?
  (2) Our Video Callings After Call,Saves Some Where ..Or Tap By Others like Govt Agencies ?
  (3) Does Skype Save Our Callings Or It May Be Recorded by Others, if Encryption does't Support For Voip Calling In Pak Then Our Video Callings Are Not Secured and No More Private?
  Please Answer......

  Posts
  Outbox
  Privacy Issues On Encryption in Pakistan
  From: Burraq
  To: privacy
  Sent: 8:45 PM
  Read: Not Yet Read
  Me And My Wife Use To Talk On Video Callings On Skype And Imo.im But I Have Some Serious
  Concerns About My Privacy.
  (1) I lives In Pakistan.Is Skype Encryption Is Really Not Work here Due To Govt Security Concern Or This Software Builtin Encrypted System?
  (2) Our Video Callings After Call,Saves Some Where ..Or Tap By Others like Govt Agencies ?
  (3) Does Skype Save Our Callings Or It May Be Recorded by Others, if Encryption does't Support For Voip Calling In Pak Then Our Video Callings Are Not Secured and No More Private?
  Please Answer......

• Windows Server 2008 R2 RRAS NAT Security Concerns

  Recently we are deploying Windows Server 2008 R2 as the NAT gateway of our private network. During the testing, we found that the RRAS was doing its job as the NAT gateway,
  however it seemed that hosts in the private network were allowed to access any listening port opened on the server side (2008 R2). In the normal scenario, the server side will have the process "wininit.exe" running and listening on the TCP port 49152.
  We confirmed that all hosts in the private network were be able to connect to TCP port 49152 opened on the server (connecting by using the NAT's public IP), which introduced lots of security concerns and made us nervous. Since the server is acting as a NAT,
  IP packets sent by hosts in the private network will be translated and forwarded as if it is generated by the NAT server itself. Thus, the windows firewall will not block the connection at all while dealing with "local" traffic, which actually is
  the traffic from the host in the private network.
  What we need is a mechanism that can block the hosts in the private network to access the TCP/UDP ports opened on the NAT server side. Since the NAT server has it IP on
  the public network assigned dynamically (DHCP), static IP filtering on the private NIC does not fit our needs (Or probably we may use some hidden but advanced filter settings?). Which policy or setting should be used in our case?

  Hi Daniel,
  I am aware of what you are suggesting. Actually I have active the windows firewall to protect the server.
  Suppose I have a network configuration as follows:
  Private Network: 192.168.149.0 / 255.255.255.0 (Private NIC on server side IP:192.168.149.1)
  --------------Windows 2008 R2 RRAS NAT--------------------
  Public Network: 10.1.0.0 / 255.255.255.0 (Public NIC on server side IP:10.1.0.100 )
  The problem is that while the windows firewall is effectively protecting my server by filtering inbound traffic from the public network, the windows firewall will not filter the traffic from
  192.168.149.0 /255.255.255.0  to  10.1.0.100 (NAT's public IP)
  The reason is that the TCP/UDP connection from the private network (192.168.149.0 / 255.255.255.0) to any other networks will be NATed. Suppose TCP connection from
  192.168.149.23:50000 -> 10.1.0.100:1023
  It will be translated by NAT and becomes
  192.168.149.23:50000 <-NAT-> 10.1.0.100:60100 -> 10.1.0.100:1023
  From the windows firewall's point of view, the connection is essentially a 'local' TCP connection and should be allowed regardless of any inbound filtering rules. So vulnerability is introduced. After some research, we are almost sure that the windows firewall
  does not filter local traffic. Also, we are not able to guarantee any firewalls on the client side to be installed, since the nature of a NAT server is to provide such network access ability to clients and should not require the client side to change its configuration.
  I do think it is a common security concern in lots of enterprise networks where Windows Servers are deployed as NAT servers. Would you mind help us address this issue and give us some advice about best-practices related?
  Thank you

• Privacy/Security Issue with Adobe Flash 10

  Not sure if anyone has noticed this or not, but there is a
  bizarre (if minor) privacy/security issue with Adobe Flash Player
  10. I came across it while attempting to upload a file to Flickr.
  Previous versions of AFP do not exhibit this problem.
  Specifics: using Firefox 3.x, Vista.
  The problem: When Flickr calls the "open file" dialogue in
  Flash 10 (in order to upload files) via the "Upload Photos and
  Videos" link, at the bottom of the dialogue, to the right of the
  "File Name" box, sits a common UI element that brings up a dropdown
  menu of what appear to be (or at least are supposed to be) recently
  viewed or downloaded or accessed files. Actually I'm not sure how
  Flash 10 compiles or accesses this list of files, but at any rate,
  a list of files come up.
  The problem is that, as far as I can tell, the list of files
  that come up reference a long list of files, some that are very old
  and that no longer exist, and that there is no way that I can find
  to clear the list. This is a minor security/privacy issue, as
  generally there should be a way to prevent a dialogue from
  displaying a long list of past-accessed files by clearing a cache
  somewhere or other -- imagine if it was impossible to clear the
  history of a web browser, for example -- this would be considered a
  pretty significant privacy issue. I have tried everything from
  flushing the browser cache to uninstalling and reinstalling the
  browser to uninstalling and reinstalling Adobe Flash to using the
  Flash Settings Manager to clear out the Flash saved sites to
  turning off Vista indexing to clearing out Vista's Recent Items
  list. None of these actions did anything to clear out this list of
  files. I can find no references to these files anywhere when I use
  Vista Search (with unindexed and system files searched as well),
  and I can find no reference to the files anywhere in the registry
  (I checked just in case Flash 10 was storing this index in some
  really bizarre place.) I've linked to a screenshot below of what
  I'm talking about -- most of the files listed below were deleted a
  long, long time ago, and so I have no idea why this dialogue refers
  to them.
  Screenshot
  Is there a simple work-around for this that I'm unaware of?
  Even if there is, there needs to be some more obvious way to clear
  out this list. Where is this information being stored, and what
  criteria does this list use to "put a file on the list"?

  Thanks for putting me on the right scent. That's what I'd
  originally thought, too -- it's just that the file-> open dialog
  was giving an entirely different list of files with other
  applications, so I assumed that it must be Flash that was the
  culprit. Turns out the reason it was different with Flickr was
  because it was restricting the file results via a long string of
  video and picture filetypes that are compatible with the Flickr
  service.
  It turns out the information I'm looking for is buried deep
  within the registry. The only way to clear out this list of files
  is to delete the following key (or specific subkeys):
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
  Seems more than a little stupid to store such information in
  the registry if security is your concern. Vista beguiles me
  sometimes.

• I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030

  Hello ?? I Have a Security Concern Over the AT&T U-verse Router Pace Plc 5031NV-030 Pace Plc 5031NV-030 Ser # 48131N052034 Hardware Version 2701-000875-004 Software Version 9.8.1.489233-att All someone Needs is a Ethernet cord in his back pocket. Connected to Your Router and They Can Find My "Secure" Network Wireless Key is Visable Just By Typing the Default http://192.168.1.254/ IP for my Gateway, in to a browser device on a portable device, so They Can Next Access My Network without My Permmission Net Time !!!!  This is a Serious Security Concern  on  A&TT's Part !!! AT&T Should Have a Concern Over This Too, I Do All I Can to Prevent Theft of My Intenet Service, But If I have a Guest Visit Me, And I Leave the Room Where This Router is Located, I Will Not Know If This Has Taken Place !!!??   AT&T Should Be Very Concerned in This Regard !!!!

   No, you should be concerned about the friends you have at your place.  If you think they will do that, I'd suggest you get some more trustworthy friends.
  Take some personal responsibility to protect your internet service.
  Personally I only use a wired ethernet connected laptop and have wireless turned off, so that concern is mitigated.
  Chris
  Please NO SD stretch-o-vision or 480 SD HD Channels
  Need Help? PM ATT Uverse Care (all service problems)
  ATT Customer Care(all other problems)
  Your Results May Vary, In My Humble Opinion
  I Call It Like I See It, Simply a U-verse user, nothing more

• Malicious Connections (Security Concerns)

  Hello,
  I registered an account here hoping to get in contact with someone who understands the internals of skype a bit better than I do.
  Here is my major concern:
  So maybe someone can explain to me why random TCP connections are able to pierce my stateful firewall and have to be trapped by peerblock? The scary thought that my computer is initiating connections with random IP addresses the whole time Skype is running is not appealing at all. And what about the random uninitiated UDP traffic? This happens constantly while Skype is running and stops immediately when it is closed. Why is this happening, is it necessary, can I shut it off, etc are all questions that I have. You can see from the images above that this all directly corresponds to Skype. Any advice on this matter would be greatly appreciated!
  Thanks

  Hi Rick,
  Unless you're making a website for a bank, I wouldn't be concerned about the connection.php file as a vulnerability. You might try giving it a less obvious name or further obscuring it by adding some fake ones in the same directory.
  Other Security Tips:
  Definitely use validation on all form fields. Set max char limits.
  Do not allow HTML or JS in forms if it can be avoided.
  This goes a long way to locking a site down.
  Also, when using levels, DO NOT use obvious level names like '1, 2, 3' pick codenames for the levels which are hard to guess. Otherwise, it's easy to change a user's level through the browser when the level is apart of a 'show if' conditional or a hidden form field.
  Generally, avoid putting any info in cookies also helps.
  If security is a major concern you can add extra code to hide your html and php output (but php is already hidden).
  You can also use HTTPS.
  Lastly, you could use custom transactions and only allow access to a page based on the referer, or based on a referer and a token. HTTPS would probably be easier to use than this.
  But if you're really concerned about security, then make use of the history tables which are apart of the user reg wizard and keep an eye on your stats--no sense in worrying about suspicious activity where there isn't any.
  - Mark

• Inheritance and access control - "private protected"

  I'm reopening an old topic, seems to have been last discussed here 2-3 years ago.
  It concerns the concept of restricting access to class members to itself, and its subclasses. This is what "protected" does in C++ and "private protected" did in early versions of the Java language. This feature was removed from Java with a motivation along the lines of not being "simple", and "linear" (in line with the other access modes, each being a true subset of the next). Unfortunately, the article which explained Sun's position on this keyword combination seems to have been removed from the site, so I haven't been able to read its original text.
  But regardless of simplicity of implementation or explaining Java's access modifiers to newbies, I believe it is a fundamental part of OO programming for such an access mode to exist. The arguments for having the standard "private" mode in fact also apply for having a C++-style "protected" mode. (Arguing that classes within a package are related and it therefore doesn't hurt to also give them access to Java's "protected" members, is equally arguing that "private" is unneccessary, which noone of course believes.)
  The whole concept of inheritance and polymorphism and encapsulation builds on the access modes private, protected, and public (in the C++ senses). In Java the "package" concept was added - a nice feature! But I see no justification for it to negate the proper encapsulation of a class and its specializations.

  What effect upon inheritance other than hiding members
  from subclasses is there?
  None. And I cant think of another declaration that prevents members from being inherited but private.
  Of course the onus comes on the programmer with Java's
  definition of "protected" - but
  1) there is rarely a single programmer working within
  a package
  The point was the package is a unit which does not hide from itself. Just like all methods within a class can see each other, all classes within a package can, and all packages within a program can.
  2) it muddies the encapsulation in the design - when
  you see a "protected" method someone else, or yourself
  some time ago - wrote, how do you know if the design
  intention is to have it accessed solely by the class
  and its subclasses, or if it is indeed intended to be
  shared with the whole package? The only way to do
  this today is to always explicitly specify this in the
  comments, which may be lacking, inconsistent, and
  abused (since it isn't enforced).Encapsulation would be implementation hiding. Not method hiding. The only thing you should probably allow out of your package is an interface and a factory anyway.
  I understand where you are coming from, but I really have not had occasion to take issue with it. I can't think of a real codeing situation where this is required. OTOH, I can't think of a coding situation where I need to access a protected method from another class either.

• Inter-AS L2VPN security concern

  hi all,
  i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.

  Hi Ahmad
  Looking at your configuration it seems the setup is as below
  CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
  Is that correct ?
  In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
  Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
  Hope this helps you.
  Regards
  Varma