Default CODE signing
I am looking for information regarding the use of Cisco 'retirement' and 'allowed '. I'm pretty new to deal with IDS systems (we use version 4.1)
I understand that a 'retreat' signature is used/supported by Cisco.
But what in is "activated"? When you load the sensor with signatures of base of Cisco, there are approximately 650 which are not retired, but they are not enabled. Does anyone know why they are not by default to "activate"?
When you install a new sensor, should turn on ALL signatures or only the ones that Cisco has "allowed"?
Thanks for any information you can provide me.
Linda,
As a general rule, we are developing signatures are delivered by default active. There are a few reasons where we may choose to ship the invalid signature:
-The signature was added for completeness in coverage for an older vulnerability. While still possibly a legitimate question, the prevalence of vulnerable package is minimal in the larger scope of things, not that useful for all.
-The signature is a vulnerability which is really bad (which is very easy to operate and gain system privileges), but overall this package use is minimal. Take for example GIS 3537-0 for MailEnable, really easy feat, yet not very widespread useage at all, so we shipped that is disabled.
Remember that disabled, means really just that it is kept quiet... the signature is always active on the sensor, just that it does not produce alerts. As always, if it applies to your environment, simply activate it and ready for action.
Tags: Cisco Security
Similar Questions
-
Default ASA code signing certificate has expired
Hello. I get a certificate warning expired with different versions and ASA models when you use SSL VPN. When I look at the certificate (see file attachment), it shows that it is own Cisco certificate acquired code signing from Thawte. Everyone has noticed this in the last few weeks? How can I fix it or is it solved in a future version of the ASA? BR, Eero Laaksonen
EERO,
You can easily change the cert:
http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/JK.html#wp1597730
Just please make sure that you are running a recent 8.0.5 + revision of software or the 8.2.5+.
Marcin
-
Unable to connect BAR file "error: Code signing request failed because it cannot be recorded.»
Hello
I'm trying to sign the BAR file generated from the apk files, but I got this error:
Error: Code signing request has failed because it cannot be recorded. Package-Version-Id [gYACgLU-GLg8YtNMuWU17-BoxsM], [gYAEgM4XsG9ppojbj3zOO9gg-Nc], Id [2189468] Client Application-Version-Id.
I tried to redownlowd the file CSK again and again, did a lot of things but not luck.
Thank you for sending via manifest file. The error is caused by the name of the application you are using. There is a limitation of the number of characters that can be used for an application name. The number of characters will vary according to the type of encoding used, in this case it would be 7.
The workaround for this solution, use our tool is to define an application name by default using Latin based on characters and then add names localized for each supported language. These localized names do not have this limit. For comparison, here's how it's done using BlackBerry Momentics: How to define an Application as the characters name Unicode requires the default name would only be used if a localized name is not available for the language of the user.
Android also supports localized names of applications, so the similar process should work there too.
-
Must be signed with the RIM Runtime Code Signing Key (RRT) - example of code bar
Hi, when I try to start the bardcode example in my device (9780 Smartphone), I get
"Error starting BarCodeApp: Module 'BarCodeApp' must be signed with the RIM Code Signing Key (RRT) DURATION.
The only class I have in my project is:
import java.util.Hashtable; import java.util.Vector; import net.rim.blackberry.api.browser.Browser; import net.rim.blackberry.api.browser.BrowserSession; import net.rim.device.api.barcodelib.BarcodeBitmap; import net.rim.device.api.barcodelib.BarcodeDecoder; import net.rim.device.api.barcodelib.BarcodeDecoderListener; import net.rim.device.api.barcodelib.BarcodeScanner; import net.rim.device.api.command.Command; import net.rim.device.api.command.CommandHandler; import net.rim.device.api.command.ReadOnlyCommandMetadata; import net.rim.device.api.system.Bitmap; import net.rim.device.api.system.KeyListener; import net.rim.device.api.ui.Field; import net.rim.device.api.ui.Keypad; import net.rim.device.api.ui.UiApplication; import net.rim.device.api.ui.XYEdges; import net.rim.device.api.ui.component.BitmapField; import net.rim.device.api.ui.component.Dialog; import net.rim.device.api.ui.component.EditField; import net.rim.device.api.ui.component.LabelField; import net.rim.device.api.ui.container.FullScreen; import net.rim.device.api.ui.container.MainScreen; import net.rim.device.api.ui.decor.BorderFactory; import net.rim.device.api.ui.toolbar.ToolbarButtonField; import net.rim.device.api.ui.toolbar.ToolbarManager; import net.rim.device.api.util.StringProvider; import com.google.zxing.BarcodeFormat; import com.google.zxing.DecodeHintType; import com.google.zxing.common.ByteMatrix; import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel; import com.google.zxing.qrcode.encoder.Encoder; import com.google.zxing.qrcode.encoder.QRCode; /*** * Barcode API Sample *
* This application demonstrates the most common use of the Barcode API: 1) * Creating and displaying a QR code, 2) Scanning a QR code and opening the * browser pointing to that URL. It could be easily modified to scan/create * other kinds of barcodes, or do other things with the scanned/created barcode. * * @author PBernhardt * */ public class BarcodeAPISample extends UiApplication { //This controls how big barcode we will display is to be private static final int BARCODE_WIDTH = 300; // This is the app itself private static BarcodeAPISample _app; // Errors will be logged here private LabelField _logField; // The main screen which holds the toolbar and displayed barcode private MainScreen _mainScreen; // The barcode is displayed here private BitmapField _barcodeField; // The text stored here is converted into a barcode by the user private EditField _barcodeTextField; // This controls the scanning of barcodes private BarcodeScanner _scanner; // This screen is where the viewfinderf or the barcode scanner is displayed private FullScreen _barcodeScreen; public BarcodeAPISample() { // New screen _mainScreen = new MainScreen(); // Create the log field so it can be used in this constructor _logField = new LabelField("Log: "); // Create the place-holder for the barcode image and add it to the main // screen _barcodeField = new BitmapField(new Bitmap(BARCODE_WIDTH, BARCODE_WIDTH), Field.FIELD_HCENTER); _barcodeField.setBorder(BorderFactory.createBevelBorder(new XYEdges(2, 2, 2, 2))); _mainScreen.add(_barcodeField); // Create and add the field to store the barcode contents _barcodeTextField = new EditField("Barcode text: ", "http://devblog.blackberry.com"); _mainScreen.add(_barcodeTextField); // Add "display barcode" and "scan barcode" toolbar buttons /** * This is a quick example of the new (in 6.0) * net.rim.device.api.command package and the * net.rim.device.api.ui.toolbar package. All it does is invoke the * displayBarcode() or scanBarcode() method when you click the * corresponding button. For more details on this package, see the * JavaDocs or elsewhere in the Developer Resource Center */ ToolbarManager toolbar = new ToolbarManager(); ToolbarButtonField displayBarcodeToolbarButtonField = new ToolbarButtonField(new StringProvider("Display")); displayBarcodeToolbarButtonField.setCommand(new Command(new CommandHandler() { public void execute(ReadOnlyCommandMetadata arg0, Object arg1) { displayBarcode(); } })); toolbar.add(displayBarcodeToolbarButtonField); ToolbarButtonField scanBarcodeToolbarButtonField = new ToolbarButtonField(new StringProvider("Scan")); scanBarcodeToolbarButtonField.setCommand(new Command(new CommandHandler() { public void execute(ReadOnlyCommandMetadata arg0, Object arg1) { scanBarcode(); } })); toolbar.add(scanBarcodeToolbarButtonField); _mainScreen.setToolbar(toolbar); // Add the log field to the bottom _mainScreen.add(_logField); pushScreen(_mainScreen); } // Simply create the the app and enter the event dispatcher public static void main(String[] args) { _app = new BarcodeAPISample(); _app.enterEventDispatcher(); } /** * displayBarcode *
* This method will take the text in the _barcodeTextField, convert it into * a QRCode and display it on the main screen. It could be easily modified * to use a different barcode format or to get the text from somewhere else. */ private void displayBarcode() { try { QRCode qrCode = new QRCode(); // This encodes the text with a low level (%7) of error correction Encoder.encode(_barcodeTextField.getText(), ErrorCorrectionLevel.L, qrCode); // From there we get the actual data matrix and convert it into a // bitmap ByteMatrix barcode = qrCode.getMatrix(); Bitmap bitmap = BarcodeBitmap.createBitmap(barcode, BARCODE_WIDTH); _barcodeField.setBitmap(bitmap); } catch (Exception e) { log("Exception: " + e); } } private void scanBarcode() { // If we haven't scanned before, we will set up our barcode scanner if (_barcodeScreen == null) { // First we create a hashtable to hold all of the hints that we can // give the API about how we want to scan a barcode to improve speed // and accuracy. Hashtable hints = new Hashtable(); // The first thing going in is a list of formats. We could look for // more than one at a time, but it's much slower. Vector formats = new Vector(); formats.addElement(BarcodeFormat.QR_CODE); hints.put(DecodeHintType.POSSIBLE_FORMATS, formats); // We will also use the "TRY_HARDER" flag to make sure we get an // accurate scan hints.put(DecodeHintType.TRY_HARDER, Boolean.TRUE); // We create a new decoder using those hints BarcodeDecoder decoder = new BarcodeDecoder(hints); // Finally we can create the actual scanner with a decoder and a // listener that will handle the data stored in the barcode. We put // that in our view screen to handle the display. try { _scanner = new BarcodeScanner(decoder, new MyBarcodeDecoderListener()); _barcodeScreen = new MyBarcodeScannerViewScreen(_scanner); } catch (Exception e) { log("Could not initialize barcode scanner: " + e); return; } } // If we get here, all the barcode scanning infrastructure should be set // up, so all we have to do is start the scan and display the viewfinder try { _scanner.startScan(); _app.pushScreen(_barcodeScreen); } catch (Exception e) { log("Could not start scan: " + e); } } /*** * MyBarcodeDecoderListener *
* This BarcodeDecoverListener implementation tries to open any data encoded * in a barcode in the browser. * * @author PBernhardt * **/ private class MyBarcodeDecoderListener implements BarcodeDecoderListener { public void barcodeDecoded(final String rawText) { // First pop the viewfinder screen off of the stack so we can see // the main app _app.invokeLater(new Runnable() { public void run() { _app.popScreen(_barcodeScreen); } }); // We will use a StringBuffer to create our message as every String // concatenation creates a new Object final StringBuffer message = new StringBuffer("Would you like to open the browser pointing to \""); message.append(rawText); message.append("\"?"); log(message.toString()); _barcodeScreen.invalidate(); // Prompt the user to open the browser pointing at the URL we // scanned _app.invokeLater(new Runnable() { public void run() { if (Dialog.ask(Dialog.D_YES_NO, message.toString()) == Dialog.YES) { // Get the default sessionBrowserSession BrowserSession browserSession = Browser.getDefaultSession(); // Launch the URL browserSession.displayPage(rawText); } } }); } } /*** * MyBarcodeScannerViewScreen *
* This view screen is simply an extension of MainScreen that will hold our * scanner's viewfinder, and handle cleanly stopping the scan if the user * decides they want to abort via the back button. * * @author PBernhardt * */ private class MyBarcodeScannerViewScreen extends MainScreen { public MyBarcodeScannerViewScreen(BarcodeScanner scanner) { super(); try { // Get the viewfinder and add it to the screen _scanner.getVideoControl().setDisplayFullScreen(true); Field viewFinder = _scanner.getViewfinder(); this.add(viewFinder); // Create and add our key listener to the screen this.addKeyListener(new MyKeyListener()); } catch (Exception e) { log("Error creating view screen: " + e); } } /*** * MyKeyListener *
* This KeyListener will stop the current scan cleanly when the back * button is pressed, and then pop the viewfinder off the stack. * * @author PBernhardt * */ private class MyKeyListener implements KeyListener { public boolean keyDown(int keycode, int time) { // First convert the keycode into an actual key event, taking // modifiers into account int key = Keypad.key(keycode); // From there we can compare against the escape key constant. If // we get it, we stop the scan and pop this screen off the stack if (key == Keypad.KEY_ESCAPE) { try { _scanner.stopScan(); } catch (Exception e) { log("Error stopping scan: " + e); } _app.invokeLater(new Runnable() { public void run() { _app.popScreen(_barcodeScreen); } }); return true; } // Otherwise, we'll return false so as not to consume the // keyDown event return false; } // We will only act on the keyDown event public boolean keyChar(char key, int status, int time) { return false; } public boolean keyRepeat(int keycode, int time) { return false; } public boolean keyStatus(int keycode, int time) { return false; } public boolean keyUp(int keycode, int time) { return false; } } } /*** * log *
* Writes a message to an edit field for debug purposes. Also sends to * STDOUT. *
* * @param msg * - The String to log */ public void log(final String msg) { invokeLater(new Runnable() { public void run() { _logField.setText(_logField.getText() + "\n" + msg); System.out.println(msg); } }); } }
My request is properly signed and work very well in the Simulator.
Thanks in advance.
-
Has received the keys to code signing, but not entered PIN code
We received our code signing keys, but realize now that we left the white pine in the application. Is there a PIN assigned by default? Our phone number or something like that. ?
Contact [email protected] and ask them to send your current assigned PIN to the email address registered.
-
Code sign VISA raw driver USB for Windows 8
Hi guys,.
I wrote a LabVIEW program that communicates with a measuring using NI-VISA (class raw USB) USB device.
With the development of Driver NI-VISA Wizard, I created two .inf files of drivers (for XP/2000 and 7/Vista).
It works like a charm on my computer (Windows 7, 64-bit) and on the computers running Windows XP and 32-bit versions of Windows Vista and 7.
I also have to work on 64 bit versions of Windows Vista and 7 using "disable driver signature enforcement" before installing the driver.
Once the driver is installed, it is listed under "devices USB of NI-VISA" in the Windows Device Manager. After that I can reactivate the driver signature enforcement, the unit will continue to work, even after a reboot.Alas, in the 64-bit version of Windows 8 is not as simple as that. Yes, you can temporarily disable driver signing enforcement, but not on computers that use 'secure boot' or UEFI.
I know that there are ways to disable booting UEFI's secure, but I don't want that on our customers computers. It seems wrong, and could introduce a large number of security problems.The next logical step would be to sign the device driver. Our company has a valid kernel mode code signing certificate and we signed the other drivers with it in the past.
The problem is that I don't know how to sign my device in the NI-VISA database driver. According to the .inf file it uses WinUSB.sys, a Microsoft USB generic driver (part of the Windows Driver Kit, I think).
Winusb.sys is already signed by Microsoft and that I could replace the signature, but that probably won't work without some tweaking inf and generate a new catalog file.Can someone please give me some pointers on where to start? As a reference, I have attached one of the inf files for this post. This inf file works on Windows Vista and 7.
It is even possible to create a signed driver based on NI-VISA raw?
Thanks in advance for your help.
Paul
Here's a knockout who described workaround.
http://digital.NI.com/public.nsf/allkb/36DB8D6AC385052786257A940066A421
What you have written, you need to generate a catalog (.cat) of the inf file (as described in step 1 of the KB) and then sign the .cat with your certificate file, the same way you would sign your other components. The inf and CAT are always distributed together. The inf file contains information about the cat file that has the signature, and the cat file contains the signature information. Since you have already been distributing the components signed with your own certificate, I'm sure you can understand the process, but please let us know if you have any other questions.
Thank you
Pankaj
-
XP SP3 system
I get warnings like this when Mcafee updates.
Process * \MCSHIELD. EXE the nest (428) contained code signed or corrupted and could not perform an operation with a McAfee driver.
Process * \SVCHOST. EXE the nest (1632) contained code signed or corrupted and could not perform an operation with a McAfee driver.
Is this a problem Microsoft or Mcafee?
Do I need to fix?
In the McAfee forums, there are several similar positions such as:
https://community.McAfee.com/message/241542
I'll sue your question on in their community, as they already seem to know about it.
I would also say that, unless you are very fond of McAfee or you are forced to use it, you plan to replace it with something that has a smaller footprint, uses less resources and doesn't have these problems - something like Microsoft Security Essentials, you can get here:
http://Windows.Microsoft.com/en-us/Windows/Security-Essentials-download
MSE completed with the free version of MBAM and SAS should permanently keep your clean enough unless you're a daredevil like me:
Download, install, update and do a quick scan with these free malware detection programs (not at the same time) and remove all threats:
Malwarebytes (MMFA): http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/SAS will probably report a lot of tracking cookies and you can just let him delete them.
Even if you keep McAfee, I always supplement it with MBAM and SAS since no single AV program does seem to know everything. If your McAfee of your system is clean, I would interpret that means - McAfee found nothing, says he knows. It is prudent to use more than a reputable scanner to get more coverage.
If you choose to spend (and you can't have both at the same time), you must be sure to use the uninstaller that you can get from here:
http://service.McAfee.com/FAQDocument.aspx?LC=1033&ID=TS101331
Your system will give you better performance.
-
Code signing request has failed because the service is temporarily unavailable
cannot create debug token today. still not to print the message: Code signing request has failed because the service is temporarily unavailable. What is happen?
Service has been done.
http://supportforums.BlackBerry.com/T5/BlackBerry-world-development/app-signing-server-down/m-p/2669...
Try again. -
Hello everyone, I'm new here.
I just tried to get the keys to a game from the signature.
I got the csk file, but no email with SJC files didn't follow.
Is there something that I am missing?
Unity3D requires files from the csj to sign for BB10.
Can someone help with the process, please?
The file bbidtoken.csk is a BlackBerry ID token, which is our new method for signing.
You can still use the previous method used (files CSJ) code signing keys. You can get them using this form: https://www.blackberry.com/SignedKeys/codesigning.html
Choose the second option, which is: "For PlayBook apps BlackBerry BlackBerry 10 apps development using a 10.1 SDK or lower or SDK WebWorks BlackBerry 10 below 2.0."
-
I have been a token of debugging and apps on my device Z10 hundreds of times from the command line and Momentics but this time I am confused.
I am trying to create a token of debugging (in command line and Momentics) and deploy it in my Z10 camera, but it does not work. In both cases, I get the following error.
"Error: Code signing request has failed because the value debug token of Type Package is not allowed."
2 things have happened recently that make this potentially different situation.
a.) now my device is currently running OS 10.2
(b) there was something new regarding signing apps with your blackberry ID?
I was a little out of the loop for 1-2 months so please forgive me if this problem is very obvious... I am looking for a clue to what I'm doing wrong.
This has been fixed on both of your accounts. It was a problem of account setup. We're looking at what caused it to prevent it from happening in the future.
-
Code Signing - different version of the JDE
I'm back-porting an application 4.2 to 4.0. I copied the files sigtool directory 'bin' JDE 4.2 in the 'bin' JDE 4.0 directory. However, when I try to sign the COD files, the operation fails. The 'detail' says:
"The signature on the request of code signing did not check. The probable cause of this problem is entered an incorrect password. »
The password is correct and checked several times. There is another reason for this failure? Am I missing a step when you move files sigtool 4.2 back to 4.0?
The original JDE (the application was developed on) is 4.2.1. One where I am signing is 4.0.2.
This link explains the changes in version 4.3.0. It is the only version of the Pack BlackBerry JDE/component where the format of these files has changed.
What's – the Signature key format changes in BlackBerry JDE 4.3.0
Article number: DB-00639 -
Hello
I have this quite annoying error for my blackberry 5.0 application. Most of the methods and classes of RIM is display code signing errors when I'm clearly registered my app and the app runs on my camera as well. I'm unable to retrieve all the data from my db but I am able to write data to my db. Help, please.
Thank you & best regards
Vishnu pascalp
OK I got the problem. The .cod file was not have written... its working fine now.
Thanks for the help.
-
Hi, I have a problem running the webinspector on my dev alpha.
Whenever I have create bar folder with the d flag, and then run the signature tool, I got the error message:
Error: Code signing of the petition failed because Application-Development-Mode demo
is is present and not set [false].How to solve this problem? If I generate the .bar without the flag - d, can I sign and execute on the device, but without web Inspector
I found the error
I just had to use the indicator g in bbwp and set my password
and not reuse bbwp and then the signing tool
-
Currently, I just have a problem concerning the signing of the app using webworks api for playbook.
In particular, I already could package it in a bar in the file but just cannot sign.
I followed all the instructions to
And it seemed that I have successfully registered my account because I have the following message in my mailbox:
An application for registration is completed successfully for the customer "xxx". The client left or code xxx signing requests.
The customer has returned the following message is displayed:
Customer "xxx" registered successfully with the server ID RDK signature and now attempts remaining xxx code signing.
Then when I run the command:. / bbwp ~/Dropbox/Interceptr.zip /gcsk /gp12 123456 123456 /buildId 1/o/Users/xxx/Desktop (I replaced my real pass in this email with string 123456)
I had the rest of the console message:
[INFO] Parsing of the command line options
[INFO] Bbwp.properties analysis
[INFO] Validation of archive WebWorks
[INFO] The analysis of config.xml
[WARNING] Cannot find an element of
[INFO] The application of filling source
[INFO] Compiling applications WebWorks
[INFO] Packaging of the record bar
[INFO] Bar complete packaging
[INFO] Start signing tool
error barsigner: developer certificate and private key not found in the keys file or store the password not supplied
[ERROR] Signature failed
and using blackberry-signatory gives the same result:
. / blackberry-sign-verbose - cskpass 123456 - keystore sigtool.p12 - storepass 123456 ~/Desktop/Interceptr.bar RDK
error barsigner: developer certificate and private key not found in the keys file or store the password not supplied
I wonder if anyone has any ideas on this subject?
Here are the exact steps I followed. I tried twice and havn't seen the questions either WinXP or Win7
updating PATH env variable to add all the paths to the tools
-
Page of code signing does not work
The steps:
(1) open the URL with IE 8: https://www.blackberry.com/SignedKeys/nfc-form.html
(2) select "I wish a device Code signing key.
(3) fill in all information
4) click the button 'send '. The demand is not there and get an error "Please ensure that all required fields are filled."
Does anyone have a solution for this?
Maybe you are looking for
-
I know there are some discussions about the speed, namely about HSUPA and a bunch of people ranting about AT & T. I think a lot of DOWNLOAD problems are AT & T issues. BUT. If you look at all speeds, I've still seen NOBODY counts more than 400 kbit/s
-
Games for Windows Live Marketplace (does not work)
I recently bought Batman: Arkham Asylum game of The Year Edition for my Pc on this site http://www.gamesforwindows.com/en-US/ I checked my email one has obtained confirmation of purchase from Microsoft. Now, I program of games for Windows Live Market
-
my laptop does not support any game, but why I do not understand. I have 2 GB of graphics card.
-
Record Full Duplex and ADR Workflow in Premiere Pro CC
Hi, I use CC v10.3.Trying to find best workflow for ADR only not sure if I need to do this first or hearing.I'm unable to mute the audio channel that I record in first that causes a signal delayed voice back to the screen. The talent is to hear the m
-
Start a virtual machine returns: fatal error... timeTracker_user.c:232 bugNr = 148722
Host: 3.10.5 - 201.fc19.x86_64Comments: everything (I've tried windows, other distributions)VMware Workstation 9.0.2 patched with this and that.I came across somewhat relevant article , but do not know how to go about finding the maximum speed of the