Articles by KENNETH

About KENNETH
지락문화예술공작단

HTTP Strict Transport Security (HSTS) and NGINX

2016-03-24 KENNETH 0

HTTP Strict Transport Security (HSTS) and NGINX Netcraft recently published a study of the SSL/TLS sites they monitor, and observed that only 5% of them correctly implement HTTP Strict Transport Security (HSTS). This article describes how to configure NGINX and NGINX Plus to implement an HSTS policy. What is HSTS? HTTPS (SSL and TLS) is an essential part of the measures to secure traffic to a website, making it very difficult for an attacker to intercept, modify, or fake traffic between a user and the website. When a user enters the web domain manually or follows a plain http:// link, the first request to the website is sent unencrypted, using plain HTTP. Most secured websites immediately send back a redirect to upgrade the user to an HTTPS connection, but a well-placed attacker can mount a man-in-the-middle (MITM) attack to intercept the [ more… ]

No Image

USN-2939-1: LibTIFF vulnerabilities

2016-03-24 KENNETH 0

USN-2939-1: LibTIFF vulnerabilities Ubuntu Security Notice USN-2939-1 23rd March, 2016 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details It was discovered that LibTIFF incorrectly handled certain malformedimages. If a user or automated system were tricked into opening a speciallycrafted image, a remote attacker could crash the application, leading to adenial of service, or possibly execute arbitrary code with user privileges. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libtiff5 4.0.3-12.3ubuntu2.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.4 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.9 To update your system, please follow [ more… ]

No Image

General Tablespaces in MySQL 5.7 – Details and Tips

2016-03-23 KENNETH 0

General Tablespaces in MySQL 5.7 – Details and Tips InnoDB in MySQL 5.7 introduced for the first time the ability to create a general tablespace and assign multiple tables to it.  These tablespaces can be assigned anywhere on the system.  They can even be assigned a smaller block size so that they can contain compressed tables that use that size as their key_block_size.… Source: General Tablespaces in MySQL 5.7 – Details and Tips

No Image

RHSA-2016:0497-1: Important: git19-git security update

2016-03-23 KENNETH 0

RHSA-2016:0497-1: Important: git19-git security update Red Hat Enterprise Linux: Updated git19-git packages that fix two security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2016-2315, CVE-2016-2324 Source: RHSA-2016:0497-1: Important: git19-git security update

No Image

RHSA-2016:0496-1: Important: git security update

2016-03-23 KENNETH 0

RHSA-2016:0496-1: Important: git security update Red Hat Enterprise Linux: Updated git packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2016-2315, CVE-2016-2324 Source: RHSA-2016:0496-1: Important: git security update