DOCSLIB.ORG

Mozilla Source Tree Docs Release 55.0A1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mozilla Source Tree Docs Release 55.0A1 Mozilla Source Tree Docs Release 55.0a1 Mar 31, 2017 Contents 1 SSL Error Reporting 1 2 Firefox 3 3 Telemetry Experiments 13 4 Build System 19 5 WebIDL 89 6 Graphics 91 7 Firefox for Android 93 8 Indices and tables 111 9 Localization 113 10 mach 117 11 CloudSync 125 12 TaskCluster Task-Graph Generation 131 13 Crash Manager 165 14 Telemetry 169 15 URL Classifier 269 16 Crash Reporter 271 17 Supbrocess Module 275 18 Toolkit modules 279 19 Add-on Manager 285 20 Linting 291 i 21 Indices and tables 301 22 Python Packages 303 23 Managing Documentation 447 24 Indices and tables 449 Python Module Index 451 ii CHAPTER 1 SSL Error Reporting With the introduction of HPKP, it becomes useful to be able to capture data on pin violations. SSL Error Reporting is an opt-in mechanism to allow users to send data on such violations to mozilla. Payload Format An example report: { "hostname":"example.com", "port":443, "timestamp":1413490449, "errorCode":-16384, "failedCertChain":[ ], "userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0", "version":1, "build":"20141022164419", "product":"Firefox", "channel":"default" } Where the data represents the following: “hostname” The name of the host the connection was being made to. “port” The TCP port the connection was being made to. “timestamp” The (local) time at which the report was generated. Seconds since 1 Jan 1970, UTC. “errorCode” The error code. This is the error code from certificate verification. Here’s a small list of the most commonly-encountered errors: https://wiki.mozilla.org/SecurityEngineering/x509Certs#Error_Codes_in_ Firefox In theory many of the errors from sslerr.h, secerr.h, and pkixnss.h could be encountered. We’re starting with just MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE, which means that key pinning failed (i.e. 1 Mozilla Source Tree Docs, Release 55.0a1 there wasn’t an intersection between the keys in any computed trusted certificate chain and the expected list of keys for the domain the user is attempting to connect to). “failedCertChain” The certificate chain which caused the pinning violation (array of base64 encoded PEM) “user agent” The user agent string of the browser sending the report “build” The build ID “product” The product name “channel” The user’s release channel Preferences The following preferences are used by SSL Error reporting: “security.ssl.errorReporting.enabled” Should the SSL Error Reporting UI be shown on pin violations? Default value: true “security.ssl.errorReporting.url” Where should SSL error reports be sent? Default value: https://incoming. telemetry.mozilla.org/submit/sslreports/ “security.ssl.errorReporting.automatic” Should error reports be sent without user interaction. Default value: false. Note: this pref is overridden by the value of security.ssl.errorReporting.enabled This is only set when specifically requested by the user. The user can set this value (or unset it) by checking the “Automatically report errors in the future” checkbox when about:neterror is displayed for SSL Errors. 2 Chapter 1. SSL Error Reporting CHAPTER 2 Firefox This is the nascent documentation of the Firefox front-end code. Directory Links Architecture and Data Formats Directory links are enhancements to the new tab experience that combine content Firefox already knows about from user browsing with external content. There are 3 kinds of links: • directory links fill in additional tiles on the new tab page if there would have been empty tiles because the user has a clean profile or cleared history • suggested links are shown if certain triggering criteria matches the user’s browsing behavior, i.e., if the user has a top site that matches one of several possible sites. E.g., only show a sports suggestion if the user has a sport site as a top site • enhanced links replace a matching user’s visible history tile from the same site but only the visual aspects: title, image, and rollover image To power the above features, DirectoryLinksProvider module downloads, at most once per 24 hours, the directory source links as JSON with enough data for Firefox to determine what should be shown or not. This module also handles reporting back data about the tiles via asynchronous pings that don’t return data from the server. For the directory source and ping endpoints, the default preference values point to Mozilla key-pinned servers with encryption. No cookies are set by the servers and Firefox enforces this by making anonymous requests. • default directory source endpoint: https://tiles.services.mozilla.com/v3/links/ fetch/%LOCALE%/%CHANNEL% • default directory ping endpoint: https://tiles.services.mozilla.com/v3/links/ Preferences There are two main preferences that control downloading links and reporting metrics. 3 Mozilla Source Tree Docs, Release 55.0a1 browser.newtabpage.directory.source This endpoint tells Firefox where to download directory source file as a GET request. It should return JSON of the appropriate format containing the relevant links data. The value can be a data URI, e.g., an empty JSON object effectively turns off remote downloading: data:text/plain,{} The preference value will have %LOCALE% and %CHANNEL% replaced by the appropriate values for the build of Firefox, e.g., • directory source endpoint: https://tiles.services.mozilla.com/v3/links/fetch/en-US/release browser.newtabpage.directory.ping This endpoint tells Firefox where to report Tiles metrics as a POST request. The data is sent as a JSON blob. Setting it to empty effectively turns off reporting of Tiles data. A path segment will be appended to the endpoint of “view” or “click” depending on the type of ping, e.g., • view ping endpoint: https://tiles.services.mozilla.com/v3/links/view • click ping endpoint: https://tiles.services.mozilla.com/v3/links/click Data Flow When Firefox starts, it checks for a cached directory source file. If one exists, it checks for its timestamp to determine if a new file should be downloaded. If a directory source file needs to be downloaded, a GET request is made then cacheed and unpacked the JSON into the different types of links. Various checks filter out invalid links, e.g., those with http-hosted images or those that don’t fit the allowed suggestions. When a new tab page is built, DirectoryLinksProvider module provides additional link data that is combined with history link data to determine which links can be displayed or not. When a new tab page is shown, a view ping is sent with relevant tiles data. Similarly, when the user clicks on various parts of tiles (to load the page, pin, block, etc.), a click ping is sent with similar data. Both of these can trigger downloading of fresh directory source links if 24 hours have elapsed since last download. Users can turn off the ping with in-new-tab-page controls. As the new tab page is rendered, any images for tiles are downloaded if not already cached. The default servers hosting the images are Mozilla CDN that don’t use cookies: https://tiles.cdn.mozilla.net/ and Firefox enforces that the images come from mozilla.net or data URIs when using the default directory source. Source JSON Format Firefox expects links data in a JSON object with top level keys each providing an array of tile objects. The keys correspond to the different types of links: directory, suggested, and enhanced. Example Below is an example directory source file: 4 Chapter 2. Firefox Mozilla Source Tree Docs, Release 55.0a1 { "directory":[ { "bgColor":"", "directoryId": 498, "enhancedImageURI":"https://tiles.cdn.mozilla.net/images/ ,!d11ba0b3095bb19d8092cd29be9cbb9e197671ea.28088.png", "imageURI":"https://tiles.cdn.mozilla.net/images/ ,!1332a68badf11e3f7f69bf7364e79c0a7e2753bc.5316.png", "title":"Mozilla Community", "type":"affiliate", "url":"http://contribute.mozilla.org/" } ], "enhanced":[ { "bgColor":"", "directoryId": 776, "enhancedImageURI":"https://tiles.cdn.mozilla.net/images/ ,!44a14fc405cebc299ead86514dff0e3735c8cf65.10814.png", "imageURI":"https://tiles.cdn.mozilla.net/images/ ,!20e24aa2219ec7542cc8cf0fd79f0c81e16ebeac.11859.png", "title":"TurboTax", "type":"sponsored", "url":"https://turbotax.intuit.com/" } ], "suggested":[ { "adgroup_name":"open-source browser", "bgColor":"#cae1f4", "check_inadjacency": true, "directoryId": 702, "explanation":"Suggested for%1$S enthusiasts who visit sites like%2$S", "frecent_sites":[ "addons.mozilla.org", "air.mozilla.org", "blog.mozilla.org", "bugzilla.mozilla.org", "developer.mozilla.org", "etherpad.mozilla.org", "hacks.mozilla.org", "hg.mozilla.org", "mozilla.org", "planet.mozilla.org", "quality.mozilla.org", "support.mozilla.org", "treeherder.mozilla.org", "wiki.mozilla.org" ], "frequency_caps":{"daily":3,"total": 10}, "imageURI":"https://tiles.cdn.mozilla.net/images/ ,!9ee2b265678f2775de2e4bf680df600b502e6038.3875.png", "time_limits":{"start":"2014-01-01T00:00:00.000Z","end":"2014-02- ,!01T00:00:00.000Z"}, "title":"Thanks for testing!", "type":"affiliate", "url":"https://www.mozilla.com/firefox/tiles" 2.1. Directory Links Architecture and Data Formats 5 Mozilla Source Tree Docs, Release 55.0a1 } ] } Link Object Each link object has various values that Firefox uses to display a tile: • url - string url for the page to be loaded when the tile is clicked. Only https and http URLs are allowed. • title - string that appears below the tile. • type - string relationship of the link to Mozilla. Expected values: affiliate, organic, sponsored. • imageURI - string url for the tile image to show. Only https and data URIs are allowed. • enhancedImageURI - string url for the image to be shown before the user hovers. Only https and data URIs are allowed. • bgColor - string css color for additional fill background color. • directoryId - id of the tile to be used during ping reporting Suggested Link Object Extras A suggested link has additional values: • adgroup_name - string to override the hardcoded display name of the triggering set of sites in Firefox. • check_inadjacency - boolean if true prevents the suggested link from being shown if the new tab page is showing a site from an inadjacency list. • explanation - string to override the default explanation that appears below a Suggested Tile. %1$S is replaced by the triggering adgroup name and %2$S is replaced by the triggering site.
Load more

Recommended publications
  • IN-BROWSER BLITZ LITERATURE REVIEWS 1 Submitted to Meta
    IN-BROWSER BLITZ LITERATURE REVIEWS 1 Submitted to Meta-Psychology. Participate in open peer review by commenting through hypothes.is directly on this preprint. The full editorial process of all articles under review at Meta-Psychology can be found following this link: https://tinyurl.com/mp-submissions You will find this preprint by searching for the first author's name. Writing a Psychological Blitz Literature Review with Nothing but a Browser Bogdan Cocoş1 1Department of Psychology, University of Bucharest Author Note Correspondence regarding this article should be addressed to Bogdan Cocoş, 90 Panduri Road, Sector 5, 050663, Bucharest, Romania. E-mail: [email protected] https://orcid.org/0000-0003-4098-7551 IN-BROWSER BLITZ LITERATURE REVIEWS 2 Abstract The ways so far of writing literature reviews represent valid, but not sufficient, landmarks, connected to the current technological context. In this sense, this article proposes a research method called blitz literature review, as a way to quickly, transparently, and repeatably consult key references in a particular area of interest, seen as a network composed of elements that are indispensable to such a process. The tutorial consists of six steps explained in detail, easy to follow and reproduce, accompanied by publicly available supplementary material. Finally, the possible implications of this research method are discussed, being brought to the fore a general recommendation regarding the optimization of the citizens’ involvement in the efforts and approaches of open scientific research. Keywords: blitz literature review, open access, open science, research methods IN-BROWSER BLITZ LITERATURE REVIEWS 3 Writing a Psychological Blitz Literature Review with Nothing but a Browser Context The term “blitz literature review” refers to an adaptation of the concept of literature review.
    [Show full text]
  • IYIR for HTML
    INFOSEC UPDATE 2006 Student Workbook Norwich University June 19-20, 2006 M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information Assurance Program Director, MSIA BSIA Division of Business Management Norwich University [email protected] Copyright © 2006 M. E. Kabay. All rights reserved. Page 1 INFOSEC UPDATE 2006 -- June 19-20, 2006 01 Introduction Category 01 Introduction 2006-06-12 Introduction M. E. Kabay, PhD, CISSP WELCOME Welcome to the 2005 edition of the Information Security Year in Review (IYIR) project. In 1993 and 1994, I was an adjunct professor in the Institute for Government Informatics Professionals in Ottawa, Canada under the aegis of the University of Ottawa. I taught a one-semester course introducting information security to government personnel and enjoyed the experience immensely. Many of the chapters of my 1996 textbook, _The NCSA Guide to Enterprise Security_ published by McGraw-Hill were field-tested by my students. In 1995, I was asked if I could run a seminar for graduates of my courses to bring them up to date on developments across the entire field of information security. Our course had twenty students and I so enjoyed it that I continued to develop the material and teach the course with the NCSA (National Computer Security Association; later called ICSA and then eventually renamed TruSecure Corporation and finally CyberTrust, its current name) all over the United States, Canada, Europe, Asia and the Caribbean. After a few years of working on this project, it became obvious that saving abstracts in a WordPerfect file was not going to cut it as an orderly method for organizing the increasing mass of information that I was encountering in my research.
    [Show full text]
  • Browser Versions Carry 10.5 Bits of Identifying Information on Average [Forthcoming Blog Post]
    Browser versions carry 10.5 bits of identifying information on average [forthcoming blog post] Technical Analysis by Peter Eckersley This is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2. Whenever you visit a web page, your browser sends a "User Agent" header to the website saying what precise operating system and browser you are using. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be enough to re-create their old cookie?). Our experiment to date has shown that the browser User Agent string usually carries 5-15 bits of identifying information (about 10.5 bits on average). That means that on average, only one person in about 1,500 (210.5) will have the same User Agent as you. On its own, that isn't enough to recreate cookies and track people perfectly, but in combination with another detail like an IP address, geolocation to a particular ZIP code, or having an uncommon browser plugin installed, the User Agent string becomes a real privacy problem. User Agents: An Example of Browser Characteristics Doubling As Tracking Tools When we analyse the privacy of web users, we usually focus on user accounts, cookies, and IP addresses, because those are the usual means by which a request to a web server can be associated with other requests and/or linked back to an individual human being, computer, or local network.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • (Hardening) De Navegadores Web Más Utilizados
    UNIVERSIDAD DON BOSCO VICERRECTORÍA DE ESTUDIOS DE POSTGRADO TRABAJO DE GRADUACIÓN Endurecimiento (Hardening) de navegadores web más utilizados. Caso práctico: Implementación de navegadores endurecidos (Microsoft Internet Explorer, Mozilla Firefox y Google Chrome) en un paquete integrado para Microsoft Windows. PARA OPTAR AL GRADO DE: MAESTRO EN SEGURIDAD Y GESTION DEL RIESGO INFORMATICO ASESOR: Mg. JOSÉ MAURICIO FLORES AVILÉS PRESENTADO POR: ERICK ALFREDO FLORES AGUILAR Antiguo Cuscatlán, La Libertad, El Salvador, Centroamérica Febrero de 2015 AGRADECIMIENTOS A Dios Todopoderoso, por regalarme vida, salud y determinación para alcanzar un objetivo más en mi vida. A mi amada esposa, que me acompaño durante toda mi carrera, apoyó y comprendió mi dedicación de tiempo y esfuerzo a este proyecto y nunca dudó que lo concluiría con bien. A mis padres y hermana, que siempre han sido mis pilares y me enseñaron que lo mejor que te pueden regalar en la vida es una buena educación. A mis compañeros de trabajo, que mediante su esfuerzo extraordinario me han permitido contar con el tiempo necesario para dedicar mucho más tiempo a la consecución de esta meta. A mis amigos de los que siempre he tenido una palabra de aliento cuando la he necesitado. A mi supervisor y compañeros de la Escuela de Computación de la Universidad de Queens por facilitarme espacio, recursos, tiempo e información valiosa para la elaboración de este trabajo. A mi asesor de tesis, al director del programa de maestría y mis compañeros de la carrera, que durante estos dos años me han ayudado a lograr esta meta tan importante. Erick Alfredo Flores Aguilar INDICE I.
    [Show full text]
  • Mozilla Source Tree Docs Release 50.0A1
    Mozilla Source Tree Docs Release 50.0a1 August 02, 2016 Contents 1 SSL Error Reporting 1 2 Firefox 3 3 Telemetry Experiments 11 4 Build System 17 5 WebIDL 83 6 Graphics 85 7 Firefox for Android 87 8 Indices and tables 99 9 Localization 101 10 mach 105 11 CloudSync 113 12 TaskCluster Task-Graph Generation 119 13 Crash Manager 133 14 Telemetry 137 15 Crash Reporter 207 16 Supbrocess Module 211 17 Toolkit modules 215 18 Add-on Manager 221 19 Linting 227 20 Indices and tables 233 21 Mozilla ESLint Plugin 235 i 22 Python Packages 239 23 Managing Documentation 375 24 Indices and tables 377 Python Module Index 379 ii CHAPTER 1 SSL Error Reporting With the introduction of HPKP, it becomes useful to be able to capture data on pin violations. SSL Error Reporting is an opt-in mechanism to allow users to send data on such violations to mozilla. 1.1 Payload Format An example report: { "hostname":"example.com", "port":443, "timestamp":1413490449, "errorCode":-16384, "failedCertChain":[ ], "userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0", "version":1, "build":"20141022164419", "product":"Firefox", "channel":"default" } Where the data represents the following: “hostname” The name of the host the connection was being made to. “port” The TCP port the connection was being made to. “timestamp” The (local) time at which the report was generated. Seconds since 1 Jan 1970, UTC. “errorCode” The error code. This is the error code from certificate veri- fication. Here’s a small list of the most commonly-encountered errors: https://wiki.mozilla.org/SecurityEngineering/x509Certs#Error_Codes_in_Firefox In theory many of the errors from sslerr.h, secerr.h, and pkixnss.h could be encountered.
    [Show full text]
  • Firefox for Mac Os 103 9 Download
    Firefox For Mac Os 10.3 9 Download 1 / 5 Firefox For Mac Os 10.3 9 Download 2 / 5 3 / 5 10 3 Supplemental Update, Mac OS X Update, and many more programs Firefox For Mac 10.. Mac OS X 10 3 MacOS X was Apple's replacement for their classic MacOS Download Name Version Language CPU File type File size; Apple Mac OS X 10.. Need to move Bookmarks, Extensions & Add-Ons to another Mac; Is the process to delete cache and cookies for Firefox 3. 1. firefox download 2. firefox quantum 3. firefox extensions 5 - Apple's latest operating system for the Mac Download the latest versions of the best Mac apps at safe and trusted MacUpdate. firefox download firefox download, firefox for android, firefox quantum, firefox update, firefox logo, firefox extension, firefox vpn, firefox addon, firefox send, firefox portable, firefox, firefox for mac, firefox app, firefox extensions, firefox cycles, firefox themes, firefox addons Stereo Spread Vst Download 0 2 54) All users should apply this update. 6 8Firefox For Mac OsMac os x 9 free download - R for Mac OS X, Java Update for Mac OS X 10. Cancionero Salesiano Pdf 4 / 5 Rabbids Go Home Wbfs Download For Mac firefox quantum Plague Inc Evolved V0.7.5 download 3 X (Panther) is now being installed on all new Cal Poly faculty/staff Macintosh workstations and the OS only keeps getting better! It has been designed for users who could also be new the Macintosh, users who have only recently upgraded from OS 9 to OS X, or users who simply want to understand more about the good new features available in 10.
    [Show full text]
  • Security Analysis of Firefox Webextensions
    6.857: Computer and Network Security Due: May 16, 2018 Security Analysis of Firefox WebExtensions Srilaya Bhavaraju, Tara Smith, Benny Zhang srilayab, tsmith12, felicity Abstract With the deprecation of Legacy addons, Mozilla recently introduced the WebExtensions API for the development of Firefox browser extensions. WebExtensions was designed for cross-browser compatibility and in response to several issues in the legacy addon model. We performed a security analysis of the new WebExtensions model. The goal of this paper is to analyze how well WebExtensions responds to threats in the previous legacy model as well as identify any potential vulnerabilities in the new model. 1 Introduction Firefox release 57, otherwise known as Firefox Quantum, brings a large overhaul to the open-source web browser. Major changes with this release include the deprecation of its initial XUL/XPCOM/XBL extensions API to shift to its own WebExtensions API. This WebExtensions API is currently in use by both Google Chrome and Opera, but Firefox distinguishes itself with further restrictions and additional functionalities. Mozilla’s goals with the new extension API is to support cross-browser extension development, as well as offer greater security than the XPCOM API. Our goal in this paper is to analyze how well the WebExtensions model responds to the vulnerabilities present in legacy addons and discuss any potential vulnerabilities in the new model. We present the old security model of Firefox extensions and examine the new model by looking at the structure, permissions model, and extension review process. We then identify various threats and attacks that may occur or have occurred before moving onto recommendations.
    [Show full text]
  • Cross Site Scripting Attacks Xss Exploits and Defense.Pdf
    436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 436_XSS_FM.qxd 4/20/07 1:18 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Windows Geknackt Die Besten Tools 2013
    ttbewerb Mit DVD Preise im Wert We 00001 www.onlinepc.ch Fr. 4.70 von Fr. 7‘154.– 985503 € 4,– Ultrabook, Digicam, WLAN-Bundles, 71422 iPhone-Hüllen und Software S.52 97 System verschlüsseln 51 DVD Zürich So geht‘s: Der wirksamste Schutz gegen Datenklau S.30 Auf 8051 D Nr. 1 – Januar 2013 16 Internet-Tipps Auf DV AZB Das Computer-Magazin Firefox-Befehle, Cloud verschlüsseln, Mails sichern... S.30 D Auf DV Total Mounter Virtuelle CDs und DVDs auf jedem PC brennen – ohne Brenner S.30 ▪ Der Schutz macht Windows unzerstörbar ▪ Nach jedem Neustart ist Windows wie neu ▪ Der Schutz lässt sich ein- und ausschalten S.22 Die besten Tools 2013 Das sind die beliebtesten Open-Source-Programme S.36 D D Auf DV Auf DV Windows geknackt So booten Sie jeden Sicherheit PC mit Windows 7 S.42 am PPaasswortsswort besten Abp Mon 9.0 50 Hammertipps Die Überwacht RAM, CPU, Die besten Tricks für vorbei S.16 Special Netzwerk… S.26 Windows 7 S.14 Mit Sicherheits-Tipps Anzeige EDITORIAL /INHALT INHALT 1/2013 PC am Passwort Schutzmodus für vorbei booten: Windows 7 Ein Trick überlistet Der Schutzmodus den Schutz von macht Windows Windows 16 unzerstörbar 22 Leserumfrage Top-100-Software Virenalarm, was tun? Mitmachen und eine Video-Soft- Aus den monatlichen Top 10 Downloads hat Keine Panik! So ware von Magix die Redaktion für Sie eine Auswahl getrof- werden Sie die gewinnen! 62 fen und die 100 beliebtesten Programme auf Schädlinge los 46 die Heft-DVD gepackt. Die Tools decken ein breites Spektrum ab – vom Browser bis zum E-Mail-Programm, von der Sicherheitssoftware bis zum Videoplayer und vom Backup-Pro- AKTUELL TEST & KAUFBERATUNG gramm bis zum Passwortmanager (Seite 36).
    [Show full text]
  • Package 'Filelock'
    Package ‘filelock’ October 5, 2018 Title Portable File Locking Version 1.0.2 Author Gábor Csárdi Maintainer Gábor Csárdi <[email protected]> Description Place an exclusive or shared lock on a file. It uses 'LockFile' on Windows and 'fcntl' locks on Unix-like systems. License MIT + file LICENSE LazyData true URL https://github.com/r-lib/filelock#readme BugReports https://github.com/r-lib/filelock/issues RoxygenNote 6.0.1.9000 Suggests callr (>= 2.0.0), covr, testthat Encoding UTF-8 NeedsCompilation yes Repository CRAN Date/Publication 2018-10-05 10:30:12 UTC R topics documented: lock .............................................2 Index 5 1 2 lock lock Advisory File Locking and Unlocking Description There are two kinds of locks, exclusive and shared, see the exclusive argument and other details below. Usage lock(path, exclusive = TRUE, timeout = Inf) unlock(lock) Arguments path Path to the file to lock. If the file does not exist, it will be created, but the directory of the file must exist. Do not place the lock on a file that you want to read from or write to! *Always use a special lock file. See details below. exclusive Whether to acquire an exclusive lock. An exclusive lock gives the process ex- clusive access to the file, no other processes can place any kind of lock on it. A non-exclusive lock is a shared lock. Multiple processes can hold a shared lock on the same file. A process that writes to a file typically requests an exclusive lock, and a process that reads from it typically requests a shared lock.
    [Show full text]
  • Visual Validation of SSL Certificates in the Mozilla Browser Using Hash Images
    CS Senior Honors Thesis: Visual Validation of SSL Certificates in the Mozilla Browser using Hash Images Hongxian Evelyn Tay [email protected] School of Computer Science Carnegie Mellon University Advisor: Professor Adrian Perrig Electrical & Computer Engineering Engineering & Public Policy School of Computer Science Carnegie Mellon University Monday, May 03, 2004 Abstract Many internet transactions nowadays require some form of authentication from the server for security purposes. Most browsers are presented with a certificate coming from the other end of the connection, which is then validated against root certificates installed in the browser, thus establishing the server identity in a secure connection. However, an adversary can install his own root certificate in the browser and fool the client into thinking that he is connected to the correct server. Unless the client checks the certificate public key or fingerprint, he would never know if he is connected to a malicious server. These alphanumeric strings are hard to read and verify against, so most people do not take extra precautions to check. My thesis is to implement an additional process in server authentication on a browser, using human recognizable images. The process, Hash Visualization, produces unique images that are easily distinguishable and validated. Using a hash algorithm, a unique image is generated using the fingerprint of the certificate. Images are easily recognizable and the user can identify the unique image normally seen during a secure AND accurate connection. By making a visual comparison, the origin of the root certificate is known. 1. Introduction: The Problem 1.1 SSL Security The SSL (Secure Sockets Layer) Protocol has improved the state of web security in many Internet transactions, but its complexity and neglect of human factors has exposed several loopholes in security systems that use it.
    [Show full text]