December 22, 2024

Install VMware Tools on Linux

Posted on March 2, 2019 by in Blog, Linux


How to install VMware Tools in Debian 9
su

Then, enter the root password
After entering as root successfully, issue the following command:
# apt-get install open-vm-tools open-vm-tools-desktop
Answer “YES” when you will be asked to download the installation files.

A system reboot is needed in order to activate tools but if you cannot do it right now you can go around by issuing the following command:
# vmware-user-suid-wrapper

Manually Install or Upgrade VMware Tools in a Linux Virtual Machine

If a mount point directory does not already exist, create it.
mkdir /mnt/cdrom
(Some Linux distributions use different mount point names. For example, on some distributions the mount point is /media/VMware Tools rather than /mnt/cdrom. Modify the command to reflect the conventions that your distribution uses.)

Mount the CD-ROM drive.
mount /dev/cdrom /mnt/cdrom

Change to a working directory, for example, /tmp.
cd /tmp
tar zxpf /mnt/cdrom/VMwareTools-x.x.x-yyyy.tar.gz
(The value x.x.x is the product version number, and yyyy is the build number of the product release.)

If necessary, unmount the CD-ROM image.
umount /dev/cdrom

Run the installer and configure VMware Tools.
cd vmware-tools-distrib
./vmware-install.pl


Microsoft is building its own Chrome browser to replace Edge

Posted on March 2, 2019 by in Microsoft Windows

Microsoft is building its own Chromium browser to replace the default on Windows 10. Microsoft is finally giving up and moving its default Windows 10 browser to Chromium.

The Verge understands Microsoft will announce its plans for a Chromium browser as soon as this week, in an effort to improve web compatibility for Windows. Windows Central first reported on these plans, which are code-named Anaheim internally. We understand there has been a growing frustration inside Microsoft at Edge’s web compatibility issues, and consumers and businesses have been pushing the company to improve things.

Microsoft has only managed to go so far with Edge-HTML, though. Chrome is now the most popular browser across all devices, thanks to Android’s popularity and the rise of Chrome on Macs and PCs. Chrome has turned into the new IE6, and web developers have been favoring its rendering engine to optimize their sites. Google has also been creating Chrome-only web services, simply because its often the first to adopt emerging web technologies as its engineers contribute to many web standards.

Microsoft’s rendering engine has fallen behind as a result, and the company is finally ready to admit this. There were signs Microsoft was about to adopt Chromium onto Windows, as the company’s engineers have been working with Google to support a version of Chrome on an ARM-powered Windows operating system.

Installing Prosper202

Posted on February 24, 2019 by in Blog

Our installer was inspired by the WordPress installer, and we have made it almost exactly the same as theirs. It can generally be installed in about 5 minutes or less by simply uploading the files to a dedicated domain and then running the installer. The following installation guide will help you install Prosper202.

Before you begin the install, there are few things you need to have and do.

 

Things You Need For The Installation

You need access to your site and its directory and software to proceed with the installation.

These are:

  • An access to your web server (via shell or FTP).
  • A text editor.
  • An FTP Client (if you need to install Prosper202 on a remote server).
  • Your web browser of choice.

Begin your installation by:

  1. Checking to ensure that you and your web host has the minimum requirements to run Prosper202.
  2. Download the latest release of Prosper202.
  3. Unzip the downloaded file to a folder on your hard drive.
  4. Print this page out so you have it handy during the installation.

 

 

Sent from Mail for Windows 10

 

What’s the Difference Between Horde, Roundcube and SquirrelMail

Posted on February 24, 2019 by in Blog

What’s the Difference Between Horde, Roundcube and SquirrelMail

Choosing a default Webmail application can be a bit confusing, especially if you do not really know the differences between the applications that cPanel provides. These differences are fairly subtle and the choice generally comes down to your personal preference and what you find useful in a mail client. In this article we will discuss these differences as well as visually illustrate them so that you can make an informed decision without the need to scour the internet for this information.

 

 

Sent from Mail for Windows 10

 

Outsource Your IT Support

Posted on August 3, 2015 by in News

Leave the grunt work to the professionals. The expense of outsourcing IT assistance will certainly spend for itself since your technology problems will certainly be taken care of rapidly as well as appropriately so you could remain to concentrate on conference your consumers’ demands as well as expanding your company.

[tx_row]
[tx_column size=”1/2″]Large and medium business resolve this problem by working with the right people for the task. There’s an advertising and marketing division for advertising, a bookkeeping division for accountancy, and also an IT division in charge of preserving as well as fixing the modern technology business depends on.[/tx_column]
[tx_column size=”1/2″]Smaller sized firms, on the other hand, cannot manage to work with committed, full time workers for activities like IT that lie outside the core company objectives. Even if cash were not a concern, a little or tool company does not have sufficient of a have to validate employing an individual full-time.[/tx_column]
[/tx_row]

We provide the on-demand and monthly level rate computer system solutions for our customers. This really is an extremely cost efficient solution for just about any small business and home base company.

Simply contact us and our specialist will meet with you and proceed through your personal computer issue into the initial meeting.

Computer and System Help Solutions

  • Build secured wired and wireless system for your needs
  • Share document and excel files firmly from the main file host for multiple people accessibility
  • Remote information access from remote place
  • Share community printer for multiple users
  • Virus and Spyware removal and defense

Whatever your company is, you must concentrate on your core toughness. Unless your business is an IT providers, chances excel that keeping as well as networking as well as repairing computer systems tools is not your strong point.

Several tiny and also moderate companies just discover the most technology intelligent staff member and also mark them to handle IT. That’s great for taking care of equipment buying as well as software program licensing, or for everyday procedures, yet when something breaks you require somebody with the ideal understanding and also abilities to manage it swiftly as well as appropriately.

[tx_row]
[tx_column size=”1/2″]

Web site design and E commerce

We artwork expert web site from easy web page to a complex E-commerce internet solution for the consumers.
Online Store and shopping cart software Setup for selling your very own item and solution
Give us a call for lots more detail.

[/tx_column]
[tx_column size=”1/2″]

Database Programming

Are you currently nevertheless recording information, buyer profiles in excel or in writing?
Will you be having hard to handle and lookup your buyer information inside Excel Spreadsheet?
E mail us and let us demonstrate tips keep important computer data digitally and share access on system. Your organization data record may even access from another location and securely from your home.

[/tx_column]
[/tx_row]

 

 

Linux Foundation to Host Open Encryption Project

Posted on April 9, 2015 by in Security

Linux Foundation to Host Let’s Encrypt, Project to Bring Free SSL Certs to Websites

An Internet where most websites use security certificates and encrypt data by default is no longer just a dream. A consortium of Internet and technology companies and organizations are banding together to make it easier for website owners to obtain and setup security certificates.

The Let’s Encrypt project is a free and automated security certificate authority which will simplify the process of obtaining a security certificate for websites, the Linux Foundation and the Internet Security Research Group said Thursday. It’s increasingly clear the only way to have reliable security online is to have every website be encrypted, served over Transport Layer Security (TLS), so that people’s information is protected from snoops, the Linux Foundation said. The goal is to make it easier for website owners to apply for and install a security certificate on their domains.

Let's Encrypt Logo“Encryption should be the default for the web,” Josh Aas, executive director of ISRG, told SecurityWeek. Let’s Encrypt will help “increase TLS usage on the Web,” he said.

Data such as login credentials, financial information, browser cookies, and other types of sensitive or personal information travel from user computers to websites, or across multiple websites. All this information can easily be intercepted by eavesdroppers, but not if the Web application encrypts the information before sending it through the network. “A secure Internet benefits everyone,” Jim Zemlin, executive director at The Linux Foundation, told SecurityWeek.

Let’s Encrypt takes the world a step closer to a time when more websites would use a certificate and TLS would be the default across the Web, rather than the present where most sites do not even have a valid certificate, Aas said. The free and simple process should take no longer than a few minutes to complete.

Currently, it is difficult for website owners to obtain the certificate because the process may be too complicated or too expensive. Owners may also be overwhelmed with different types and not know which one to pick, Aas said. Let’s Encrypt automates the process so that certificates are issued automatically. Let’s Encrypt will also manage the certificate, so that if the certificate is nearing its expiration date, the system will handle renewals. There was no reason renewing a certificate had to remain a manual process. Let’s Encrypt will also handle installation and configuration on supported servers, which will likely handle most major server software, so that there will be no misconfigured certificates deployed on servers, Aas said.

Let’s Encrypt will be issuing Domain Validation certificates since this type of certificate can be automatically issued and managed, Aas said. Other types of certificates cannot be issued or managed automatically. Let’s Encrypt will also be focusing on elliptic curve cryptography—ECC—because it is the most effective at protecting online users today, he said.

Let’s Encrypt will be working closely with major hosting providers to offer TLS to all customers, following a model similar to what CloudFlare currently does for its customers, Aas said. Any CloudFlare customer has access to SSL certificates for their domains, for free. Let’s Encrypt will not be working directly with website owners, but act as the back-end for hosting providers interested in offering free DV certificates to their customers, Aas said. While individual will be able to get a certificate directly from Let’s Encrypt, the bulk of certificates will likely be issued through a major hosting provider.

“While the web has been a part of our lives for decades now, the data shared across networks is still at risk,” Zemlin said in a statement.

The Linux Foundation will host the Internet Security Research Group and Let’s Encrypt as a Linux Foundation Collaborative Project, which are independently funded software projects working on innovative programs which will have wide-ranging benefits and impact across industries, Zemlin said. The sponsor companies include Akamai, Cisco, Electronic Frontier Foundation, and Mozilla as founding Platinum members, IndenTrust as a Gold member, and Automattic (maker of WordPress) as the Silver member.

“By hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world,” Zemlin said in a statement.

Hosting in this context means the Linux Foundation will take on much of the business aspects of running Let’s Encrypt. The Linux Foundation provides the essential collaborative and organizational framework for projects, such as making sure there is money in the bank, hiring and providing benefits to employees, and even setting up a secure data center, so that members of the project can focus on actually building, Zemlin said.

“The Linux Foundation is in the business of supporting brilliant people working on innovative projects,” Zemlin said, noting hundreds of millions of dollars have been invested across various Collaborative Projects.

In this case, ISRG already has made its own arrangements for Let’s Encrypt infrastructure, Aas said, but was careful to note that ISRG is not dismissing the possibility of someday moving to Linux Foundation’s infrastructure.

“We want to build. We don’t want to have to worry about accounting, who is getting paid. I am not good at any of that, but Linux Foundation is,” Aas said, explaining why the relationship works for ISRG.

Let’s Encrypt is not trying to replace traditional certificate authorities. While the project will focus its efforts on getting free certificates out to website owners in a secure and open way, Aas sees the project as something working alongside CAs to get to a world where everyone is using encryption by default.

“The only reliable strategy for making sure that everyone’s private data and information is protected while in transit over the web is to encrypt everything, Aas in a statement.

Related: Why “Let’s Encrypt” Won’t Make the Internet More Trustworthy

Subscribe to the SecurityWeek Email Briefing

view counter

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.

Previous Columns by Fahmida Y. Rashid:


SecurityWeek RSS Feed

PCI Security Standards Council Releases Tokenization Product Guidelines

Posted on April 3, 2015 by in Security

The PCI Security Standards Council announced on Thursday the availability of guidelines designed to help organizations develop tokenization products.

Tokenization is the process in which sensitive information, such as payment card data, is replaced with a randomly generated unique token or symbol. Tokenization products, which can be software applications, hardware devices or service offerings, can help merchants reduce the risk of having their customers’ financial information stolen by malicious actors.

“Tokenization is one way organizations can limit the locations of cardholder data (CHD). A smaller subset of systems to protect should improve the focus and overall security of those systems, and better security will lead to simpler compliance efforts,” explained PCI SSC Chief Technology Officer Troy Leach.

There are several challenges to implementing tokenization, but reliable solutions already exist and representatives of the merchant community believe this could be an efficient approach to preventing payment card fraud and identity theft.

The Tokenization Product Security Guidelines released by the PCI Council have been developed in collaboration with a dedicated industry taskforce. The report focuses on the generation of tokens, using and storing tokens, and the implementation of solutions that address potential attack vectors against each component. The document also contains a classification of tokens and their use cases.

The recommendations in the guidelines are addressed to tokenization solution and product vendors, tokenization product evaluators, and organizations that want to develop, acquire or use tokenization products and solutions.

“Minimizing the storage of card data is a critical next step in improving the security of payments. And tokenization does just that,” said PCI SSC General Manager Stephen Orfei. “At the Council, we are excited about the recent advancements in this space. Helping merchants take advantage of tokenization, point-to-point encryption (P2PE) and EMV chip technologies as part of a layered security approach in current and emerging payment channels has been a big focus at this week’s PCI Acquirer Forum.”

The PCI Council has pointed out that the guidelines are supplemental and they don’t supercede or replace any of the requirements detailed in the PCI Data Security Standard (PCI DSS).

PCI DSS 3.0, which focuses on security instead of compliance, went into effect on January 1. Version 3.1 of the PCI DSS, expected to be released this month, targets the SSL (Secure Sockets Layer) protocol. Organizations must ensure that they or their service providers don’t use the old protocol.

Last week, the PCI Council published new guidance to help organizations conduct penetration testing, which is considered a critical component of the PCI DSS.

The Tokenization Product Security Guidelines are available for download in PDF format.

Subscribe to the SecurityWeek Email Briefing

view counter

Previous Columns by Eduard Kovacs:


SecurityWeek RSS Feed

HyTrust Secures $33 Million to Expand Cloud Security Business

Posted on April 1, 2015 by in Security

HyTrust, a provider of policy management and access control solutions for virtual and cloud environments, today announced that it has secured $ 33 million in new funding, including $ 8 million in venture debt and credit facilities.

According to the company, the new cash will be used to boost marketing, sales and product development initiatives, as well as expansion into international markets.  

HyTrust’s solutions enable the adoption of next-generation architectures through policy-based controls, visibility and data security, which helps enterprises more easily meet compliance mandates, improve application uptime, and securely take advantage of cloud-based capabilities.

HyTrust Raises $ 33 MillionThe new investment is being led by AITV (Accelerate-IT Ventures). New investor Vanedge Capital also participated in the funding, while existing venture investors—Epic Ventures, Granite Ventures and Trident Capital—and strategic investors Cisco, Fortinet, Intel Corp. and VMware, also participated.

In addition to being backed by several venture firms and enterprise technology companies, HyTrust entered into a strategic investment and technology development agreement with In-Q-Tel (IQT), the not-for-profit venture capital arm of the CIA, back in July 2013.

Along with the $ 25 million equity investment from the syndicate, HyTrust expanded its relationship with banking partner City National Bank to fund up to $ 8 million in venture debt and credit facilities.  

“HyTrust is perfectly positioned to meet the needs of a market in which so many organizations are building on cloud-based technologies to increase agility for their business,” said Brian Nugent, founding principal and general partner at AITV.  

Brian Nugent will join HyTrust’s board of directors, while AITV co-founder and general partner, Bill Malloy III, and Moe Kermani, a partner with Vanedge Capital, will join as board observers, the company said.  

“Our goal at HyTrust is to make security automated and policy-based to address the needs of private and hybrid cloud data centers, as well as provide complete visibility into what is happening in cloud environments,” said John De Santis, Chairman and CEO of HyTrust.

Subscribe to the SecurityWeek Email Briefing

view counter

Managing Editor, SecurityWeek.

Previous Columns by Mike Lennon:

Tags:


SecurityWeek RSS Feed

Nigerian Electoral Commission Website Hacked

Posted on March 29, 2015 by in Security

Nigeria’s electoral commission admitted on Saturday that its website had been hacked, as the country’s crucial presidential and parliamentary elections were hit by technical problems.

“The INEC (Independent National Electoral Commission) website‎ was hacked this morning but we are trying to revive it,” the body’s deputy director of public affairs, Nick Dazang, told AFP.

“But nothing has been tampered with,” he added, without elaborating.

INEC has been under scrutiny for weeks about its preparations for the election, in particular over the use of biometric voter identity cards and new technology to cut down on electoral fraud.

Voters throughout Nigeria have complained about lengthy delays in authenticating their cards. President Goodluck Jonathan’s own card failed on the new system and he had to be accredited by hand.

The INEC website — inecnigeria.org — was allegedly targeted by the Nigerian Cyber Army. A message on the home page read: “Feel some shame Admin!! Security just an illusion.”

The site was later back online.

Subscribe to the SecurityWeek Email Briefing

view counter

© AFP 2013


SecurityWeek RSS Feed

Critical Vulnerability Impacting Hotel Wifi Networks Uncovered

Posted on March 26, 2015 by in Security

A serious security hole affecting a popular Internet gateway device used in hotels and convention centers has been closed.

The vulnerability affects ANTlabs’ InnGate, which is designed for operating corporate visitor-based networks. According to security firm Cylance, the vulnerability can be exploited to allow an attacker to monitor or tamper with traffic to and from any hotel Wifi user’s connection and potentially gain access to a hotel’s property management system.

Cylance reports that 277 hotels, convention centers and data centers across 29 countries are affected. At its core, the vulnerability is due to a misconfigured rsync instance included in the InnGate firmware. If exploited, the attacker would have read/write access to the entire file system without authentication.

“CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device,” explained Brian Wallace, senior researcher at Cylance, in a blog post. “Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.”

“When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution,” he continued. “The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker.”

If an attacker has compromised a vulnerable InnGate device at a hotel, obtained shell access via SSH and created an account for themselves with root access, they could run tcpdump and dump all network traffic going through the devices. This would allow an attacker to collect any plaintext communication sent through the gateway of the affected hotel or location, Wallace blogged.

“A slightly more sophisticated attacker could use a tool such as SSLStrip in order to attempt to downgrade the transport layer encryption in order to increase the amount of plaintext credentials gathered,” Wallace noted. “This attack gives the threat actor incredible leverage over their targets including making OpenSSL vulnerabilities easier to exploit.”

ANTlabs released a patch for the issue today. The vulnerable devices include:   

  • IG 3100 model 3100, model 3101
  • InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  • InnGate 3.01 G-Series, 3.10 G-Series

Hotel networks offer a potentially attractive target for cyber-espionage groups. Last year, an advanced persistent threat (APT) group was discovered targeting Wifi networks at hotels in Asia. In addition, the FBI and the Internet Crime Complaint Center warned in 2012 that attackers were targeting travelers abroad through malicious pop-up windows when they established an Internet connection in their hotel rooms. 

“While the DarkHotel campaign was clearly carried out by an advanced threat actor with a large number of resources, CVE-2015-0932 is a very simple vulnerability with devastating impact,” Wallace wrote. “The severity of this issue is escalated by how little sophistication is required for an attacker to exploit it.”

Subscribe to the SecurityWeek Email Briefing

view counter

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed