We are using internet daily and we got may types of errors but do you know the meaning of that error codes ?
Today I list the error codes with full descriptions and also I will show you whay these errors comes.
400 Bad File Request Usually means the syntax used in the URL is incorrect (e.g., uppercase letter should be lowercase letter; wrong punctuation marks).
401 Unauthorized Server is looking for some encryption key from the client and is not getting it. Also, wrong password may have been entered. Try it again, paying close attention to case sensitivity.
403 Forbidden/Access Denied Similar to 401; special permission needed to access the site — a password and/or username if it is a registration issue. Other times you may not have the proper permissions set up on the server or the site’s administrator just doesn’t want you to be able to access the site.
404 File Not Found Server cannot find the file you requested. File has either been moved or deleted, or you entered the wrong URL or document name. Look at the URL. If a word looks misspelled, then correct it and try it again. If that doesn’t work backtrack by deleting information between each backslash, until you come to a page on that site that isn’t a 404. From there you may be able to find the page you’re looking for.for maore details click here
408 Request Timeout Client stopped the request before the server finished retrieving it. A user will either hit the stop button, close the browser, or click on a link before the page loads. Usually occurs when servers are slow or file sizes are large.
500 Internal Error Couldn’t retrieve the HTML document because of server-configuration problems. Contact site administrator.
501 Not Implemented Web server doesn’t support a requested feature.
502 Service Temporarily Overloaded Server congestion; too many connections; high traffic. Keep trying until the page loads.
503 Service Unavailable Server busy, site may have moved ,or you lost your dial-up Internet connection.
Connection Refused by Host Either you do not have permission to access the site or your password is incorrect.
File Contains No Data Page is there but is not showing anything. Error occurs in the document. Attributed to bad table formatting, or stripped header information.
Bad File Request Browser may not support the form or other coding you’re trying to access.
Failed DNS Lookup The Domain Name Server can’t translate your domain request into a valid Internet address. Server may be busy or down, or incorrect URL was entered.
Host Unavailable Host server down. Hit reload or go to the site later.
Unable to Locate Host Host server is down, Internet connection is lost, or URL typed incorrectly.
Network Connection Refused by the Server The Web server is busy.
If you have any query or confusion then feel free to comment on this.
Tuesday, June 22, 2010
Monday, June 21, 2010
U.S. Government's Move to Cloud Computing
Cloud computing is an emerging model for obtaining on-demand access to shared computing resources often through the use of remotely located, widely distributed data networks. Kundra sees this new vehicle for shared computing services as a means to lower the cost of government operations, drive innovation and fundamentally change the way government delivers technology services across the board.
NIST has been involved in cloud computing since its inception and has developed a widely accepted definition of cloud computing. The lab is currently focused on two major cloud computing efforts.
One is leading a collaborative technical initiative known as the Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) that is intended to validate and communicate interim cloud computing specifications, before they become formal standards.
The major cloud computing requirements that will be addressed by these interface specifications are security, portability (the ability to move data) and interoperability (the ability of different systems to work together seamlessly).
NIST researchers are working with other agencies and standards development organizations to identify existing specifications and requirements use cases -- ways users interact with cloud systems such as sending data to a cloud service provider's environment, and later retrieving it and removing it from that provider. The NIST approach will help to identify gaps in cloud computing standards and focus on those gaps. SAJACC researchers plan to create a portal to collect and share the use case, specification, and test results information.
Another major challenge with cloud computing is to safeguard government data in clouds, especially citizens' private information. Agencies using cloud computing will still use NIST-developed Federal Information Security Management Act (FISMA) guidelines.
NIST has been involved in cloud computing since its inception and has developed a widely accepted definition of cloud computing. The lab is currently focused on two major cloud computing efforts.
One is leading a collaborative technical initiative known as the Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) that is intended to validate and communicate interim cloud computing specifications, before they become formal standards.
The major cloud computing requirements that will be addressed by these interface specifications are security, portability (the ability to move data) and interoperability (the ability of different systems to work together seamlessly).
NIST researchers are working with other agencies and standards development organizations to identify existing specifications and requirements use cases -- ways users interact with cloud systems such as sending data to a cloud service provider's environment, and later retrieving it and removing it from that provider. The NIST approach will help to identify gaps in cloud computing standards and focus on those gaps. SAJACC researchers plan to create a portal to collect and share the use case, specification, and test results information.
Another major challenge with cloud computing is to safeguard government data in clouds, especially citizens' private information. Agencies using cloud computing will still use NIST-developed Federal Information Security Management Act (FISMA) guidelines.
Online Privacy at Risk, Warn Educators
Wendy Kraglund-Gauthier and David Young both design online courses at St. Francis Xavier University in Antigonish, N.S. In a paper presented at the 2010 Congress for the Humanities and Social Sciences taking place at Montreal's Concordia University, they say most people have a false sense of security about their online dealings.
In reality, they say, technology is changing so fast, privacy protection rules, laws and guidelines can't keep up. Kraglund-Gauthier and Young say there's no magic bullet when it comes to privacy protection. But they do say students and educators -- and indeed everyone using the Internet -- should become aware of the pitfalls, and work to minimize them.
One major pitfall relates to the international character of the Internet. If a Canadian institution stores data on a server in another country -- something that's increasingly common because it can be a way to save money -- then it becomes difficult to enforce Canadian privacy laws.
Survey Monkey is a free online survey software tool. But Kraglund-Gauthier says data collected via Survey Monkey is stored in the U.S., where privacy laws are different. So she says anyone using Survey Monkey needs to realize this, and realize that it may not be the right tool for a Canadian institution that wants to maximize data protection.
Cloud computing -- the process of storing data online rather than on individual devices -- has many advantages. You can, for example, access your address book or your files from any computer in the world. It is becoming increasingly popular, one of the reasons being that it offers economies of scale. But where is that data stored?
"When you think about security, you have to look at what laws are in effect when you cross global borders," says Kraglund-Gauthier. Young adds that even though most countries have privacy protection laws, the nebulous character of the Internet makes it difficult to police.
"All these laws try to safeguard privacy," says Young. "But the laws lack specificity. They are so broad, they don't police the online environment."
Another issue relates to the fact that online data can be stored and accessed virtually forever, making it difficult if not impossible to delete mistakes or erroneous information. Some university classes today are recorded, so students can consult the lectures and discussions online at their convenience.
In the past, a disparaging remark made in class -- whether by a student or professor -- might be quickly forgotten. "But in the online world, it's stored in perpetuity," notes Young. As a result, the Internet creates opportunities for cyberlibel -- opportunities that do not exist in a face-to-face classroom environment.
Another potential issue, says Kraglund-Gauthier, is that bits of recorded information -- audio, video or even online discussions -- can be extracted from their context and used for other purposes.
Students may think passwords provide protection and that comments made in a password-protected environment are private, she says. But in reality, it's not difficult for even protected information to jump the fence and get loose in cyberspace.
"Often, the privacy policy comes down to the individual and their actions rather than systematic responsibility," she says, adding that professors hosting an online classroom may have to remind students every time that the session is being recorded.
They add that the universities' own privacy policies often leave something to be desired.
Kraglund-Gauthier says that where there are policies, they often are not specific enough. And Young adds that they are often hard to find: "In most university websites, privacy polices are buried."
Both Young and Kraglund-Gauthier say anyone involved in the Internet needs to be aware that their privacy is at risk at all times and act accordingly. "I'm doing a doctorate right now through the University of South Australia, and one of their policies is that the Internet will be treated as a potentially hostile environment," says Kraglund-Gauthier.
"That about sums up the state of affairs," adds Young.
In reality, they say, technology is changing so fast, privacy protection rules, laws and guidelines can't keep up. Kraglund-Gauthier and Young say there's no magic bullet when it comes to privacy protection. But they do say students and educators -- and indeed everyone using the Internet -- should become aware of the pitfalls, and work to minimize them.
One major pitfall relates to the international character of the Internet. If a Canadian institution stores data on a server in another country -- something that's increasingly common because it can be a way to save money -- then it becomes difficult to enforce Canadian privacy laws.
Survey Monkey is a free online survey software tool. But Kraglund-Gauthier says data collected via Survey Monkey is stored in the U.S., where privacy laws are different. So she says anyone using Survey Monkey needs to realize this, and realize that it may not be the right tool for a Canadian institution that wants to maximize data protection.
Cloud computing -- the process of storing data online rather than on individual devices -- has many advantages. You can, for example, access your address book or your files from any computer in the world. It is becoming increasingly popular, one of the reasons being that it offers economies of scale. But where is that data stored?
"When you think about security, you have to look at what laws are in effect when you cross global borders," says Kraglund-Gauthier. Young adds that even though most countries have privacy protection laws, the nebulous character of the Internet makes it difficult to police.
"All these laws try to safeguard privacy," says Young. "But the laws lack specificity. They are so broad, they don't police the online environment."
Another issue relates to the fact that online data can be stored and accessed virtually forever, making it difficult if not impossible to delete mistakes or erroneous information. Some university classes today are recorded, so students can consult the lectures and discussions online at their convenience.
In the past, a disparaging remark made in class -- whether by a student or professor -- might be quickly forgotten. "But in the online world, it's stored in perpetuity," notes Young. As a result, the Internet creates opportunities for cyberlibel -- opportunities that do not exist in a face-to-face classroom environment.
Another potential issue, says Kraglund-Gauthier, is that bits of recorded information -- audio, video or even online discussions -- can be extracted from their context and used for other purposes.
Students may think passwords provide protection and that comments made in a password-protected environment are private, she says. But in reality, it's not difficult for even protected information to jump the fence and get loose in cyberspace.
"Often, the privacy policy comes down to the individual and their actions rather than systematic responsibility," she says, adding that professors hosting an online classroom may have to remind students every time that the session is being recorded.
They add that the universities' own privacy policies often leave something to be desired.
Kraglund-Gauthier says that where there are policies, they often are not specific enough. And Young adds that they are often hard to find: "In most university websites, privacy polices are buried."
Both Young and Kraglund-Gauthier say anyone involved in the Internet needs to be aware that their privacy is at risk at all times and act accordingly. "I'm doing a doctorate right now through the University of South Australia, and one of their policies is that the Internet will be treated as a potentially hostile environment," says Kraglund-Gauthier.
"That about sums up the state of affairs," adds Young.
What is CAPTCHA and How it Works?
CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.
What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.
Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.
Designing a CAPTCHA System
CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.
Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.
Breaking the CAPTCHA
The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.
Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.
What Purpose does CAPTCHA Exactly Serve?
CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.
What is the Need to Create a Test that Can Tell Computers and Humans Apart?
For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.
Who Uses CAPTCHA?
CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.
Designing a CAPTCHA System
CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.
Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.
Breaking the CAPTCHA
The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.
Install Nessus
Now that our changes are saved from boot to boot, we can install things and they won't disappear on us :)
Download the Ubuntu Nessus package from nessus.org. The 32-bit 8.10 version worked fine for me. We used to have to install a separate client package, but no longer. The client is now web-based and included in the Nessus package.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.2.0-ubuntu810_i386.deb
Finally, it's time to configure Nessus. Another step that is no longer necessary is the creation of certificates for authentication, so all we really need to do is add our user.
# add user/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]:y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Me
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.x, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have had to reboot after the initial install before Nessus started working. You can use 'netstat -napt' to check that the server is listening on port 8834. Yup, this is different too. We used to look for port 1241.
/etc/init.d/nessusd start
Woohoo, time to find those vulnerabilities.
Configure Encryption
Before we configure encryption, we need to go ahead and update the system. We used to be able to wait to do this, but the amount of packages is now enough that we run out of space if we wait until after creating the Truecrypt volume.
First execute the following:
apt-get update
This is update the software repository information. Next, execute the this command:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
Finally, execute the following to clean up the downloaded packages and make room for the Truecrypt volume.
apt-get clean
Now to configure encryption. Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.
This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux. Click on the images to see a larger version.
You will get a message that the volume was successful created. Click on the 'OK' button, then exit the Truecrypt gui, both the 'Create Volume' windows and the main windows. We want to be back at the command prompt at this point.
If you want to test the your filesystem, execute the following, note the -k '' is two single quotes, not a double quote:
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .
Now it is time to tweak a few tings
Download the Ubuntu Nessus package from nessus.org. The 32-bit 8.10 version worked fine for me. We used to have to install a separate client package, but no longer. The client is now web-based and included in the Nessus package.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.2.0-ubuntu810_i386.deb
Finally, it's time to configure Nessus. Another step that is no longer necessary is the creation of certificates for authentication, so all we really need to do is add our user.
# add user/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]:y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Me
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.x, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have had to reboot after the initial install before Nessus started working. You can use 'netstat -napt' to check that the server is listening on port 8834. Yup, this is different too. We used to look for port 1241.
/etc/init.d/nessusd start
Woohoo, time to find those vulnerabilities.
Configure Encryption
Before we configure encryption, we need to go ahead and update the system. We used to be able to wait to do this, but the amount of packages is now enough that we run out of space if we wait until after creating the Truecrypt volume.
First execute the following:
apt-get update
This is update the software repository information. Next, execute the this command:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
Finally, execute the following to clean up the downloaded packages and make room for the Truecrypt volume.
apt-get clean
Now to configure encryption. Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.
This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux. Click on the images to see a larger version.
You will get a message that the volume was successful created. Click on the 'OK' button, then exit the Truecrypt gui, both the 'Create Volume' windows and the main windows. We want to be back at the command prompt at this point.
If you want to test the your filesystem, execute the following, note the -k '' is two single quotes, not a double quote:
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .
Now it is time to tweak a few tings
Subscribe to:
Posts (Atom)