SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

A VMware VirtualCenter Design Flaw?

The Article has images
2008-06-19 20:30:16 by Adnan Hindi in ScienceLogic
...permissions via the inventory datastore & networks view but once we did that there was no easy way to view or delete the permissions within the same view. You need to go back and navigate the hosts/clusters view, one at a time, in order to view where these permissions showed up and if necessary delete/modify them one at a time as well, or...
 
Tags: networks, networks view, feature, permissions feature, view, permissions, hostsclusters view, vmware virtualcenter, virtualcenter
 
 
 
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...permissions and then disables functionality so that Bob cant do anything more than what hes allowed. In Bobs case, Word will refuse to do anything other than display the content in the window In addition to enforcing policy through IRM, RMS protects documents by encrypting them. RMS-protected documents remain encrypted in storage and in...
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes
 
 
 
 
Expand article

Turning on cruise control

2008-01-18 07:26:00 by Keith Brown in Security Briefs
 
...permissions to write to the CruiseControl log file, didn't have credentials to download files from our subversion repository, didn't have permissions to write those files to the working directory or deploy to the deployment folder. So here's the key: instead of debugging all of this using ccservice, just use runas to run a command prompt...
 
Tags: cruisecontrol, cruisecontrol logs, account, cruisecontrol log file, log, low-privilege account, ccnet configuration, ccnet, files
 
 
 
 
Expand article

My kids get XO's, I go to the command line

The Article has images
2008-03-23 01:30:39 by HASH0x8aed260 in StillSecure, After All These Years
...permissions, stuff like that. These laptops, while they run Linux, have a different kind of file and directory structure as to where they keep and store files and the naming system is weird. Files are truncated into numeric named files that bear no resemblance to the file name that shows up in the Sugar GUI. You have to go by the date created...
 
Tags: webkinz world, world, files, grep files, webkinz, flash files, webkinz site, store files, chat pretty quickly
 
 
 
 
Expand article

Giving SQL Injection the Respect it Deserves

2008-05-15 18:45:00 by sdl in The Security Development Lifecycle
 
...permissions only on your stored procedures. Do not grant any other permission on your database to any other user or group This is a great defense, because if the attacker attempts to access any other database object other than through a stored procedure (you can use views also), the underlying database permissions model prevents the attack by...
 
Tags: sql, sql injection bug, sql injection requirements, sql injection attack, sql server, sql execute-only permission, malicious sql payload, sql injection, sql injection vulnerability
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...permissions from files. As you worked, youd periodically re-scan the box to gauge progress, asking yourself have I removed everything I dont need? The underlying motivation, of course, is that an attacker cant hack something that isnt there You learned how to extend those concepts to the network configuring firewall rules, router ACLs, VLANs,...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

Internet Explorer security levels compared

2008-09-17 00:19:36 by Steve Riley in Steve Riley on Security
 
...Permissions for components with manifests D 1 1 1 1 Run components not signed with Authenticode D E E E E Run components signed with Authenticode D E E E E 1 = High safety ActiveX controls and plug-ins H MH M ML L Allow previously unused ActiveX controls to run without prompt D D E E E Allow scriptlets D D D E E Automatic prompting for...
 
Tags: script behaviors, script, script activex controls, activex controls, net framework, net, zone, content zone, content
 
 
 
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
...Permissions using System.Threading PrincipalPermission(SecurityAction.Demand, Role="SuperUser class Sensitive static Sensitive Console.WriteLine("Inside static constructor class Program static void Main(string[] args becomeSuperUser tryUsingSensitiveClass becomeNormalUser tryUsingSensitiveClass static void tryUsingSensitiveClass try new...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

Cached Malware Embedded Sites

The Article has images
2007-12-16 18:18:26 by HASH0x8a09e44 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...permissions gone wrong for instance The bottom line - cached malware embedded sites are a valuable resource in the arsenal of tools for the security researcher/malware analyst to use, and not necessarily a threat if it's Google's approach of removing the cached copies we're talking about, prior to notifying of the infection. Which leads us...
 
Tags: sites, sites wrongly, web sites, malware, malicious site, site, single site offers, sites notification services, popular sites
 
 
 
 
Expand article

Plan now to eliminate "power users" from your domains