Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

Announcing Windows 11 Insider Preview Build 25217

2022-10-07 KENNETH 0

Announcing Windows 11 Insider Preview Build 25217 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25217 to the Dev Channel. TL;DR Developers can start building and testing 3rd party widgets on the latest Insider Preview builds in the Dev Channel and the WinAppSDK 1.2 preview 2 release. Details and links below. This build includes a few input-related changes and fixes. Some Insiders are seeing a sneak peek of a new video calling experience for Chat on Windows 11. Details below. We are beginning to roll out a Microsoft Store update that includes a few improvements including highlight games included with Game Pass. What’s new Developers can start building 3rd party widgets We are excited to announce support for 3rd party widgets as part of the WinAppSDK 1.2 preview 2 release. Our team has been working hard [ more… ]

Secure API Access with NGINX and Azure Active Directory

2022-10-07 KENNETH 0

Secure API Access with NGINX and Azure Active Directory APIs play a critical role in application connectivity, but they are also vulnerable to attacks. In the past, with monolithic apps, there was only one entry point to secure. In microservices architectures, a single app often consists of many microservices connected via APIs, and each of those APIs could have hundreds of endpoints. This makes the potential attack surface for APIs huge, with every new API creating an entry point in your security perimeter. There are many strategies to secure your APIs. One of the most fundamental is access control. Simply put, you must verify the user’s identity (authentication, or AuthN) and confirm that they can access certain resources (authorization, or AuthZ). Implementing OpenID Connect (OIDC) is one of the most common access control approaches used for APIs. You can get [ more… ]

[도서] 페도라로 실습하는 리눅스 시스템 관리 Vol.1

2022-10-06 KENNETH 0

[도서] 페도라로 실습하는 리눅스 시스템 관리 Vol.1 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]페도라로 실습하는 리눅스 시스템 관리 Vol.1 데이빗 보스 저/김기주,나가진,송지연 공역 | 에이콘출판사 | 2022년 10월 판매가 40,500원 (10%할인) | YES포인트 2,250원(5%지급) 버추얼박스(VirtualBox)라는 무료 VM(Virtual Machine)과 페도라를 이용해 리눅스 시스템 사용과 관리를 실습할 수 있는 책이다. 1권에서 기본적인 셸과 명령 줄 도구들로 시작해 2권에서 디스크, 프린터, 네트워킹, Source: [도서] 페도라로 실습하는 리눅스 시스템 관리 Vol.1

No Image

USN-5661-1: LibreOffice vulnerabilities

2022-10-06 KENNETH 0

USN-5661-1: LibreOffice vulnerabilities It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. (CVE-2022-26305) It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for storing passwords for web connections. A local attacker could possibly use this issue to obtain access to passwords stored in the user’s configuration data. (CVE-2022-26306, CVE-2022-26307) Source: USN-5661-1: LibreOffice vulnerabilities

No Image

USN-5660-1: Linux kernel (GCP) vulnerabilities

2022-10-06 KENNETH 0

USN-5660-1: Linux kernel (GCP) vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) [ more… ]