[월:] 2020년 08월

Achieving FIPS Compliance with NGINX Plus

2020-08-27 KENNETH 0

Achieving FIPS Compliance with NGINX Plus If you work in government or a regulated industry, you’ve no doubt heard of the Federal Information Processing Standards, perhaps better known by the acronym FIPS. FIPS is a very broad set of standards publications, but in the software industry the term usually refers to the publication specifically about cryptography, FIPS 140-2 Security Requirements for Cryptographic Modules. FIPS 140-2 is a product of the joint effort between the United States and Canada called the Cryptographic Module Validation Program. It standardizes the testing and certification of cryptographic modules that are accepted by the federal agencies of both countries for the protection of sensitive information. FIPS 140-2 defines four security levels (1–4) which correlate to the level of protection a FIPS‑certified module must provide. Security Level 1 relates specifically to software cryptographic modules. It stipulates which cryptographic [ more… ]

No Image

USN-4474-1: Firefox vulnerabilities

2020-08-27 KENNETH 0

USN-4474-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Source: USN-4474-1: Firefox vulnerabilities