這陣子不小心去更新Office~使得需要重新驗證licence,
從網路上找到了重新輸入key的方法,就是把regeditkey改刪掉,
刪除路徑如下:
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Registration\{91120000-0011-0000-0000-0000000FF1CE}
刪除下面這兩個的值:
DigitalProductID
ProductID
再重新開啟任何一個office應用程式就ok了~
前提是你的key是合法的,不然還是不會過~~
2009年11月12日 星期四
2009年11月6日 星期五
六個步驟讓Web應用程式更安全
資料來源: OWASP
1. 建立溝通管道Build a community: Large enterprises like the Federal government are particularly prone to the silo effect; a simple intranet site that's well managed can work wonders to leverage the expertise throughout an entire Department.
2. 分享專業知識Spread the expertise: Right now the majority of what application security knowledge exists within security groups. This is a good start but ultimately the programs build and fix the applications; staff them with experts, too.
3. 在工具上思考Think beyond tools: While tools can automate certain assessment tasks, realize that they only assist with a portion of your assessments. Even then, assessments are just one portion of an assurance program.
4. 提供指引手冊Provide guidance: Developers want to build secure, compliant software; they just don't always know how. Make standards, requirements and reference models available to your programs.
5. 不斷檢測Don't wait to test: Late-cycle testing under release pressure is stressful on the program and testers alike. Start testing earlier in the cycles and involve your assessment team in the scheduling.
6. 持續觀察審視Zoom-in your continuous monitoring: A "minor" application change can fly through change control but create huge vulnerabilities. Scrutinize changes to applications carefully, particularly Internet-facing or other high-risk systems.
1. 建立溝通管道Build a community: Large enterprises like the Federal government are particularly prone to the silo effect; a simple intranet site that's well managed can work wonders to leverage the expertise throughout an entire Department.
2. 分享專業知識Spread the expertise: Right now the majority of what application security knowledge exists within security groups. This is a good start but ultimately the programs build and fix the applications; staff them with experts, too.
3. 在工具上思考Think beyond tools: While tools can automate certain assessment tasks, realize that they only assist with a portion of your assessments. Even then, assessments are just one portion of an assurance program.
4. 提供指引手冊Provide guidance: Developers want to build secure, compliant software; they just don't always know how. Make standards, requirements and reference models available to your programs.
5. 不斷檢測Don't wait to test: Late-cycle testing under release pressure is stressful on the program and testers alike. Start testing earlier in the cycles and involve your assessment team in the scheduling.
6. 持續觀察審視Zoom-in your continuous monitoring: A "minor" application change can fly through change control but create huge vulnerabilities. Scrutinize changes to applications carefully, particularly Internet-facing or other high-risk systems.
SSL 連線可以被當中間人
這對我們賣資安設備的人來說實在是很大的影響!!
因為我們幾乎所有的設備的管理都是透過遠端連線,如果HTTPS這種看到"金鎖頭"的連線
可以被用來Man-in-the-middle,哇~我很難很想像目前專做SSL-VPN的廠商如何因應這個消息的公佈!!?
下面是Networkword Security的文章:
http://www.networkworld.com/news/2009/110509-ssl-hole-cracks-open-secured.html
大意是說,PhoneFactor(提供手機雙因素認證的公司)的團員發現這個弱點,他們發現任何透過SSL加密的連線都存在這個弱點,目前還在進行Patche的開發中還未更新出來,這個弱點可以在已經加密的連線上輸入指令搶劫這個連線,讓駭客坐在中間,聽、看、編改兩端的通訊。
真的恐佈的漏洞呀~
因為我們幾乎所有的設備的管理都是透過遠端連線,如果HTTPS這種看到"金鎖頭"的連線
可以被用來Man-in-the-middle,哇~我很難很想像目前專做SSL-VPN的廠商如何因應這個消息的公佈!!?
下面是Networkword Security的文章:
http://www.networkworld.com/news/2009/110509-ssl-hole-cracks-open-secured.html
大意是說,PhoneFactor(提供手機雙因素認證的公司)的團員發現這個弱點,他們發現任何透過SSL加密的連線都存在這個弱點,目前還在進行Patche的開發中還未更新出來,這個弱點可以在已經加密的連線上輸入指令搶劫這個連線,讓駭客坐在中間,聽、看、編改兩端的通訊。
真的恐佈的漏洞呀~
訂閱:
文章 (Atom)