Date: 05/21/08 (MySQL Communtiy)    Keywords: mysql, sql, java, security, web

I'm wondering if anyone has any thoughts or pointers about this.

I am setting up a Java Web Start program that accesses a mySQL DB. The program was written a good while ago and was never meant to go outside the office. But now, of course, we want it to. :-)

The issue is...wait for it...security! mySQL, by default, does not have secure communications, although I am seeing that it can be set up to do SSL communications. Save for having to set up our mySQL server to handle that (Certificate administrators, etc.) and having to re-write sections of the Java program to handle the secure communications, that's all theoretically good.

However, I don't really need something that elaborate. Indeed, the data itself is public and does not need to be secured. What we are worried about is someone sniffing out the credentials to the mySQL DB. How can that be stopped?

In my research into this I came across an invokation flag to mySQL called --compress.

The Basic SSL Concepts section of the mySQL 5.0 Reference Manual says, "To improve security a little, you can compress client/server traffic by using the --compress option when invoking client programs. However, this does not foil a determined attacker."

This sounds perfect for me if such an invokation compresses (or otherwise hides) the credentials being used to access the DB? Does anyone know if it does?

So, in a larger sense, I guess I'm asking how you folks secure access to your mySQL DBs in any sort of public setting? Am I forced to set up the SSL solution and rewrite the Java program, or is there a more non-invasive way of doing this?

Thanks!

Source: http://community.livejournal.com/mysql/128489.html

Date: 03/01/09 (PHP Community)    Keywords: security, apache

Hi dear all,

Sorry for bothering you.  I am using Windows Vista. I cant seem to start the Apache service.
Does anyone know what might be causing it? I have a feeling, it may be some security issue.

Source: http://community.livejournal.com/php/658673.html

Date: 01/15/09 (PHP Community)    Keywords: php, security, web

Anyone have any advice for form security? I've been trying to use the advice from this page, but it doesn't seem to be working... Specifically, what happens is I get the error page and then the email shows up anyways...

Source: http://community.livejournal.com/php/653858.html

Date: 03/31/08 (Asp Dot Net)    Keywords: asp, security, web

I have content that I only want authorized users to see and then content that I want joe public to be able to view.

I found this article that suggests having two web.config files. So the authorized user content would be in a separate folder with its own web.config file:
http://www.asp.net/learn/security/tutorial-07-vb.aspx

Is that how you would do it ? (There's no date on the article so I didnt know if this was the latest thinking)

Thanks :)

Source: http://community.livejournal.com/aspdotnet/97434.html

Date: 03/14/09 (Security)    Keywords: security

Keeping your house secure is not always fun to think about. You have an alarm system, but it's usually dated, and not so easy to use. uControl makes the experience different. Imagine a touch screen monitor that lets you control the security of your home. Not only...

Source: http://blogs.zdnet.com/weblife/?p=354

Date: 03/12/09 (Security)    Keywords: security

We recently installed 3 Astaro 220 Security Gateways in locations that we upgraded to cable Internet connections. Our services integrator Integrity by CELT was able to bundle them via a lease with our Internet costs and gave me a couple of training sessions to manage them. While they...

Source: http://education.zdnet.com/?p=2246

Date: 03/11/09 (Security)    Keywords: security

There's a lot of chatter about Twitter security. But what responsibility lies on brands to make better decisions to protect their users. A lot. by Jennifer Leggio

Source: http://blogs.zdnet.com/feeds/?p=664

Date: 03/11/09 (Security)    Keywords: security

A jury of UK IT chiefs were almost split over whether netbooks were ready for the enterprise as the pro votes liked the price while the cons questioned security. Netbooks have received a qualified thumbs up by IT leaders in the latest CIO Jury. When...

Source: http://news.zdnet.com/2424-9595_22-277700.html

Date: 03/10/09 (Security)    Keywords: software, security, microsoft

After weeks of swinging and missing on proper response to a gaping security hole in its ever-present PDF Reader software, Adobe has finally shipped a patch but only for some affected users. On the same day Microsoft issued its scheduled batch of patches, Adobe dropped a security...

Source: http://blogs.zdnet.com/security/?p=2856

Date: 03/10/09 (Security)    Keywords: security, microsoft

Microsoft today shipped three security bulletins with fixes for at least 8 documented vulnerabilities affecting millions of Windows OS users. The most serious of this month's patch batch is rated "critical" and could allow full remote execution attacks if a Windows user is simply lured into viewing...

Source: http://blogs.zdnet.com/security/?p=2853

Date: 08/05/16 (Webmaster View)    Keywords: security

Start doing some research that will help you make penetration testing an effective part of your enterprise's security measures.

Source: http://www.webmasterview.com/2016/08/penetration-testing/

Date: 04/05/12 (Computer Help)    Keywords: security

My computer information:

Intel Core i5 CPU 750 2.67ghz x4
8 gigs ram
Windows 7 64 bit
ATI Radeon HD 4600 series(graphics card)

So I'm not sure what exactly is going on. I tried playing Civ 5 today and the graphics were a bit off. SWTOR's graphics were also off. Plus my desktop display is slightly bigger than it should be. Text seems a bit off in various things as well. And videos viewed on netflix are less clear. This happened today. I haven't downloaded any files or changed any settings. Not 100% sure if anything updated, but maybe adobe flash player? But would that affect everything else? I mention this because under control panel - system and security adobe flash player is labeled 32bit, not 64bit which my computer is running. Under control panel - system and security - system, the information says its running a 64 bit operating system. Shrug.


So far I've tried adjusting the resolution, restarting my computer, reinstalling the graphics card drivers, and uninstalling the graphics card drivers and reinstalling them. This obviously has not worked. The drivers are the latest available.

Is there a way for the computer to auto-detect the best settings for your computer(in case mine somehow got off?) Maybe a program I can download to do this or something that already comes with the operating system? Any other suggestions or ideas?

Source: http://computer-help.livejournal.com/1027331.html

Date: 06/29/11 (Computer Help)    Keywords: security

x-posted to computerhelp

I recently battled the Internet Security malware -- twice. I won, but I lost some files in the process. They weren't important files. They weren't data or system files. But they were files that did a specific thing and I miss them.

I have a Seagate expansion drive (model #9SD2A2-500).

The files I lost were the ones that came with the drive. It still works fine. Windows sees it and files move to and from it with no problem. But it used to be that when I opened up My Computer I would see a little picture of the Seagate drive instead of the generic hard drive picture I see now.

It's not really that big of a deal but I want that little picture back. I was wondering if anyone reading this might have one of these drives and be able to send me copies of those files? Thanks for reading this, in any case.

Source: http://computer-help.livejournal.com/1025129.html

Date: 04/29/11 (Computer Help)    Keywords: security, web

 

1024x768 1152x864 1280x768 1280x800 1280x1024 1440x900 1400x1050 1680x1050 1920x1200

Source: http://computer-help.livejournal.com/1023390.html

Date: 01/04/11 (IT Professionals)    Keywords: security, web

What's new in networking over the past ten years? My reason for asking is that I'm re-taking a Cisco networking course to keep my skills up to date, but I have no expectation that the teacher and course material are up to date. I'll start with a few things that were not in the Cisco material when I last took the course.

• Netflow packet dumping.
• VPNs are far more popular than they used to be. Hardly anyone had them before; now it's expected that anyone knows how to set them up.
• Routers have gained enough features that traditional routers are called Layer 3 Switches, which raises the question of what new features are expected to be in a proper "router".
• Gigabit Ethernet and the move from Cat5 to Cat5e and Cat6 were a significant change. There is also Cat6A for 10,000baseT.
• BGP is the routing protocol used on the Internet. This is not new, but it was not covered in the Cisco material.
• Lots of places are punching big holes in their security with wireless routers and exploitable wireless devices (like printers) in the trusted section of the network. MAC whitelists and encryption are musts for access points, but some of the standard encryption methods such as WPA and WEP have been compromised.

What else is new? Also, what are some good news websites for reading about networking advances?

Source: http://itprofessionals.livejournal.com/92384.html

Date: 04/13/10 (IT Professionals)    Keywords: asp, sql, security, microsoft

I should know this.

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 57 unused index entries from index $SII of file 0x9.
Cleaning up 57 unused index entries from index $SDH of file 0x9.
Cleaning up 57 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 87
of name \mssql\MSSQL$~1\Data\DISTRI~1.MDF.
Windows replaced bad clusters in file 7220
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201004~1\TB5CD1~1.BCP.
Windows replaced bad clusters in file 26077
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201004~1\TBLPDF~1.BCP.
Windows replaced bad clusters in file 32542
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\201003~1\TB5CD1~1.BCP.
Windows replaced bad clusters in file 34123
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200802~1\TB50D9~1.BCP.
Windows replaced bad clusters in file 59114
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200904~1\TB4CD1~1.BCP.
Windows replaced bad clusters in file 66747
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200904~1\TBLPDF~1.BCP.
Windows replaced bad clusters in file 306249
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200608~1\TB50D9~1.BCP.
Windows replaced bad clusters in file 313926
of name \mssql\MSSQL$~1\REPLDATA\unc\INSIGH~1\200608~2\TB50D9~1.BCP.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
The size specified for the log file is too small.

213371743 KB total disk space.
137811912 KB in 82347 files.
42892 KB in 6088 indexes.
0 KB in bad sectors.
962587 KB in use by the system.
23040 KB occupied by the log file.
74554352 KB available on disk.

4096 bytes in each allocation unit.
53342935 total allocation units on disk.
18638588 allocation units available on disk.



Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

~~~~

this is on my domain controller, this is a HP raid5 array consisting of 4 72gb scsi disks. how can you get bad clusters on a raided drive? how can I know which physical drive is failing?

did I actually lose any data/get any data corruption?

I have backups of course, the problem if its hardware failure, and I am going to do migration to windows 2008 r2 from windows 2003, it will still take sometime to initiate things, buying a single replacement scsi might be viable but if I can't identify the drive and have to get 4 scsi drives and rebuild the array 1 disk at the time, it would be problematic not to mention prone to disaster.

Source: http://itprofessionals.livejournal.com/90386.html

Date: 10/01/08 (Software)    Keywords: security

I have two different samba shares configured.

Can someone PLEASE tell me my one works exactly as expected (e.g. limits access to the requisite group and give them complete access) while the other one allows EVERYONE view privileges and no one has write/modify privs?

I am sure I missed something stupid.... but I am too tired to figure it out if I did.


1.
[SHAREGROUP1]
writeable = yes
write list = @sharegroup
force security mode = 111
create mask = 770
directory mask = 770
comment = Storage space for sharegroup files
user = @sharegroup
path = /data/common/ShareGroup

2.
[SHAREGROUP2]
writeable = yes
write list = @sharegroup
force security mode = 111
create mask = 770
directory mask = 770
comment = sharegroup's Drive
user = @sharegroup
path = /mnt/sharegroup

Source: http://software.livejournal.com/82552.html

Date: 03/03/08 (Apache)    Keywords: security

Some of our IE7 users receive security certificate mismatch warnings with every secure page view on subdomain.domain.net.  The cert was originally issued to www.domain.net. 

Is it possible to add aliases to existing certificates (my hunch is no, but I'm not well versed on them)? 

Source: http://apache.livejournal.com/40574.html

Date: 06/11/07 (Apache)    Keywords: security, hosting, apache

Can Apache run under different instances, so that we can direct traffic to each Virtual Host under a different instance. Would doing so offer better security than simply using virtual hosting? One of our sites is internal, the others are public. We want to keep the internal site locked down extremely tight.

In that same light, is it possible to have different SSL certs for different Virtual Hosts running on the same physical box (under one IP)?

Thanks for suggestions/pointers.

Source: http://apache.livejournal.com/37060.html

Date: 06/02/11 (SQL Server)    Keywords: database, asp, sql, security, microsoft

Passing this along for a friend...If you know anyone looking, please let me know.  Pay terms seem to be a little higher than normal for that many years of experience.  

Responsibilities:

• Installation, configuration, customization, maintenance and performance tuning of SQL Server 2005 & 2008 including SSIS, SSAS and SSRS.
• SQL version migration, patching and security management.
• Monitor database server capacity/performance and make infrastructure and architecture recommendations to management for necessary changes/updates.
• Perform database optimization, administration and maintenance (partitioning tables, partitioning indexes, indexing, normalization, synchronization, job monitoring, etc).
• Manage all aspects of database operations including implementation of database monitoring tools, event monitoring, diagnostic analysis, performance optimization routines and top-tier support for resolving support issues.
• Work with internal IT operations teams to troubleshoot network and server issues and optimize the database environment.
• Establish and enforce database change management standards including pushes from development to QA, on to production, etc;
• Proactively stay current with latest technologies and industry best practices associated to the position and responsibilities.
• Provide development and production support to troubleshoot day-to-day database or related application issues.
• Develop, implement and verify processes for system monitoring, storage management, backup and recovery.
• Develop, implement and verify database backup and disaster recovery strategies.
• Design and implement all database security to ensure integrity and consistency among the various database regions
• Develop and maintain documentation of the production environment.
• Manage SLAs and strict adherence to production controls - Sarbanes-Oxley (SOX) monitored via external audits

• Must have experience on SQL Server 2005.
• Good exposure on Installation, Configuration of database Clusters, Replication, Log shipping and Mirroring
• Expertise in Troubleshooting and performance monitoring SQL Server Database server (Query Tuning, Server Tuning, Disk Performance Monitoring, Memory Pressure, CPU bottleneck etc.)
• Expertise in T-SQL and writing efficient and highly performing SQL Statements.
• Expertise in SQL Server Internals, wait events, profiler, windows events etc
• Must have understanding of key infrastructure technologies such as Clustering, SAN Storage, Virtualization, Cloud services etc.

• System administration fundamentals including Installation, Configuration & Security setups.
• Experience with SQL 2008 a plus.
• Experienced in architecting high availability, business resumption and disaster recovery solutions
• Microsoft SQL Server DBA Certification
• Experience with SCOM/SCCM/SCSM is a plus
• Extremely self motivated and ability to work within a globally dispersed team.

• Data Warehouse experience
• VLDB experience highly desired
• Experience with databases > 5 TB, processing 2 million + rows of data daily
• MS SQL Server 2005 Transact-SQL (T-SQL)
• Stored Procedure Development Communication Skills, work well with the team, and within team processes
• Database and file size and space forecasting ability
• Ability to manage a complex database system and assist the client with Database Integration for Future Business Intelligence efforts
• Confio Ignite Performance

• Bachelor's degree in Computer Science, Business Administration or other
• 10+ years experience as a Database Administrator 

Source: http://sqlserver.livejournal.com/75423.html