Articles by KENNETH

About KENNETH
지락문화예술공작단

Web Application Security

2017-07-01 KENNETH 0

Web Application Security td { padding-right: 10px; } This post is adapted from a presentation at nginx.conf in September 2016. You can view a recording of the presentation on YouTube. Table of Contents 0:00 Introduction 0:17 Acronym Soup A 1:00 Acronym Soup WAF 1:07 Acronym Soup SAST 1:17 Acronym Soup DAST 1:23 Acronym Soup IAST 1:37 Acronym Soup RASP 1:48 Annual Pedants Conference 2:13 Definition of Terms 3:14 Definition of Terms, continued 3:53 Definition of Terms, continued 4:35 Does The Difference Even Matter… 4:56 What You Really Want From A Solution 4:59 What You Really Want From A Solution, continued 5:25 What You Really Want From A Solution, continued 5:58 What You Really Want From A Solution, continued 6:24 Why Does App Sec Have to Change? 6:39 Traditional Application Development 6:56 Traditional Application Security 7:27 Modern Application Development 8:38 Modern [ more… ]

Ensuring Windows 10 devices are up to date has never been more important

2017-07-01 KENNETH 0

Ensuring Windows 10 devices are up to date has never been more important The most secure Windows device today is an updated one: running both the most recent feature update – the Windows 10 Creators Update – and the most recent monthly quality update. In each Windows feature update we build the latest security technology deep into the operating system, providing defense-in-depth features that prevent entire classes of malware from impacting your device.  In each monthly quality update, we add another layer of security, one that tracks emerging and changing trends in malware to make up-to-date systems safer in the face of changing and evolving threats. Taking extra steps to keep systems updated and secure Given the Windows 10 Creators Update provides the latest security protections to help keep you safe, we want to help update your device as soon as possible. [ more… ]

No Image

Windows App Studio being sunset

2017-07-01 KENNETH 0

Windows App Studio being sunset We want to directly thank each of the users of Windows App Studio and we want to be sure you have a smooth transition off when Windows App Studio service ends on December 1, 2017. What will happen to App Studio afterwards? Windows Template Studio is the evolution of Windows App Studio. We took our learnings from the code generation engine and the existing wizard to provide a strong foundation for our code generation and developer experience in Windows Template Studio. Best of all, it is open source over at http://aka.ms/wts. Details on the transition Windows App Studio has been a free, online app creation tool that allowed enthusiasts and developers to quickly build complete Windows Universal Apps. Applications using Windows App Studio then could also be downloaded, extended and compiled with Visual Studio and submitted to [ more… ]

No Image

USN-3346-1: bind9 vulnerabilities

2017-06-30 KENNETH 0

USN-3346-1: bind9 vulnerabilities Ubuntu Security Notice USN-3346-1 29th June, 2017 bind9 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Bind could be made to serve incorrect information or expose sensitive information over the network. Software description bind9 – Internet Domain Name Server Details Clément Berthaux discovered that Bind did not correctly check TSIGauthentication for zone update requests. An attacker could use thisto improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIGauthentication for zone transfer requests. An attacker could use thisto improperly transfer entire zones. (CVE-2017-3142) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.1 Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.7 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.7 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.15 [ more… ]

No Image

USN-3342-2: Linux kernel (HWE) vulnerabilities

2017-06-30 KENNETH 0

USN-3342-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3342-2 29th June, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. USN-3333-1 fixed a vulnerability in the Linux kernel. However, thatfix introduced regressions for some Java applications. This updateaddresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free flaw existed in the filesystemencryption subsystem in the Linux kernel. A local attacker could use thisto cause a denial of service (system crash). (CVE-2017-7374) Roee Hay discovered that the parallel port printer driver [ more… ]