지락문화예술공작단

Speculative Execution Bounty Launch

2018-03-15 KENNETH 0

Speculative Execution Bounty Launch Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues. Quick Facts: Bounty Duration: Open until December 31, 2018 Full Details: Speculative Execution Bounty Program Bounty Terms: Standard terms and conditions apply Bounty Tiers: (below) Tier Payout (USD) Tier 1: New categories of speculative execution attacks Up to $250,000 Tier 2: Azure speculative execution mitigation bypass Up to $200,000 Tier 3: Windows speculative execution mitigation bypass Up to $200,000 Tier 4: [ more… ]

[도서] 파이썬을 이용한 웹 크롤링과 스크레이핑

2018-03-15 KENNETH 0

[도서] 파이썬을 이용한 웹 크롤링과 스크레이핑 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]파이썬을 이용한 웹 크롤링과 스크레이핑 카토 코타 저/윤인성 역 | 위키북스 | 2018년 03월 판매가 27,000원 (10%할인) | YES포인트 1,500원(5%지급) 『파이썬을 이용한 웹 크롤링과 스크레이핑』은 파이썬을 이용한 데이터 수집과 분석을 위해 입문에서 실전까지 상세하게 설명한 책입니다. 기본적인 크롤링과 API를 활용한 데이터 수집은 물론, HTML과 XML 분석부 Source: [도서] 파이썬을 이용한 웹 크롤링과 스크레이핑

USN-3596-1: Firefox vulnerabilities

2018-03-15 KENNETH 0

USN-3596-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain sensitive information, confuse the user with misleading permission requests, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142) It was discovered that the fetch() API could incorrectly return cached copies of no-store/no-cache resources in some circumstances. [ more… ]

RHSA-2018:0522-1: Low: .NET Core on Red Hat Enterprise Linux security update

2018-03-15 KENNETH 0

RHSA-2018:0522-1: Low: .NET Core on Red Hat Enterprise Linux security update Red Hat Enterprise Linux: Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-0875 Source: RHSA-2018:0522-1: Low: .NET Core on Red Hat Enterprise Linux security update

RHSA-2018:0521-1: Important: java-1.7.1-ibm security update

2018-03-15 KENNETH 0

RHSA-2018:0521-1: Important: java-1.7.1-ibm security update Red Hat Enterprise Linux: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678 Source: RHSA-2018:0521-1: Important: java-1.7.1-ibm security update