Tag: software

Wireless security

When you're using wireless, youare sending data from your computer to an accesspoint through the internet to a server. The security of a data streamis only as good as the security of the weakestsegment. Often the weakest link is thewireless link from your computer to the access point. While your traffic is in transitbetween your …

How to fix unknown error – Security Software (Win XP)

Security software can cause unwanted conflictswith iTunes on a windows pc security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating this article explains how to disable securitysoftware, even if you don't know what you have on your computer.

The first step is to click on the start menu,and choose run.

What we want to type in is msconfig, whichstands for microsoft configuration.

We need to change this first part to selectivestartup And then uncheck load startup items Next we want to move to the sevices tab And tick the box next to hide all microsoftservices Once that is ticked, you can click disableall And we will move onto the startup tab.

What we want to find in here is iTunes helper,and tick the box next to that one.

Once done, hit the apply button.

You may encounter a message saying an accessdenied error was returned.

If you encounter that message it is perfectly ok, just hitthe OK message and then ok again to get out of there.

now you can restart the computer Now that your computer has rebooted, you shouldsee this message.

Click ok.

Then have a look at the startuptab.

Some security software will prevent itselffrom being disabled.

As you can see from my example, zone alarmand norton security are both still running even after we've disabled them as a startupitem Once we've identified what is still running,we will need to delete those.

We can do this by clicking the start menu,and selecting control panel.

Inside the control pane we need to find theicon "add remove programs".

Now your view may actually look a little different thanmy control panel.

But regardless of which way it looks, it will still have that icon Once the program list loads, it will looksomething like this.

Select the security software that was notdisabled earlier, and click to uninstall.

Source: Youtube

How to fix unknown error – Security Software (Win 7)

Security software can cause unwanted conflictswith iTunes on a windows pc.

security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating.

this video explains how to disable securitysoftware, even if you do not know what you have on your computer.

the first thing to do is click on the startmenu and in the search box at the bottom type in msconfig.

once the window comes up, we want to go toselective startup, and un-tick load startup items.

we'll then go across to the servicestab, hide all microsoft services, and then disable all.

we'll go across to the startuptab.

and we want to look for anything that represents itunes or apple and enable those.

once your done you can click apply and thenok.

and it should prompt you then to restart the computer.

now that the computer is restarted, we'regoing to go back down to the start menu and type in msconfig one more time.

once the windowcomes up we'll go across to the startup tab.

and we're going to look for anything thatwas unticked previously and has now re-ticked itself.

in my example it is kaspersky anti-virus once we've identified what we need to getrid of we'll go to the control panel.

It's probably simpler if you change the view fromsmall icons in the top right corner to category view, that way we can go down to uninstalla program and once a list of programs loads we'll findthe security software that had re-ticked itself as we just saw.

in my example that was kasperskyanti virus once we uninstall this software, you'll befree to use itunes without any risk of the security software blocking that connection simply follow the prompts provided to uninstallthe software and if you have any questions or queries regarding how to do that, referto the software's website.

Source: Youtube

Chrome Packaged Apps – Security Model

Hello! My name is Adam Barth and I work onthe Chrome team’s packaged apps effort.

I am here to talk to you about the securitymodel of packaged apps.

Packaged apps have access to features andservices that a normal web app would never have access to.

Users need to be confidentthat the apps they install will not behave in unexpected ways that endanger their system.

Chrome has a variety of defenses and protections that make it easier for you to create saferapps.

The first is process and storage isolation.

One of the foundations of the web security model is that a web app or site on one domainis not allowed to affect the data held in another.

This same principle is upheld forpackaged apps too.

 Even though an app is installed, actions inside it should not beable to directly affect data in another.

Each packaged app runs in its own process,so if something goes awry it will not directly affect apps running on the user’s system.

The data stored in each app is also sandboxed and isolated from other packaged applicationsinstalled on the user’s system.

This means that a file saved in the app will only bevisible to the app and the user that created it.

Secondly, Chrome makes use of a technology called Content Security Policy, commonly knownas CSP.

This technology helps protect users and developers from common cross-site scriptingattacks that can be found on the web.

 In fact CSP is enforced by default for everypackaged app.

Because packaged apps have access to evenmore features than a web app, CSP has disabled some features that you might expect as a developersuch as: Inline scripts like click handlers and <script>tags with code inside and ‘eval’ and the ‘new function’methods We know that sometimes you need to use thesefeatures so we’ve introduced a feature called “sandboxed pages”.

 These are pages inyour app that use all the features of the current web such as eval, new Function andinline script tags, but importantly have no direct access to advanced packaged app features.

The third protection in apps is the permissions model.

Apps can’t just use any feature theywant.

The user needs to have granted access to this feature.

 You can easily declareyour apps intent by configuring the permissions that you need in the manifest file.

For exampleyou can declare that your app needs access to the user’s video camera, or access toraw sockets.

Finally another security measure is the <browser>tag for web content.

Imagine you are building an RSS feed readerthat will show news articles in the app experience.

Adding web content directly is dangerous,as you have no control over what external authors are adding to their content.

Howeverthe user experience demands that you show the content.

The <browser> tag is like aniframe in that it will allow you to embed web content into your app from an externalresource but it is entirely isolated from your app.

This was just a quick overview of the security model for packaged apps.

To learn more on how to develop packaged apps visit developer.

Chrome.

Com/apps.

Source: Youtube

CrowdStrike Partners with Coverity to Ensure Software Security

Hi, my name is George Kurtz, Chief ExecutiveOfficer at CrowdStrike and one of the co-founders.

Formerly, I spent about seven years at McAfee,most recently as their Chief Technology Officer and before that I was the Chief ExecutiveOfficer at a company called, Foundstone, which I founded and I am one of the co-authors ofHacking Exposed.

So the security landscape has dramaticallychanged of the last ten years.

Where system administrators and companies used to havea very easy to manage website, maybe a simple database those times have changed dramatically.

Now we have a lot more complexity with cloud environments, we have complexity with dataand understanding where that data is at and ultimately the bad guys have gotten smarter.

And because they have gotten smarter and because their techniques have evolved dramaticallyfrom exploiting simple buffer overflows to a range of new techniques that are very hardto defend against, it's really imperative for organizations to start at the foundationallevel and understand if their code is actually secure before they deploy it.

As you might imagine, security is absolutely critical because CrowdStrike is in the securitybusiness.

We know that our software is going to be attacked and for us it was absolutelycritical to build security in from the ground up.

We needed to insure that we were releasingthe highest quality code without any security vulnerabilities, to insure our customer safetyand that is really one of the primary reasons why we decided to partner with Coverity sincethe beginning of the formation of the company.

One of our goals at CrowdStrike is to helpour customers identify and prevent damage from targeted attacks.

What we have seen attackersdo over the years is really run the same plays.

They'll spearfish, they'll exploit a commonvulnerability, they'll get into a system and they'll exfiltrate data.

And that entry pointinto the system almost all the time is based upon the exploitation of a vulnerability.

That vulnerability could have been caught a lot earlier in the development process ifcompanies embraced a technology like Coverity.

What was critical for CrowdStrike is to makesure we didn't disrupt our development process which is one of the reasons we chose Coveritybecause we could build it into our CrowdStrike secure development lifecycle.

So our developersnow get actionable information.

Most importantly it's accurate.

They know exactly what to fixand how to fix it and for us, time is money and we can get our code out that much faster.

One of the challenges I have seen over my career is that security auditor are alwaystrying to force feed a security product into the development lifecycle.

And the thing thatI love about Coverity is it actually provides a way to bridge the gap between developmentand security and really focuses the effort on building a product from the ground up thatis secure rather than coming in after the fact, after the requirement s have been made,after the products have been built and doing a static audit.

And what I have seen is thatit is about ten times more expensive to actually fix a security defect after the fact as opposedto when it was actually being built.

At CrowdStrike, I believe we have some ofthe best security engineers and programmers in the world and the last thing they wantto be doing is dealing with is dealing with false positives.

And one of the things thatwas really attractive to us was is a really low false positive rate from Coverity.

Sowe know when we see defect, it's probably going to be real and it's something we needto address immediately.

Which has really been a win-win and one of the reasons our developersactually use the product as opposed to putting it on the shelf.

Over the coming years, the security landscape is going to continue change.

The adversariesare going to get smarter, they are going to become more destructive and really it is incumbentsecurity professionals and developers to solve this really hard problem.

And I often seedevelopers left out the solution.

The reality is, if the developers are empowered with theright technology, they can eliminate security vulnerabilities from the beginning duringthe development phase which ultimately keeps all of our customers more secure.

Source: Youtube