SSL Security Alert 401747

Similar Messages

• How to disable security alert  coming from ssl?

  Hello friends,
  I am developing an internal site for which i am using SSL for the security of the data.
  But i am getting security alert because iam using an IP address or machine short name in the URL to access it.
  Any other way to disable this alert.
  If it is not possible to disable the security alert can any body guide how to achieve security on the network..
  Which means i want a way to encrypt any given data string with the help of java script and the output encrypted string should be given as a input to the java code(servlet) to decrypt the encrypted string to its original form.
  Please any one help me with the code.
  I will be very thankful to you all.
  Thanks.

  While one of SSL's goals is to protect the transmission of data over networks through encryption, another goal is allow client and server applications to verify the integrity of their connections - by verifying that they are connected to whom the software claims to be. The client application (the browser as an example) does this verification by ensuring that the server site you've accessed in the URL, matches the fully qualified domain name (FQDN) in either the SubjectDN or the AlternateSubjectName extension of the digital certificate being used by the web-server to enable SSL. (Servers can also verify client software connections by asking for a client certificate; unfortunately 99.99% of web-sites do not use this little-known feature).
  If the server uses an SSL certificate called "mysecuresite.company.com", and you access the server as "mysecuresite" or with its IP address, you are, essentially, tripping on the very code in the SSL library designed to protect you - by throwing up a security alert about the site you've just accessed, which tells you that the site you've accessed does not match the name in the digital certificate.
  The simplest way to avoid the security alert is to use the FQDN of the web-server when you access the site. There are other complex ways of solving the problem, but the simplest is often the best. Besides, it will help to educate your users with this simple fact about SSL - you never know when this knowledge might be helpful to them.

• Reader X - Getting Security Alert with a data filled PDF form

  My site uses PDF forms that have their data filled in dynamically by the classic asp code on the site. Before Reader X version, they were filled and displayed without a problem. With Reader X they display the security warning: "Data from this site is blocked to avoid potential security risks....." and the Options button to trust the site. I get this even thoguh it's the same site they are on already and I'm using an SSL cert for all files and I'm also using a direct link to generate the PDF.
  I know the user can just click the options and make the problem go away but many users seem unable to read and or panic when they see the alert.
  Is there a security setting or trust setting I can add or set in my form so that I will not get this security alert??

  No, apart from creating a certified document, but the user would still have to add you as a trusted source. If a document could override this, it would be rather pointless to have it in the first place.

• Exchange 2010/Outlook 2010 Security Alert (...there is a problem with the site's security certificate.)

  I've been looking to resolve this issue for a while now and was hoping someone could help me understand my options.
  We have Exchange 2010 & Outlook 2010 in our environment. I've created a SSL cert for our ActiveSync from a reputable CA and unfortunately, as you may not be surprised, we are seeing an alert each time we open Outlook that states:
  "Security Alert; Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
  The name on the security certificate is invalid or does not match the name of the site."
  Of course my internal server name does not match my external server name. So the SSL I had created for use with OWA and ActiveSync is rejected by my internal Outlook clients.
  After doing some research I believe this is related to the Autodiscover service being configured with my internal server name and not my external name. 
  I've found some info about adding New-AutodiscoverVirtualDirectory and Set-ClientAccessServer commands and then found this article that might help.  (Configure
  Outlook Anywhere to Use Multiple SSL Certificates) but nothing is specific to my configuration and I'm concerned about what will happen to my existing configuration if this fails. 
  What happens when you run Set-ClientAccessServer? Does it retain and keep the old server config in place and add a new one or does it wipe it out? Will all of my devices need to be reconfigured?
  Same with New-AutodiscoverVirtualDirectory.  Does this simply add another virtual directory or is it going to overwrite my existing config?
  Then there is the question of whether or not any of this will actually address my issue at all.
  absolutezero273c

  Sorry.
  "[PS] C:\Windows\system32>Set-ClientAccessServer -Identity MailExt -AutoDiscoverServiceInternalUri "https://MailExt
  .contoso.com/autodiscover/autodiscover.xml"
  The operation couldn't be performed because object 'MailExt' couldn't be found on 'DomainController2.contoso.local'.
      + CategoryInfo          : NotSpecified: (0:Int32) [Set-ClientAccessServer], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : 4D980455,Microsoft.Exchange.Management.SystemConfigurationTasks.SetClientAccessServer"...is the error I get.
  I've created the split zones and populated the Forward Lookup Zones as follows:
  CONTOSO.COM
  MailExt(CNAME)MailInt.contoso.local
  _tcp _autodiscover(SRV)MailExt.contoso.com
  CONTOSO.LOCAL
  MailInt(A)192.168.1.10
  MailExt(CNAME)MailInt.contoso.com
  One thing I did notice is that there isn't a _tcp _autodiscover entry for MailInt in my Forward Lookup Zones.  It was recommended that I make that entry for _tcp _autodiscover(SRV)MailExt.contoso.com in another post I read somewhere.
  I believe what I am trying to do is create a new autodiscover object as is shown here:
  I see there is a Get-ClientAccessServer & Set-ClientAccessServer command but I need to add a CAS. Does the Set-ClientAccessServer add or simply modify?
  Or would that require the New-AutodiscoverVirtualDirectory command? I read
  this page that discussed creating new virtual directories but that seemed a little risky without knowing all the ins and outs of how this service functions and to what degree this would affect the existing configuration.
  I was able to use the Set-ClientAccessServer command and change the actual internal autodiscoverUri to https://MailExt.contoso.com/autodiscover/autodiscover.xml but the name still says MailInt and I continue to get the SSL cert warnings because it is looking
  at MailInt.contoso.local.
  absolutezero273c

• Air application throws security alert every time 'HTTPS' request made to server.

  Have a look at the following screenshot.
  On click of next button, application internally sends an https request. Appliction throws Security Alert dialog. The text can also be seen clearly.
  Strange thing about this alert dialog is that, it appears every time when application send a request in given session.
  If I run the same thing in flex (i.e. in browser), it asks for SSL handshake and that is also only once. So why it is happening here in case of Air.
  Regards,
  Prithvee Zankat.

  Back up all data. From the Safari menu bar, select
  Safari ▹ Reset Safari...
  Check these boxes:
  Clear history
  Remove all website data
  Uncheck all other boxes. Press return. Test.
  If Safari crashes immediately on launch and you can't do as above, hold down the shift key and launch it by clicking its icon in the Dock, then try. Failing that, ask for guidance.

• Exchange 2013 + Outlook 2010, Security Alert

  A small customer has Outlook 2010 connecting to Exchange Server 2013 on a Windows 2008
  R2 server at a remote site. Recently, the users began receiving a security
  alert ("The identity of this web site or the integrity of this connection
  cannot be verified", "The name on the security certificate is invalid
  or does not match the name of the site"). This occurs every time a user
  opens Outlook, and when they click on "Yes" they are able to use
  Outlook normally. <o:p></o:p>
  This problem began not long after 1) the wildcard ssl certificate was renewed and 2)
  Exchange 2013 was updated to the most recent SP and CU. It is noteworthy that
  the PCs being used are not members of the domain. The users also receive this
  error if they use Outlook to connect from their home PCs. <o:p></o:p>
  The Exchange server passes connectivity and autodiscover tests. I have checked all the URLs
  in Exchange Server. I have tried changing authentication, re-enabling the the
  *.domain.ca certificate, I have not been able to reproduce the error on my own
  laptop from the customer's site. <o:p></o:p>
  This problem is not critical, but it is annoying for the users, and I have tried
  just about everything I can find on the Internet to resolve it. <o:p></o:p>
  Any suggestions? <o:p></o:p>

  Hi,
  Please run the following command to set the CertPrincipalName parameter which specifies the Secure Sockets Layer (SSL) certificate principal name required for connecting to Exchange from an external location to have a try:
  Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain.ca
  If the issue persists, please follow the steps below to check Exchange services for the problematic users :
  Open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar -
  Test Email AutoConfiguration. Put your email address - uncheck use guessmart and secure guessmart authentication - click Test to check your Autodiscover service.
  Please collect the information in the Log tab and Results tab.
  Regards,
  Winnie Liang
  TechNet Community Support

• Can not see 5 security alert on OTN

  I can not see following alerts since 5/16/2003 from the URL
  http://otn.oracle.com/deploy/security/alerts.htm
  Could OTN please check to see what happend?
  oracle connection manager control SUID vulnerability
  oracle internet directory buffer overflow vulnerabilities
  oracle internet application server and web/portal vulnerabilities
  oracle enterprise manager backup and recovery vulnerability
  oracle SQL*net and net8 listener vulnerability

  Thanks- this was fixed.
  OTN

• Outlook Security Alert - "the name on the security certificate is invalid or does not match the name of the site"

  Due to our company changing names, we recently moved to a new domain. All users were at first getting a certificate error when opening Outlook "the name on the security certificate is invalid or does not match the name of the site." After our network
  admin made some changes, nobody receives this error anymore except one user. The URL at the top of the security alert is the old domain, mail.olddomain.com. I checked the users Exchange Proxy Settings in Outlook, everything is showing the URL's of the new
  domain so I'm not sure where this is coming from. I'm assuming it has to be something on her local machine since she is the only one who still gets the error.
  Thanks in advance for any help.
  Exchange server 2008
  Outlook 2010

  Hi,
  Please follow all above suggestions to confirm whether the issue happens in OWA. And run Test E-mail AutoConfiguration in Outlook to check whether there is any URL settings using the old domain.
  If the issue doesn’t happen in OWA and your URL configurations are all same as others and set correctly, please create a new Outlook profile to have a try.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Safari is frozen by a fake security alert, how do I resolve?

  Safari is frozen by a fake security alert.  How do I resolve on my MacBook Air using IOS 8.1.2 
  Error Message:
  "Safari - Alert
  Your Browser has been Locked because of Possible Infections found in your Machine. Due to which your Browser Might be Corrupted because of Suspicious Activity found.
  Major Security Issue
  For Immediate Assistance through our Apple Certified Technicians CALL:
  +1-855-337-8048 (Toll Free)"
  Thank you!

  The following comes from user stevejobsfan0123.
  Occasionally, a browser window may pop up with a scam message. Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus, and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. Most of these scammers, if you actually call the number, will ask you to install software giving them remote control over your computer. Do not do this either. This article will outline the solution to dismiss the pop-up.
  Quit Safari
  Though you will probably have to quit Safari, you can first try closing the tab by pressing Command + W. Sometimes, however, these pop-ups will not go away by attempting to close the tab, nor by clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
  Relaunch Safari
  If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
  This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
  None of this Worked!
  If pressing Command + W does not work, and force quitting Safari and restarting the application with the Shift key held down does not get rid of the pop-up you will have to reset Safari. Normally, this can be done by launching Safari, then in the menu bar, going to Safari > Reset Safari. However, most pop-ups of this variety will block access to many of the drop-down menus in the menu bar. You will need to locate a file on the computer and move it to the trash. Make sure you quit Safari first (force quit if necessary).
  To start, open Finder. The press Command + Shift + G, or in the menu bar, select Go > Go to Folder. Type the following file path:
  ~/Library/Preferences
  Look for a file named com.apple.Safari.plist, and drag it to the trash. Then restart your Mac. After it reboots, try launching Safari. A new preferences file should have been automatically created, so no more action is required on your part, and the pop-up should now be gone.
  The Source of the Scam
  In addition to the FBI scam, there are a few webpages with bogus technical support pop-ups or "security alerts," claiming you have a virus as described earlier. These webpages include but are not limited to:
  macsecurityissue.com
  helpmetek.com
  applesecurityalert.com
  websternal.net
  newsalert.report-o.com
  mac-system-alerts.com
  geek-techies.com
  system-connect.com
  instants-pc-fix.com
  flasherrordetector.websiteviruscleaner.com
  safaricontact-help.com
  system-logs.info
  customer-help.in

• Oracle Security Alert #48

  Does Oracle Security Alert #48 (bug 2642117) - Buffer Overflow in DIRECTORY parameter of Oracle9i Database Server effect Oracle 8i v 8.1.6.0 database?
  I know the Oracle Alert states it effects Oracle 8i v 8.1.7, but I'm not sure if that would mean it effects older releases like v 8.1.6.0.
  Thanks

  Some clips:
  "Products Affected
  Oracle9i Database Release 2v, Version 9.2.x
  Oracle9i Database Release 1v, Version 9.0.x
  Oracle8iDatabase,Version 8.1.x
  Oracle8 Database, Version 8.0.x"
  "Currently there are no plans to release a patch for 8.0.5.x, 8.1.5.x, 8.1.6.x."

• Wrong PDF on Security Alerts Page

  On the Security Alerts page (http://otn.oracle.com/deploy/security/alerts.htm) there is a link next to "Buffer Overflow Vulnerability in Oracle9iAS Reports Server Alert #35, 05 June 2002" which links to a document called http://otn.oracle.com/deploy/security/pdf/reports6i_alert.pdf
  This document is actually a copy of the document for a different vulnerability "Buffer Overflow Vulnerability in Oracle Net (Oracle9i Database Server) Alert #34, 05 June 2002"
  Please fix it so we can read about the 9iAS Reports Server Alert!
  Thanks,
  -Otto

  Hi Otto,
  This should now be fixed on OTN but please let us know if you encounter any difficulties.
  Regards,
  OTN Team

• Norton security alert high memory use for a specific file shared by millions

  current version microsoft xp. computer frequently goes into a scan type mode followed by a norton security alert high memory usage. causes major slowdown in system use

  current version microsoft xp. computer frequently goes into a scan type mode followed by a norton security alert high memory usage. causes major slowdown in system use

• HELP - SSL Secure Server Issue (SSL_ERROR_NO_CYPHER_OVERLAP)

  My attempts to enable SSL functionality on my app server has failed. When I hit the site from a browser using "https://servername", this error appears in the app server log:
  [28/May/2003:11:19:55] SEVERE (11476): HTTP3068: Error receiving request from 10.147.82.44 (SSL_ERROR_NO_CYPHER_OVERLAP: no common encryption algorithm(s) with client)
  I have already taken the following steps:
  -generate request from web server
  -obtain cert from CA
  -install cert on web server
  -create https listener on web server
  -enable ssl on web server
  -install CA cert on web browser
  -lowered encryption level on app server (SSL2, SSL3 in addition to SSL3/TLS)
  Anybody experience something similar? Any tips?

  You can check the <b>ssl</b> and <b>tls</b> prefs on the about:config page.
  If any ssl or tls pref is bold (user set) then right-click that pref and choose "Reset" to reset the pref to the default value.
  Paste this regular expression in the Search bar at the top of the about:config page:
  *<b>/security.*ssl|security.*tls/</b>
  You can open the <b>about:config</b> page via the location/address bar.
  You can accept the warning and click "I'll be careful" to continue.
  *http://kb.mozillazine.org/about:config
  You can also try to delete the cert8.db file in the Firefox profile folder to remove all intermediate certificates that Firefox automatically stores when you visit a web server.
  You can use this button to go to the currently used Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Open Containing Folder
  *http://kb.mozillazine.org/Profile_folder_-_Firefox

• Java error - Oracle Security Alert for CVE-2010-4476

  I have come across this security alert described at http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.htm l
  In summary - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number.
  This vulnerability affects:
  Java SE
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux
  JDK 5.0 Update 27 and earlier for Solaris 9
  SDK 1.4.2_29 and earlier for Solaris 8
  Java for Business
  JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux
  JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux
  SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux
  Java for MacOS X 10.6 update 3 updates Java to SE 6 to version 1.6.0_22.
  Is anyone aware of new Java update for Mac that will fix this problem? If one doesn't exist, does anyone know when a new update will be available?
  Thanks.

  Hi Hussein,
  have you applied this? Please can you update?
  Our environment: 11.5.10.2 (9.2.0.7)running on HP-UX PARISC. We are using Jinitiator. We are not yet migrated to J2SE Plugin.
  So, since the sercurity patch is for JRE, is that still required for our environment?
  Please advise?
  Edited by: oraDBA2 on Feb 13, 2011 9:12 PM

• TNS Listener Poison attack : Oracle Security Alert for CVE-2012-1675

  Hi,
  I'm looking to implement the following oracle document about COST but not sure what we need to do for Standby Environment ,
  Can you guys please advise.
  Oracle Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
  Oracle Security Alert for CVE-2012-1675
  Thanks

  user097815 wrote:
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners.