Thread security issues

Similar Messages

• I have several times tried to stop following a thread in the PDF's forum about security issues and i still keep getting flooded with emails from this thread. I used the action within the thread that says stop following but appears to have no effect I stil

  I have several times tried to stop following a thread in the PDF's forum about security issues and i still keep getting flooded with  emails from this thread. I used the action within the thread that says stop following but appears to have no effect I still keep  getting from 5 to 20 emails daily. Please help!!!!!!!

  This may be helpful: How do I disable email notifications?

• About "kernel.exec-shield" and "because they will bring security issue" for linux ASE

  In " ASE Quick Installation Guide for Linux", "kernel.exec-shield=0" and  “kernel.randomaize-va-space=0” should be set.
  But SuSE engineers say that  “kernel.exec-shield=0”and “kernel.randomaize-va-space=0” will bring the OS security issue.
  Customer want to know why ASE need the above parameters ?
  Has anybody the idea for customer's question?

  If the parameters are not set as documented, attempts to start additional engines beyond the first one will fail, generating stack traces.
  ASE acts in many ways like it's own operating system, scheduling individual user connections (spids) to actively run (note that ASE was developed well before native threading was commonly available).  Each spid has it's own stack information that gets swapped in when it is set to "running" state on the engine and swapped out when it yields the engine.  The mechanics of this is not that different from the buffer overrun exploits described in the Red Hat document linked to by the
  install guide, http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
  and the exec-shield mechanics definatately interfere ASE's operations when ASE is using multiple dataserver processes (engines) that swap spids around.
  -bret

• RDBMS non-thread-safe issue

  <snip>
  This (as you probably know) is due to the fact that the code provided by
  most of the DB vendors is not thread safe.
  <snip>
  Sean's comment, above, speaks to an issue that is causing some concern
  within my (large - 180 projects in development) organisation.
  May I please ask the forum if there are others out there who have an
  understanding of / concern with this "problem"?
  My perception (quite possibly flawed) of the "problem" is that the RDBMS
  cannot multi-thread data access objects. So we find ourselves in a situation
  where we can achieve scaleability in just about all other
  performance-sensitive areas of a system's technical architecture (we're
  using DCE -- but have found that Encina is not advisable except where there
  is a true requirement for heterogeneous distributed 2 phase commit, which we
  don't often see.....) but when we go to hit on the RDBMS, we go back to good
  ole single-threading.
  In certain circumstances, this shortfall of RDBMS technology -- I won't
  mention any names, of course, but the initials are "Oracle" -- seems to be
  hindering our achievement of a desired technical architecture.
  Is this a "Pro*C / PL/SQL stored procedures" problem or is it something that
  is in the RDBMSs' DNA?
  How can we get around it?
  Any comments?
  Regards
  Jon

  Jon
  I agree. But it is the best solution within the constraints of existing
  technology. At least we don't use a process per client. 10 replicated
  copies of a service could service the needs of 100 clients.
  Eric
  >
  At 13:15 6/09/96 EST, you wrote:
  Eric
  Thanks for your response. Yep. I realise that the issue I've presented is
  clearly not something that Forte causes or is responsible for in any way.
  Forte can, as you've pointed out, actually help in this area. But I don't
  think that getting Forte to spawn another instance of a data access server
  is really the best solution. Ie, that's not what we tend to have in mind
  when we think about "scaleability". The best solution is -- perhaps -- to
  get the RDBMS people to thread-safe all code and libraries. I have pointedly
  asked Oracle for a position on this -- and got the usual blank stare.
  I also considered whether people might get upset at me for posting what is
  clearly a non-Forte-specifc question in a Forte forum. But then I went ahead
  and did it anyway. Justification being (assumption follows) that the kind of
  people who hang out on the Forte forum may tend to be more
  architecture-oriented than your run of the mill VB / SQL*Net / PL/SQL stored
  procedures kinda guy/gal, and may be using or considering Forte (plug for
  Forte follows) precisely because it clearly enables a superior architecture.
  Should proably post to the comp.database.oracle forum, but I just don't know
  them as well.
  Regards
  Jon
  From: Eric Gold
  To: McLeod, Jon
  Cc: [email protected]
  Subject: Re: RDBMS non-thread-safe issue
  Date: Friday, 6 September 1996 11:21AM
  Jon
  In response to this message.....read below...
  Sean's comment, above, speaks to an issue that is causing some concern
  within my (large - 180 projects in development) organisation.
  May I please ask the forum if there are others out there who have an
  understanding of / concern with this "problem"?
  My perception (quite possibly flawed) of the "problem" is that the RDBMS
  cannot multi-thread data access objects. So we find ourselves in a situation
  where we can achieve scaleability in just about all other
  performance-sensitive areas of a system's technical architecture (we're
  using DCE -- but have found that Encina is not advisable except where there
  is a true requirement for heterogeneous distributed 2 phase commit, which we
  don't often see.....) but when we go to hit on the RDBMS, we go back to good
  ole single-threading.
  In certain circumstances, this shortfall of RDBMS technology -- I won't
  mention any names, of course, but the initials are "Oracle" -- seems to be
  hindering our achievement of a desired technical architecture.
  Is this a "Pro*C / PL/SQL stored procedures" problem or is it something that
  is in the RDBMSs' DNA?
  How can we get around it?
  Any comments?Jon,
  Go ahead ask the Forum any questions you want. This "problem"
  is not a problem in Forte. What we allow you to do is "replicate" your
  data access services so that each one runs inside its own
  process. Each one of these processes (aka partitions) has its
  own connection to the database. The routing to the replicated
  partitions is transparent to the clients. Clients send a
  message like "DatabaseService.GetCustomer()" and then the Forte
  router sees which replicated copy of the service is not currently
  processing a request and routes it to that free replicate. You
  can dynamically increase or decrease the number of replicated
  copies of the service easily.
  We call this feature "load balancing" in Forte. It is achieved
  by checking a box in the data access service object definition.
  You can dynamically increase/decrease the number of replicates
  and also dynamically move replicates to other nodes in the environment.
  This approach assumes that you are using application driven
  security and not database security. Each replicated copy
  of the service is using the same generic username/password
  to connect to the database.
  I am forwarding this answer to forte-users because others
  might not completely understand this feature.
  Eric
  Eric Gold
  Technical Director
  Forte Australia
  Voice: 61-2-9926-1403
  Fax: 61-2-9926-1401
  Eric Gold
  Technical Director
  Forte Australia
  Voice: 61-2-9926-1403
  Fax: 61-2-9926-1401

• Security issues faced by users of unsupported OS versions?

  Since Tiger users will relatively soon be in the same situation, I'm wondering what kinds of security issues 10.3.9 users have been faced with now that Panther has for some time not been supported by Apple (including no more security updates). I posted the following in the Tiger Forum, but I'd really appreciate hearing what your experience has been. (BD Aqua in Tiger thought issues simply to do with getting around the Internet would be more the problem than safety).
  I realize I will, sooner or later, have to buy a new Mac and install a more current version, but I would like to postpone this as long as possible. Thanks.
  http://discussions.apple.com/thread.jspa?threadID=2033860&tstart=0
  Now that S Leo has been officially announced for release in September, a question I've been meaning to ask for a while. What do we Tiger stalwarts have to look forward to in terms of security issues once there are no more security updates, and when, presumably, there are no more new browser versions or updates for soon to be archaic PPC and Tiger? (PPC, I realize, is a separate issue). Will we be, to put it simply, screwed and will it become impossible to safely navigate the internet? I realize the browser issues will probably arrive somewhat later than the OS security issues, since there will continue to be secure third party browsers, at least for a while.
  Since we will, relatively soon, be in a similar position, I'm wondering how the folks still running 10.3.9 are >managing with this? (Might post this over there, too.)

  Most security updates fix holes in the system that can be exploited by hackers. However, hackers are mostly interested in gaining access to systems that have something of value. An individual's system has virtually nothing of value worth a hacker's time and effort. It's far easier for them to get what they want via Internet phishing exploits, but such exploits cannot be fixed by security releases. They require effort on the part of the user to be careful about sites they visit and clicking on links they know nothing about thus providing information about themselves such as social security and/or banking numbers. No amount of security patches will help you with this.
  Most security patches recently issued relate to holes in Safari with a couple for the system. These are obscure holes that require hackers to have intimate knowledge of the software to exploit them. None of these exploits have been known to be used in the field. Rather they have been demonstrated as a way of exposing their existence so they can be fixed.

• Security issues in upgrade

  Can any body tell me what will be the security issues may commonly come after a upgrade
  Thanks in advancd

  I am sorry. wron place to post. I am moving this thread to security.

• Security issue? BB Bridge 2.1.0.32 and .24

  Hi,
  I don't know if this is a security issue, but I find it strange.
  What happened? 
  I had access to my smartphone's email app from the Playbook and was able to read the mail, before I entered my PIN-code (sim access, not the BB-pin), after reboot of the smartphone (just installed Bridge 2.1.0.32).
  I'm assuming the PIN also should not only protect access to a network, but also to the smartphone itself. 
  This is possible with BB Bridge 2.1.0.32 and .24.
  Should this be 'normal' or not?
  What is RIM's intended design at this point?

  ON the 9800, delete the Bridge app from Options > Device > Application Management.
  Do a simple reboot on the BlackBerry in this manner: With the BlackBerry device POWERED ON, remove the battery for a minute, and then reinsert the battery to reboot.
  Then, download and again install the Bridge app from AppWorld.
  On the PlayBook, delete the current pairing with the 9800,
  Restart the PlayBook by touching the battery icon at the upper right > Restart.
  once the 9800 is rebooted per above, re-pair and try again.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  You will need to contact Snapfish to find out their system requirements and which plugin you need
  - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Security Issue with Apple ID

  Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
  Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

  oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely.  here's a faq about it:
  http://support.apple.com/kb/HT5570
  once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha!  victory is mine.

• My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

  My account was deleted for security issues. I made a new account, but I can't syncronise my apps with this new account. I bought a new Iphone and would like to transfer the apps ans music on this new one. Can somebody help me?

  Why would you make a new account?  This will likely cause many problems.  Just get you old account enabled.
  Apple ID: "This Apple ID has been disabled for security reasons" alert appears
  Frequently Asked Questions About Apple ID
  Everything you purchased with the old account will always be tied to that account.  You will have to authorize the computer for that account and you will have to update the apps from that account.

• HT5642 I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  I need to update iOS 6.1.3 on my iPad2 to 6.1.6, due to security issue. Why is no update available? I do NOT want to install iOS 7, due to memory limitations.

  Any upgrade will be to the most recent, compatible version, in this case 7.0.6.

• Bit locker security issues (easy to crack) disk encryption?

  Bit locker security issues (easy to crack) disk encryption?
  Problem 1: When the PC run I think its too easy to get  malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
  youtube.com/watch?v=0npTlOq6q_0
  Problem2:not resistant with bruteforce attacks
  youtube.com/watch?v=zvaJxnvbGic
  Problem 3: not resistant with boot hacking
  Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think  It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
  need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
  attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
  tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).

  Where is your question, sir?
  If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
  "Problem 3" is not clear, please describe what scenario you are talking about.

• Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

  Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
  Some have no problem accessing the lesson plans.
  Most when they login click on a lesson plan and an icon shows up that says loading but never does.
  If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
  Think Central support says this is a security issue with Firefox.
  I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
  I have allowed the pop ups to the think Central web site.
  Any help would be appreciated

  Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
  Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.