Les nouveautés et Tutoriels de Votre Codeur | SEO | Création de site web | Création de logiciel

Loading...
Seo Master present to you:
What is Proxy Server? - SEO TIPS AND TRICKS

Most large businesses, organizations, and universities these days use a proxy server. This is a server that all computers on the local network have to go through before accessing information on the Internet. By using a proxy server, an organization can improve the network performance and filter what users connected to the network can access. 

A proxy server improves Internet access speeds from a network primarily by using a caching system. Caching saves recently viewed Web sites, images, and files on a local hard drive so that they don't have to be downloaded from the Web again. While your Web browser might save recently viewed items on your computer, a proxy server caches everything accessed from the network. That means if Bob views a news story at cnn.com at 1:00 and Jill views the same page at 1:03, she'll most likely get the page straight from the proxy server's cache. Though this means super-fast access to Web pages, it also means users might not be seeing the latest update of each Web page. 

The other main purpose a proxy server is to filter what is allowed into the network. While HTTP, FTP, and Secure protocols can all be filtered by a proxy server, HTTP is the most common. The proxy server can limit what Web sites users on the network can access. Many organizations choose to block access to sites with objectionable material such as hacking information and pornography, but other sites can be filtered as well. If an employer notices workers are spending too much time at sites like eBay or Quicken.com, those sites can be blocked by the proxy server as well.
2013, By: Seo Master

seo What is Proxy Server? - SEO TIPS AND TRICKS 2013

Seo Master present to you:
The FonePad is another 7-inch Android tab by Asustek Computer Inc. but it beats Google Nexus by including voice calling, expandable storage and a better design at the same price. At the back of the tab, we will see a prominent 'Intel Inside' logo. This is the first tablet powered by a single core, 1.2Ghz Intel Atom processor.

It has a high-quality silver-grey metal case with only a small removable plastic panel for the wireless antenna, micro SIM and micro SD. Being only 10.4mm thin throughout, it's also easy to hold the device. The LCD screen is bright. The 1280 x 800 resolution results in a pixel density of 216 PPI.

It comes up with useful softwares by ASUS.

Asus Splendid lets you change the hue, saturation and color temperature of the screen. You get a built in call blocker, App Password Locker, several ASUS homescreen widgets. It also comes up with additional settings which allow us to set outdoor mode for the screen, screen saver, etc.

The device is not blazing fast but great for the price.

Rating: 4.0

This is was a very short review by @hackingtag

2013, By: Seo Master

seo Asus FonePad: Short Review 2013

Seo Master present to you:
By Mayank Upadhyay, Google Security Team

A group of security researchers recently identified a flaw in how some OpenID relying parties implement Attribute Exchange (AX) that could cause an authentication bypass vulnerability. Google is a strong supporter of federated login on the web and would like to help spread awareness of this issue to websites that are OpenID relying parties in order to protect the users of those websites. This issue primarily impacts websites that act as relying parties using the OpenID4Java library.

The researchers determined that the affected sites were not confirming that certain information passed through AX was properly signed. If the site was only using AX to receive information like the user’s self-asserted gender, then this issue would be minor. However, if it was being used to receive security-sensitive information that only the identity provider should assert, then the consequences could be worse.

A specific scenario identified involves a website that accepts an unsigned AX attribute for email address, and then logs the user in to a local account on that website associated with the email address. When a website asks Google’s OpenID provider (IDP) for someone’s email address, we always sign it in a way that cannot be replaced by an attacker. However, many websites do not ask for email addresses for privacy reasons among others, and so it is a perfectly legitimate response for the IDP to not include this attribute by default. An attacker could forge an OpenID request that doesn’t ask for the user’s email address, and then insert an unsigned email address into the IDPs response. If the attacker relays this response to a website that doesn’t notice that this attribute is unsigned, the website may be tricked into logging the attacker in to any local account.

The researchers contacted the primary websites they identified with this vulnerability, and those sites have already deployed a fix. Similarly, Google and other OpenID Foundation members have worked to identify many other websites that were impacted and have helped them deploy a fix. There are no known cases of this attack being exploited at this point in time.

A detailed explanation of the use of claimed IDs and email addresses can be found in Google’s OpenID best practices.

Google would like to thank security researchers Rui Wang, Shuo Chen and XiaoFeng Wang for reporting their findings. The OpenID Foundation has also done a similar blog post on the issue.

Action Required:
  1. If you are an OpenID relying party, then you should read the Suggested Fix section below to see if this vulnerability might apply to you, and what to do about it.
  2. If you are an application developer that uses OpenID relying party services from someone else, like your container provider or some network intermediary, please read the Suggested Fix section to see if your service is listed there. Otherwise, you should check with that entity to make sure they are not susceptible to this issue.

Suggested Fix:

As a first step, we recommend modifying vulnerable relying parties to accept AX attribute values only when signed, irrespective of how those attributes might get used.

During our investigation we confirmed that apps using the OpenID4Java library, with or without the Step2 wrapper, are prone to accepting unsigned AX attributes. OpenID4Java has been patched with the fix in version 0.9.6.662 (19th April, 2011).

Kay Framework was known to be vulnerable and has since been patched. Users should upgrade to version 1.0.2 or later. Note that Google App Engine developers that use its built-in OpenID support do not need to do anything.

Other libraries may have the same issue, although we do not believe that the default usage of OpenID services and libraries from Janrain, Ping Identity and DotNetOpenAuth are susceptible to this attack. However, the defaults may be overridden and you should double check your code for that.

We also suggest reviewing your usage of email addresses retrieved via OpenID to ensure that adequate safeguards are in place. A detailed explanation of the use of claimed IDs and email addresses can be found in our OpenID best practices published for Apps Marketplace developers that also apply to relying parties in general.


Mayank Upadhyay works on authentication and identity problems on the Google Security Team.
His previous experience includes similar work at Sun Microsystems and various companies in the WiFi security space.

Posted by Scott Knaster, Editor
2013, By: Seo Master

seo Security advisory to websites using OpenID Attribute Exchange 2013

Powered by Blogger.
Design by Dev Nasser