Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

SEARCH KEYWORD -- security



  A serious security vulnerability found in MySQL/MariaDB


Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09


  Generate certificate in Java -- Store certificate in KeyStore


In previous post, we have explained how to create a certificate chain in Java. After generating the chain, we need to store it somewhere so that it can be used later when we are doing the actual SSL communication, either in a key store or trust store. This post will show you how to store the private key and its associated certificate chain in a keystore file. There are different types of keystore in Java, in this post, we will choose the JKS to demonstrate how to store the certificate chain. Whe...

   Java,Certificate chain,Keystore     2014-08-20 03:56:39


  Evolution mail configuration with Hotmail on Ubuntu


Evolution mail now is the default Email client on Ubuntu. When we configure this mail client with Hotmail. The steps should be followed.   Step 1: Open Evolution mail through Applications->Internet->Evolution mail    Step 2: Goto Edit->Preferences   Step 3 : Click Add button or double click on the added mail account.   Step 4 : On the Identity tab, fill the Hotmail account you want to use.    Step 5 : On "Receiving email" Tab,      ...

   Ubuntu,Evolution mail,Hotmail,Configurat     2011-04-28 09:24:01


  Redirect to SMB - MS SharePoint Server 2010; Microsoft Security Flaw Discovered


We all are aware of the fact that Microsoft rules the world when it comes to operating systems in PCs and laptops, however; there are still occasions where security issues are passed over.  These unpleasant instances are discovered usually by the in-house engineers – but surprisingly a third party discovered a flaw recently. These are the security firms who are always looking out to streamline any of the gaps involving the integrity of information carried through these operating syste...

   MS SharePoint Server 2010, Microsoft Security     2015-04-27 09:48:14


  Is Shared Hosting Secure?


Shared hosting is incredibly popular with users who are looking for the cheapest hosting available – the problem is that along with the low price you get poor performance and even more concerning – questionable security. When running on a shared host dozens if not hundreds of other sites are running on the same servers – this means any single security flaw in any of those applications can compromise the entire server. This  dramatically increases the odds of your server being co...

   Shared hosting,Virtual host,Security,Data security     2012-02-14 10:48:59


  Android and Security


The last year has been a phenomenal one for the Android ecosystem. Device activations grew 250% year-on-year, and the total number of app downloads from Android Market topped 11 billion. As the platform continues to grow, we’re focused on bringing you the best new features and innovations - including in security.Adding a new layer to Android securityToday we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially...

   Android,Security,Android Apps,App market,Bouncer     2012-02-03 08:03:51


  Using Java keytool programmatically


Java provides a command line tool to access and operate different keystore which store keys and certificates. This tool is named keytool and is located at \bin.  On command line, you can issue below command to generate a keystore named mytest.jks which contains a private key and certificate chain. keytool -genkeypair -alias mykey -keyalg RSA -sigalg SHA256withRSA -dname CN=Java -storetype JKS -keypass password -keystore mytest.jks -storepass password Sometimes, in testing purpose, w...

   JAVA,KEYTOOL     2016-01-09 06:28:07


  Different types of keystore in Java -- DKS


Domain KeyStore(DKS) is a keystore of keystore. It abstracts a collection of keystores that are presented as a single logical keystore. Itself is actually not a keystore. This new keystore type is introduced in Java 8. There is a new class DomainLoadStoreParameter which closely relates to DKS. To load different keystores into the single logical keystore, some configuration is needed. Here is the format of the configuration for grouping different keystores. domain [ ...] { keystore [ ....

   Java,keystore,DKS,tutorial     2015-01-20 02:27:27


  Two things I don’t like about Hacker News


Hacker News is a very famous IT information hub. We can find many useful links about the latest IT news and fantastic technology demos. But there are two things I don’t like about Hacker News. Maybe some of you also have the same feelings.1.  About the more link. Every time we click the more link to go to next page, there will be a unique key generated to produce the new page. It is a good security mechanism. Also it may increase pages views as we need to read page by page but can...

   Hacker news,More link,Submission,Security     2012-02-28 11:55:37


  Access control in Java -- doPrivileged


Previously we have introduced how Java performs permission check to protect resource access. What if sometimes we need to give some class the temporary access to some resource which it initially doesn't have? AccessController provides six doPrivileged methods to fulfill this requirement. These six methods have below signatures : static T doPrivileged(PrivilegedAction action)static T doPrivileged(PrivilegedAction action, AccessControlContext context)static T doPrivileged(PrivilegedExceptionA...

   JAVA,SECURITY,DOPRIVILEGED     2016-03-08 05:46:42