Attackers broke in and took whatever they wanted, exfiltrating gigabytes and gigabytes of documents, emails and even entire movies, apparently at will for months and months on end.
Relying on a DMZ to protect your network and data is like putting money in a bank that depends on one guard and a single gate to secure its deposits. Imagine how tempting all those piles of money would be to those who had access — and how keen everyone else would be to obtain access. But banks do not keep cash out on tables in the lobby, they stash it in security boxes inside vaults, behind locked doors, inside a building patrolled by a guard and secured by a gate. Likewise, network segmentation offers similar security for an organization’s assets.
On-screen virtual keyboard is an alternative input method that can replace a real hardware keyboard. Virtual keyboard may be a necessity in various cases. For example, your hardware keyboard is broken; you do not have enough keyboards for extra machines; your hardware does not have an available port left to connect a keyboard; you are a disabled person with difficulty in typing on a real keyboard; or you are building a touchscreen-based web kiosk.
The Chinese government is promoting China Operating System, a closed source, Linux-based OS that it hopes will supplant Microsoft Windows and Google Android.
Here are some tips and tricks to help you improve the security of your organization’s Tomcat deployment.
With password-based authentication so prevalent online these days, you may need or already use some sort of password management tool. There are various online or offline services or software tools for that matter, and they vary in terms of their sophistication, user interface or target environments (e.g., enterprises or end users). For end users, there are a few GUI-based password managers, for instance, KeePass(X). If you do not want any kind of GUI dependency for password management, I would highly recommend pass, a simple command-line utility for password management.
These days, it seems as though anyone who uses the Internet is a tasty morsel for insatiable data thieves. Marketers, governments, criminals and random snoops won’t be satisfied until they can snarf whatever information they want about us at any time. If you want to dodge ad trackers, have sensitive sources to protect or you just want to conduct your normal online activities without being spied on, then The Amnesiac Incognito Live System (better known as Tails) could help.
Unpatched sites and improperly issued SSL certificates could be leaving users vulnerable. A month after the Heartbleed OpenSSL security vulnerability was first publicly disclosed, there are strong indications that there are still a whole lot of vulnerable users.
Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritised list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities, but there are also those that offer broad IT security scanning.
Last week, the oVirt Project delivered a new version of its open source virtualization management system, complete with a feature I’ve eagerly awaited for the past two years. The feature, called Hosted Engine, enables oVirt admins to host the system???s management server (aka the engine) on one of the virtualization hosts it manages. This article walks through the installation and first steps of a basic oVirt install using the Hosted Engine feature.