I am getting below error while trying to connect SQL from remote server. Local login is working fine. Can anyone help on this. Thanks in advance.
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: 10.186.12.10]"
My environment :
Client – already test AD/DNS domain joined
Remote SQL Server – already prod AD/DNS domain joined
I have running inside test AD/DNS server isolated environment. No relationship between test AD/DNS server and prod AD/DNS server. Test domain name : contoso.com Otherwise , PROD domain name : contoso.com
Test AD/DNS Server : 10.190.10.1 Prod AD/DNS Server : 10.150.10.1
Do I have to join prod AD/DNS client machine as well ? I mean , is there any workaround solution ?
Thanks in advance,
I want to split my terminal sessions to different users, to compartmentalize them.
If I sudo -i -u user1 in one terminal window, can user1 attack my main session?
Everyone talks about sudo to escalate privileges, but I want to reduce them.
I need to encrypt daily backups, then upload them to untrusted cloud storage (s3, dropbox, etc.)
I received help on security.se and crypto.se to formulate this approach:
- tar and xz the backup file
- create random 32 byte (symmetric) “session” key (
head -c 32 /dev/urandom)
- encrypt backups using session key
- encrypt session key using my “master” (asymmetric) keypair’s public key
- upload encrypted backup file and encrypted session key
- Every backup has unique symmetric session key
- Only my master keypair’s private key can decrypt session keys
- My private key is stored locally only
- Encryption process is completely automated; no passphrases required
However then I tried to implement this with
gpg and stumbled over some items.
Once I generate a session key, how do I use it? I thought it was supposed to be the passphrase in
gpg --symmetric --passphrase $ SESSION_KEY ..., but apparently that’s not how it’s done.
I did more digging and discovered that gpg does almost everything symmetrically, and that a session key is already generated and included in each encrypted file automatically (in the header). So most of the above is done automatically for me.
So, how do I use the session key (if at all)? I understand the theory, but not how to implement it with
Is there any way an untrusted third party who has access to content from a website over HTTPS can prove the authenticity of the data (i.e. that it was distributed by a server in possession of a specific TLS private key)? The way TLS works makes it such that a packet capture and copy of the master key is insufficient to prove authenticity, since the HMAC key is derived from the master key, which makes it possible to forge the message. Because the third party is untrusted, having them verify the TLS themselves then endorse the authenticity by digitally signing the material is not a solution either.
I’m pretty sure there is no solution under these constraints, but there may be something I missed.
sudo is sometimes used to give untrusted or “semi-trusted” users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into
/etc/sudoers, specifying which programs can be executed.
However, some programs may provide more (no pun intended) functionality than expected, such as
find, which offer to execute other programs – most notably a shell.
Usually, which programs are safe to execute depends on knowledge of the sysadmin. Certain binaries like
cat are most likely safe (i.e. don’t allow the user to spawn a shell), while others like the examples above are known to be exploitable.
Is there a way to assess with reasonable confidence whether or not an executable is “safe” when given
sudo permissions for? Or is the only way a comprehensive source-code audit?
In response to
cat not being safe: Yes, it can be used to read sensitive files as root. In some setups, this may be the intended use-case (e.g. a limited user being able to read as root, but not write).
Furthermore, comments or answers explaining to me that
sudo is not the correct way to grant read permissions like this: I know. I am absolutely aware how a file-system should be structured, but due to the nature of my work, I can’t influence how file-systems are structured on those servers. All I can do is to see which recommendation fixes the immediate problem. So please, don’t challenge the frame of the question. I don’t have an XY-problem.
Background: Hired a freelancer to develop software application
Software application came with many more files and dependency folders than expected
Upon inspection, the main .exe was created months before the freelancer was hired
Need to know how to set up the Hyper-V VM to run the .exe and inspect for any security issues
Alice can retrieve asymmetric encrypted messages (let’s call one of them C_1 and the Message itself M) for her from an untrusted environment (let’s call it Eve). She owns her private key K_1 and has published her public key P_1. Bob is just like Alice and uses Eve’s platform. He owns his private key K_2 and his published public key P_2.
Alice now decides to share all her Messages with Bob. Normally she would retrieve each encrypted message C_1, decrypt it to M using K_1 and encrypt it again to C_2 using P_2. However, Alice is in a rush today and doesn’t have the time to ‘translate’ all that messages. She would rather like to create some form of re-encryption key R combining K_1 and P_2. It is important that you cannot calculate K_1 (since it is private for Alice) even when you know R and maybe P_2. She would then send Eve R and Eve has to translate all possible messages C_1 directly to C_2 without ever finding out M.
Does any asymmetric encryption method exist which provides such a ‘rekeying’ feature?
I am having a problem after we installed the coin application in Ubuntu 18.04. I’m getting an error like this “The application Launcher “coinwrapper.desktop” has not been markedas trusted. If you do not know the source of this file, launching it may be unsafe” Is there any
I want to create a user for running (testing) unsafe applications (including native Linux, Java and WINE). I want to prevent those applications from accessing anything except /home/thisuser, keyboard, mouse, sound and video cards. How should I set the permissions? Lubuntu GUI didn’t even allowed me to block the network access for this user. (Disk partitions seem to work; this user can’t access USB drives and other partitions, not to mention /home/otherusers, without entering the root password. I’ve not tested Java and WINE restrictions yet, but being launched by that user, they probably must follow the restrictions).
Please help. I inherited sharepoint without knowing anything about it and it crashed hard a few weeks ago but we were able to restore most functionality and this is the only thing that is left. When I open any documents with WopiFrame I get the warnings that the stuff is insecure or coming from untrusted source. The SSL cert is valid is installed. I applied it in bindings. I also added it to trust relationship in Central Administration. I also changed it in OfficeWebAppsFarm using PowersShell to point to correct one and rebooted all the servers as suggested and nothing works. Any suggestions would be greatly appreciated. I am sure I am missing just one minor thing that I am not aware of.