Computer Internet network security News

Setting a BIOS password on Acer Aspire is a bit triky. When you buy a new machine and set administrator password, later you go to BIS setting the system wont allow you to enter that area and return a popup saying incorrect password. Its a small matter. Some dudes do not understand and feel it as a trouble. However remedy is here down.

1- Press F2 when computer is booting

2- Go to security tab and set the main supervisor password.

3- The password is always in cap, no matter you use caps or not, suppose you use happy as password the system will change it to HAPPY. Some people think of forgetting the password but its not the case.

Its a very small tweek but still can consume hours or may cost you some bugs to send to workshop. It may happen in other systems too.

Tips and Tutorials acer bios, bios, bis setting, password

`sudo` allows you to give privileged access to only some commands, instead of all commands.

`sudo` allows you to log all commands (and their arguments) executed as the privileged user.

`sudo` does not require the administrator to share the root password.

`sudo` allows you to limit the users who can use it by editing the sudoers file.

`sudo` times out after 5 minutes (by default).

Sudo (superuser do) is a piece

of software that allows a system admin to give certain users/groups the

ability to run commands as root or another user

Sudo is available with most all unix based operating systems including Mac OS X. 

Sudo Upgrade Installer for Mac OS X by Scott Anguish

Glossary of computer security, S password, sudo

what changes should be made to  Mac OS X configuration with respect to security.  “The only significant change which one have to made is that the different password for my Keychain than for my user account.” That’s a change also make on all of  systems. The Keychain allows you to keep internet passwords, notes and SSL certificates in an encrypted store, and synchronize them between different machines with .Mac. So far, so good – of course there is only a single password to unlock all of this information, but it means that you can choose one really good password that you can remember, then use different passwords for all of the websites, mail accounts and so on that you use, which you don’t need to keep in your head (or on a Post-It note) because you can always get them out of the Keychain. The problem with the default Keychain configuration is that this password is synchronized with your login password; whenever you are logged in, the items in your Keychain are unlocked and available to any

application that asks for them. It is simple to fix this: firstly, open the Keychain Access application in /Applications/Utilities. In the Edit menu, choose “Change password for Keychain ‘login’…” and set a new password. Now when an application needs a password out of the Keychain, it has to prompt you for that password; a slight reduction in convenience but with a huge payoff in being able to control when your stored passwords are used. You can also control when the Keychain is automatically locked (so that you get re-prompte0.

Apple security, Macintosh security apple, keychain, mac, Macintosh-security, password

If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this:

1. At a command prompt, change to the %SystemRoot%\System32 folder.

2. To change the local SAM-based Administrator password, type

setpwd

and then press ENTER.

1. To change the SAM-based Administrator password on a remote domain controller, typesetpwd /s: servername

and then press ENTER, where servername is the name of the remote domain controller.

1. When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use.

Note: If you make a mistake, repeat these steps to run setpwd again.

Method #2

On Windows 2000, if you do know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method:

1. Shut down the domain controller on which you want to change the password.

2. Restart the computer. When the selection menu screen is displayed during the restart process, press F8 to view advanced startup options.

3. Select the Directory Service Restore Mode option.

4. After you successfully log on, use one of the following methods to change the local Administrator password:

At a command prompt, type the following command:

net user administrator *

or

Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password.

1. Shut down and restart the computer.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

Method #3

On Windows 2000, if you do not know the Directory Service Restore Mode Administrator password you can easily change it to something else by using the following method:

1. At a command prompt, type the following command:

net user administrator 123456

This will change the local administrator’s password to 123456.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

Method #4

On Windows Server 2003, the setpwd or NET USER trick won’t work. Here, if you want to change the Directory Service Restore Mode Administrator password you’ll need to use the following method:

1. Click, Start, click Run, type

ntdsutil

and then click OK.

1. At the Ntdsutil command prompt, type

set dsrm password

1. At the DSRM command prompt, type one of the following lines:

To reset the password on the server on which you are working, type

reset password on server null

The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.

or

To reset the password for another server, type

reset password on server <servername>

where <servername> is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.

1. At the DSRM command prompt, type q.

2. At the Ntdsutil command prompt, type q to exit.

You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password.

Operating systems security password, Password-management, Windows security

Just a day after it released Firefox 3.0.2 to fix 11 vulnerabilities, Mozilla Corp. said that an overlooked password bug requires a fast-track update it hopes to launch next week.

Late Wednesday, Mike Beltzner, Mozilla’s director of Firefox, said that the bug, which prevents some users from accessing their browser-saved passwords, means another update is necessary. “While this doesn’t affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix,” Beltzner said in a message to the mozilla.dev.planning group.

The bug popped up in Firefox 3.0.2, which Mozilla released Tuesday, after developers added a fix to make the browser’s password manager work on international domain name (IDN) sites. IDN sites are those that have non-ASCII characters in their URLs, such as addresses with Arabic, Hebrew or Chinese characters, or ones with non-English diacritical marks.

According to Beltzner, users who have saved passwords on IDN sites or some non-English domains will be unable to access those passwords or save any new passwords after updating to Firefox 3.0.2.

“There is no permanent data loss, the saved data is just inaccessible,” Beltzner noted.

Regression bugs aren’t unknown to Mozilla or Firefox. Last November, the company rushed a release out the door to fix five bugs it had introduced in the previous version of the browser, which had been posted for download about a week before.

A fix for the password regression bug has been crafted and is being tested, Beltzner added.

Browsers security firfox, mozilla, password

In an inquiry of the British Ministry for industry and trade indicated approximately 60 per cent of the asked ones to never change their passwords. Passwords on notes note or store about 35 per cent of the users these on the computer. Both represents an appropriate safety risk, because by spying passwords such a larger damage can be caused. From the 1,800 asked indicated 20 per cent to use the same password for on-line Banking as well as other announce-requiring web pages. If an aggressor spies such a password, it can cause larger damage, as if for each announce-requiring service another password is used. The responsible British Minister, Malcolm Wicks, sees the inquiry as vouchers for the fact that humans are still the largest risk, if it concerns computer security.

Data Security british, password, survey

The question of the repudiation of biometrically authenticated transactions has been
the subject of widespread discussion. Such discussion is not limited to biometric
authentication though; other more traditional forms are also open to debate. Generally,
signatures have been accepted as legally binding indicators but they are certainly
open to challenge in the courts and such challenges are not unknown.
Non-repudiation of authentication typically rests on 2 considerations:
· Strength of binding of the authenticator to the individual in question
· Informed consent of the individual at the time the authentication was given.
Most authenticators are open to challenge on either or both of these grounds. The
former is a technical issue, signifying the non-forgeability (or otherwise) of the
authenticator. Normal signatures are known to be readily forgeable, so do not offer
strong binding. Various other authentication tokens have been proposed and used
which themselves offer much stronger binding, for example cryptographic signatures.
However, cryptography does not address the crucial issue of binding the
authentication to an individual. This final step has to be provided by a supplementary
mechanism usually involving a PIN or password, a token, a biometric, singly or in
combination. These generally have much lower strengths than the cryptography and set
a limit to the true strength of the individual binding and hence the non-repudiation.
Biometric Security Concerns produced for the UK Biometric Working Group. Last updated September
2003
16
The relative strength of binding provided by biometrics compared to passwords or
tokens is not straightforward to define and there is currently no generally agreed basis
for the comparison. It is known that each mechanism has strengths and weaknesses in
different areas, and relating these areas of difference and mapping them into a single
equivalent “strength” figure has so far proved intractable.
Biometric specialists normally agree that the biometric error rates such as FAR and
FRR are the equivalent of the password space in PIN/Password based authentication.
The exact relation is more elusive however, because the biometric mechanism cannot
be compromised by a simple exhaustion attack in the same way as that for a
PIN/Password. A 4 digit pin has 10,000 distinct values, so a single chosen value has a
1 in 10,000 chance of success (assuming that the “true” value has been chosen
randomly). A biometric system with a FAR of 1 in 10,000 (0.01%) might be deemed to
be equivalent, as a single trial has the same chance of success. However, different
values of PIN can be tried in succession, lowering the actual strength of the PIN
mechanism in a way that the biometric is not subject to. Thus it could be reasonably
argued that the biometric is stronger than the PIN in this case; but how much stronger?
Also, the biometric may be subject to a spoofing attack which has no equivalence for
the PIN, so how much (loss of) strength is this worth? However the biometric cannot be
lost or disclosed in the way that a PIN can be (and often is!), so how much strength is
this worth? These arguments have been extensively reviewed, and a recent consensus
view relating biometric performance figures to strength of function is given in the
section entitled “Performance Limitations” earlier. This can be regarded as a current
UK government view, but is subject to change in the light of further analysis or practical
experience.
The second factor is that of informed consent. The “informed” is important, because
there are situations where an individual could give consent based on false or
inadequate information. This factor also runs up against the issue of functional creep. If
the declared use of the system does not correspond to its actual use, the consent is
not informed and therefore not valid.
No authentication system can offer an unconditional guarantee of unique identification,
because the guarantee also depends on the assumption that the mechanism has not
been compromised in any way (e.g. procedural failure).
Solutions
Repudiation requirements must be determined and the authentication mechanism
matched to the requirement. A proper procedural framework will need to be put in
place, which may involve legal accreditation (e.g. as for digital signature legislation).
The availability of such a legally accepted and enforceable framework will effectively
determine the repudiation status of an application. Note that if non-repudiation is not
achieved, the risk of “bad” transactions is transferred to the service provider and away
from the service user.
Biometric Security Concerns produced for the UK Biometric Working Group. Last updated September
2003
17
Repudiation is likely to be an issue for applications where there are legal ramifications
for identification/verification, e.g. financial transactions. This is a potential future
problem, when a substantial number of financial and other contractual transactions are
endorsed by biometric authentication.

Business security Authentication, biometric, Business security, mapping, password, PIN