Mitigating arbitrary native code execution in Microsoft Edge

2017-02-24 KENNETH 0

Mitigating arbitrary native code execution in Microsoft Edge Some of the most important security features in modern web browsers are those that you never actually see as you browse the web. These security features work behind the scenes to protect you from browser-based vulnerabilities that could be abused by hackers to compromise your device or personal data. In previous blog posts and presentations, we described some of the recent improvements that have been made to Windows 10 and Microsoft Edge in this space. Today we’re kicking off a two-part blog post that describes our vulnerability mitigation strategy and provides a technical deep-dive into some of the major security improvements that are coming to Microsoft Edge in the Creators Update of Windows 10. Framing our Vulnerability Mitigation Strategy Before we dive in, it may help to start with an overview of [ more… ]

A New Monetization Opportunity: Application Extensions + Microsoft Affiliate Program

2017-02-24 KENNETH 0

A New Monetization Opportunity: Application Extensions + Microsoft Affiliate Program Looking for more ways to monetize your app? App developers can boost their revenue through the Microsoft Affiliate Program. As an affiliate you can earn revenue by promoting content in the Windows Store and Microsoft Store, such as apps, games, music and video. Developers who place links and/or banners on their apps directing users to the Windows Store will receive a commission for each online sale driven by that in-app marketing. You may have participated in other affiliate programs where you get a commission when someone buys something that you link to – the Microsoft Affiliate Program works in much the same way, but is more expansive. A New Opportunity As an app developer, this is a golden opportunity to open a new revenue stream for Universal Windows Apps. Not [ more… ]

No Image

USN-3211-1: PHP vulnerabilities

2017-02-24 KENNETH 0

USN-3211-1: PHP vulnerabilities Ubuntu Security Notice USN-3211-1 23rd February, 2017 php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in PHP. Software description php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certainwddxPacket XML documents. A remote attacker could use this issue to causePHP to crash, resulting in a denial of [ more… ]

No Image

USN-3142-2: ImageMagick regression

2017-02-23 KENNETH 0

USN-3142-2: ImageMagick regression Ubuntu Security Notice USN-3142-2 22nd February, 2017 imagemagick regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3142-1 introduced a regression in ImageMagick. Software description imagemagick – Image manipulation programs and library Details USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixesintroduced a regression with text labels and a regression with the textcoder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update instructions The problem can be [ more… ]

[도서] Visual C++ 2015 MFC Programming

2017-02-23 KENNETH 0

[도서] Visual C++ 2015 MFC Programming 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]Visual C++ 2015 MFC Programming 정일홍 저 | 생능출판사 | 2017년 02월 판매가 33,000원 (0%할인) | YES포인트 0원(0%지급) 입문자를 위한 단계별로 따라하며 배우는 MFC 프로그래밍 이 책은 처음으로 Visual C++을 접하는 대학 초년생, 몇 번 Visual C++ 책과 씨름하였으나 아직 윈도우 프로그램을 작성하는데 문제가 있는 학생들을 위 Source: [도서] Visual C++ 2015 MFC Programming