What are the security implications of having JAVA running on my Mac Book Pro?

Similar Messages

• What are the benifits of pairing my ipad/iphone with my mac book pro

  thanks

  Having a secure backup in case the wireless devices fail in some way, downloading and installing large updates.

• What Are the Security Implications of not Completely Signing Database?

  Hello everyone,
  What are the security implications of not completely signing the database?
  From http://www.archlinux.org/pacman/ ,
  The following quote implies that the database exists merely just in case hand tweaking is necessary:
  maintains a text-based package database (more of a hierarchy), just in case some hand tweaking is necessary.
  However, considering that there are cases that pacman's local database needs to be restored, there are implications that the database is essential for pacman to function properly.
  From https://wiki.archlinux.org/index.php/Ho … l_Database :
  Restore pacman's local database
  Signs that pacman needs a local database restoration:
  - pacman -Q gives absolutely no output, and pacman -Syu erroneously reports that the system is up to date.
  - When trying to install a package using pacman -S package, and it outputs a list of already satisfied dependencies.
  - When testdb (part of pacman) reports database inconsistency.
  Most likely, pacman's database of installed software, /var/lib/pacman/local, has been corrupted or deleted. While this is a serious problem, it can be restored by following the instructions below.
  I know that all official packages (from core, extra, community, etc.) are signed so that all files should be safe, but I'm just paranoid.
  What if the database was hacked?  Will this lead to installation of harmful software?
  Sincerely,
  Cylinder57
  Last edited by Cylinder57 (2012-10-15 03:42:31)

  Cylinder57 wrote:
  From this quote:
  Allan wrote:But, the OP (also?) talks about the local package database on his computer.  That is not signed at all as there is no point.  If someone can modify that, then they can regenerate the signature, or just modify any other piece of software on your computer.
  Is it going to be easy for anyone other than the authorized user to modify the local package database?
  Allan basically answered that with the quote above already as I understand it. Someone who has access to the installation, e.g. is able chrooting your PC via USB, is not held back by any ACLs. However, modifying the local database only makes limited sense because the packages are already installed. Pacman would only recheck, if you re-install a package. The only really relevant attack vector for the package database is
  (1) installing an older package with a vulnerability,
  (2) re-placing the up-to-date package sig in the local database with the older one and
  (3) modifying the system, e.g. via pacman.conf excludes, to not update that.
  then also re-installing would not create a sig-error and you get stuck with the bogus old package.
  With a signed database this would not be possible. However, as Allan wrote earlier also with a signed database that criminal can manually install (totally leaving pacman & package cache) whatever it needs in this scenario. So, if you are -really- paranoid about that, you probably want to spend (a lot of configuring) time with something like the "aide" package.
  Cylinder57 wrote:
  And, are the following statements correct:
  If the repository databases are modified, the hacker might be able to modify the packages on the server (Considering that if someone can modify the local package database, that person can modify any other piece of software on that particular computer.)
  However, pacman won't let users from installing the modified packages (due to package signing,) unless at one person with access is bribed (at least, for an individual package.)
  I don't know the intricacies of the server infrastructure - only saw they have great names :-), but I am pretty certain your statements assume that correctly. It is pretty unlikely that someone able to modify the central repository database fails at placing a bogus package for shipping with those access rights at this time. Yet it does no harm not to post any details of such a scenario here imo. In any case: A compromised mirror would be enough for that - and easier to achieve (hacked anywhere or e.g. in a non-democratic state). Plus you also answered it yourself. The keys are key for our safety there. Which keeps me hoping that no criminal lawnmover salesmen frequent the Brisbane area.
  As you put up a thread about this, one question you can ask yourself is:
  Have you always checked on updates new signatures keys which pacman asks about? If you ever pressed "accept/enter" without checking them out-of-band (e.g. the webserver), that compromised mirror database might have just created a "legitimate" key .. user error, but another attack vector the database signing would catch.
  edit: Re-thinking the last paragraph just after posting, I now believe it would not be that easy as implied - simply because the bogus key is not trusted by one of the master keys. The pacman pgp trust model should catch that without database signing. At least it would if only the official repositories are activated, but that's a pre-requisite to the whole thread.
  Last edited by Strike0 (2012-10-20 23:01:26)

• What is the biggest hard drive I can place in my mac book pro?

  I have a late 2011 mac book pro 15". I need a bigger hard drive in the laptop because this one is just way too small. What is the biggest hard drive i can put in the laptop. I'm asking this because i can't find any real info on types of hard drives i can get and what not.

  If you're going to trust your internal drive up to 1TB, which is indeed possible, I would recommend buying a backup drive of 2-3TBs. Personally, I'd rather have a 512GB SSD with a 2TB backup and a 2TB 'working' external than try to cram 1TB into my portable computer...
  ...that's just me...
  Clinton

• What is the best hard shell case for a 15 inch mac book pro

  Hi!
  I have a new mac book pro and i want to get a hard shell case to protect it?  Which is the best one....?
  does anyone like the speck hard shell?

  Been using Speck now for about 4 years.  No complaints from me!

• What is the best way to watch cricket on line in Mac Book pro

  what is the best way to watch cricket online in Mac Book Pro

  This is not a place where we discuss about sports, google is a nice place to find a good website.

• What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  You want to allow someone to open your document and fill out the form (in the fields you have created), but not change or edit the form, right? Here's the answer - assuming you are using Acrobat Pro and someone will be opening the PDF using at least Acrobat Reader 9 and up:
  Tools > Protection > Encrypt < Encrypt with Password
  Answer YES to change the security.
  A new window opens:
       Do NOT select Document Open (or that will require a password to open the document.)
       Select: Permissions (Check the box next to "Restrict editing and printing of the document.")
       Change the following 2 settings from the drop-down box:
            Printing Allowed: Select High Resolution
            Changes Allowed: Select Commenting, filling in form fields, and signing signature fields
            Leave selected: "Enable text access for screen reader devices for the visually impaired"
            Change Permissions Password (insert a strong password)
            Leave all other settings alone in "Options"
            OK - OK
            Re-enter the Permissions Password (the one you entered above)
            OK - OK
            Save the PDF to apply the security [notice that (SECURED0 will appear after the document title]

• What are the security risks for opening port 80 on workstations?

  Hello all,
  in our environment, there is an application which open port 80 on workstations when installed, but it is not allowed on preimeter FW
  could you please advise what are the security risks for leaving port 80 opened on the workstations? or it is considered secure unless it is not allowed on the preimeter FW?
  thanks alot & regards

  Hi R.Naguib.
  The 80 port is open by default through the firewall on Windows system, it is used by a http protocol by a browser.
  As for the network or hardware Firewall settings, I suggest to turn to the network administrator for details.
  Regards
  Wade Liu
  TechNet Community Support

• What are the security post refresh procedures in general?

  Hi,
  Can anyone list me out What are the security post refresh procedures in general?
  Thanks and Regards,
  Damanaidu J

  >
  Damanaidu jawaharlal wrote:
  > Hi,
  >
  > Can you cite with respect to CUA.
  >
  > Thanks and Regards,
  > Damanaidu J
  CUA
  ====
  CUA behaves differently during a system/client copy and this is the approach we took and it was successful.  The goal is to take a backup of the source before CUA deletion then restore. Do not delete CUA and just attempt to rebuild it, all the roles will be gone.  Backup and restore will be the approach I recommend.
  a1.  Take a snap shot of your QA user and role assignments before copy.
  1.  (Basis) First make a backup of the source system.  This is important before step 2.
  2.  After successful backup delete the CUA from the source system. 
  3.  After successful copy to target system, restore backup to source system.
  4.  Depending how the copy was done, users and passwords should be in the target system but all the role assignments will be gone. 
  5.  Start assigning roles base on your requirements.  If you need to restore the old QA settings that is captured in a1.
  Perhaps others can add in other steps I might have missed.
  Good Luck!

• After Security updation of Windows 7 in Boot Camp (Mac Book Pro with Retina Display) on 13-Nov-2013, Windows 7 Desktop Gadgets are not working properly.

  After Security updation of Windows 7 in Boot Camp (Mac Book Pro with Retina Display) on 13-Nov-2013, Windows 7 Desktop Gadgets are not working properly.
  This is boot camp problem, because in other normal notebooks (e.g. SONY VAIO, Lenovo with Windows 7) the gadgets are working normally.
  I am attaching the screen shot of Desktop Gadgets and Security updates of Windows 7.
  Kindly solve this issue ASAP.
  Shailendra Gupta
  <edited by host>

  You are not addressing Apple, but a community of unpaid volunteers. So ASAP won't cut it. Also, you should refrain from posting personal information (like your email address) in the body of your comments, as this is part of the community usage guidelines.
  Have you reinstalled the latest Boot Camp Windows 7 drivers, just in case Microsoft overwrote some of them during the Windows 7 security update?
  If you want to communicate issues with Apple about Boot Camp and OS X, click on the link. Just don't hold your breath on receiving a response.

• What's the best hard drive I can put in my mac book 6,1?

  What's the best hard drive I can put in my mac book 6,1? Is there a solid state hard drive available? I've been through two hard drives in the last 3 years, which i primarily blaim on how much I have to move my computer around at work while the drive is spinning.

  Yes there is and SSD for your Mac.  I just ordered an SSD for a MacBook 6,1 from OWC.  http://www.macsales.com/
  Also check Crucial and Kingston.
  I ordered the DIY Upgrade Bundle: Mercury Electa 3G SSD.
  That MacBook is only capable of 3 GB/s so the 6G SSDs are overkill.
  I recently upgraded the memory from 2 GB to 8 GB.  It cut the boot time by a factor of three.  That is only a $100 upgrade.

• I am having trouble getting my My Mac Book Pro 15" Retina to wake up with an Apple Bluetooth Keyboard and Mouse while Docked in a Hengedock vertical docking station.

  I am having trouble getting my My Mac Book Pro 15" Retina to wake up with an Apple Bluetooth Keyboard and Mouse while Docked in a Hengedock vertical docking station. The Keyboard and mouse work great with the laptop lid open but when closed in the docking station the bluetooth signal does not seem to transmit.  Is there a setting that can be changed to allow an Bluetooth keyboard and mouse to wake the computer while docked?

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a Fusion Drive or a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of the test.

• Is the retina display for the new mac book pro worth the extra cost? I'm buying a new mac book pro but not sure about the retina display.

  Is the retina display for the new mac book pro worth the extra cost? I'm buying a new mac book pro but not sure about the retina display.

  There is a US$10 adapter from old power adapter to new MacBook Pro.
  MagSafe to MagSafe 2 Converter
  The MagSafe to MagSafe 2 Converter allows you to use the MagSafe connector on your LED Cinema Display, Thunderbolt Display, or MagSafe Power Adapter to charge your MagSafe 2-equipped Mac computer.
  For battery life, check the latest Software Update for the fix for most problems.

• Can I use the IRig to plug in my guitar on my mac book Pro or it just works in ipad, ipod and iphone?

  Can I use the IRig to plug in my guitar on my mac book Pro or it just works in ipad, ipod and iphone?

  From their website:
  Got a Mac? Get an iRig!
  Now for the hidden features… if you have a newer Mac computer, you can use the iRig as an audio interface for it. The newer Mac models feature a headphone jack that act as a headphone/microphone input for headsets. This means that you can also use your iRig with your Mac laptop or desktop machine to take advantage of the higher processing power of your machine and you don't need an additional audio interface to use it. Simply plug the iRig into your headphone jack, plug your headphones/line out into your iRig and you've got a fully functioning audio interface for guitar/bass/keyboards, or any other instrument with a ¼" out. Pretty cool.

• What are the main advantages of having multiple WLS_FORMS instance servers?

  Hi,
  I know it's possible to deploy multiple instance weblogic forms servers (WLS_FORMS). What are the advantages of having multiple instance of forms server?
  When we deploy forms&reports 11g the configuration process creates WLS_FORMS and WLS_REPORTS. Is there any advantage of having under the same physical server more than one WLS_FORMS server?
  Regards
  Ricardo

  The exact advantages and disadvantages will depend on exactly how you configure your environment. Remember that everything good comes with a price. So for example, you can add additional managed servers to improve scalability, but doing this means consuming more system resources. So although you may now be able to service twice as many users, it may have cost you 1gig of RAM or more (just an example).
  I would recommend taking a look at the documentation as it offers a pretty good high level view of the possible configurations and their advantages. Here is a good starting place:
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13716/understand_domains.htm
  The complete documentation set for FMw 11.1.1.3 and WLS 10.3.3 can be found here:
  http://download.oracle.com/docs/cd/E14571_01/index.htm