[월:] 2019년 05월

No Image

USN-3976-2: Samba vulnerability

2019-05-14 KENNETH 0

USN-3976-2: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Samba could allow unintended access to network services. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-3976-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM samba – 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1 Ubuntu 12.04 ESM samba – 2:3.6.25-0ubuntu0.12.04.18 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the [ more… ]

HP launches world’s first dual-screen gaming laptop and other innovations

2019-05-14 KENNETH 0

HP launches world’s first dual-screen gaming laptop and other innovations In our multitasking world, when you’re playing PC games, there’s a good chance you’re doing a lot of other things, too. Gaming industry insights show 82% of people use their mobile phones for messaging during gaming sessions, while 61% listen to music and 49% watch game-related live streams, view video content and browse websites [1]. With this in mind, HP has created the world’s first dual-screen gaming laptop [2], the OMEN X 2S. OMEN X 2S Players will be able to message friends in WeChat and WhatsApp, browse the perfect songs to accompany their sessions on Spotify, watch Twitch and YouTube, or even serve as a hub for OMEN Command Center software through an easy-to-use 6-inch 1080p touchscreen above the keyboard – freeing them from the hassles of alt-tabbing. A [ more… ]

No Image

USN-3976-1: Samba vulnerability

2019-05-14 KENNETH 0

USN-3976-1: Samba vulnerability samba vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Samba could allow unintended access to network services. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 samba – 2:4.10.0+dfsg-0ubuntu2.1 Ubuntu 18.10 samba – 2:4.8.4+dfsg-2ubuntu2.4 Ubuntu 18.04 LTS samba – 2:4.7.6+dfsg~ubuntu-0ubuntu2.10 Ubuntu 16.04 LTS samba – 2:4.3.11+dfsg-0ubuntu0.16.04.20 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-16860 Source: USN-3976-1: Samba vulnerability

Validating OAuth 2.0 Access Tokens with NGINX and NGINX Plus

2019-05-14 KENNETH 0

Validating OAuth 2.0 Access Tokens with NGINX and NGINX Plus Image courtesy of John T. on unsplash.com There are many options for authenticating API calls, from X.509 client certificates to HTTP Basic authentication. In recent years, however, a de facto standard has emerged in the form of OAuth 2.0 access tokens. These are authentication credentials passed from client to API server, and typically carried as an HTTP header. OAuth 2.0, however, is a maze of interconnecting standards. The processes for issuing, presenting, and validating an OAuth 2.0 authentication flow often rely on several related standards. At the time of writing there are eight OAuth 2.0 standards, and access tokens are a case in point, as the OAuth 2.0 core specification (RFC 6749) does not specify a format for access tokens. In the real world, there are two formats in common usage: JSON Web Token (JWT) as [ more… ]

Announcing UI Tests in CI/CD for Desktop App Developers

2019-05-14 KENNETH 0

Announcing UI Tests in CI/CD for Desktop App Developers For many years the ability to run UI tests in CI/CD has provided great value to web developers. This past Microsoft Build 2019 we were excited to announce desktop app developers can now also run UI tests in Azure DevOps! Desktop applications can now run automated UI tests in CI/CD on Azure DevOps using hosted or private agents, and setup is simple with a new Pipeline task. Why UI tests in CI will help App Developers Continuous Integration (CI) enables you to run automated tests of your application every time there’s a code change, and typically on servers so you’re not tying up desktop machines for testing. App developers have had the ability to run UI tests using WinAppDriver, and adding these tests to CI is important for a couple key [ more… ]