Join Us Again for Global WordPress Translation Day

2016-10-14 KENNETH 0

Join Us Again for Global WordPress Translation Day The WordPress Polyglots team is organizing the second Global WordPress Translation Day on November 12th. Everyone is invited to join – from anywhere in the world! Translating is one of the easiest ways to get involved with WordPress and contribute to the project. Global WordPress Translation Day is your chance to learn more about translating WordPress, meet people from all over the world, and translate WordPress into one of more than 160 languages. Join us on November 12th from anywhere in the world The translation day starts on Saturday, November 12th, 2016, at 0:00 UTC and ends 24 hours later. See what time that is for you! You can join right from the start, or any time it’s convenient for you throughout the day. What are we doing? Local contributor days are happening all over the world, and are a great way [ more… ]

No Image

Mozilla SSL Configuration Generator

2016-10-14 KENNETH 0

URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/   웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ   샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" … </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)   2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more… ]

No Image

RedHat 계열 Apache Tomcat 신규 취약점 보안 업데이트 권고

2016-10-14 KENNETH 0

출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24646   □ 개요 o RedHat社는 RedHat 기반 시스템의 Apache Tomcat에서 발생하는 취약점을 해결한 보안 업데이트를 발표[1] – RedHat Enterprise Linux 7 기반 시스템이 해당되며 공격자가 해당 취약점을 악용하여 로컬권한상승을 통해 시스템 제어권한을 획득할 수 있음 □ 설명 o tomcat.conf의 취약한 파일 권한으로 인해 발생할 수 있는 로컬권한상승 취약점(CVE-2016-5425) □ 해당 시스템 o 영향 받는 제품 및 버전 – RedHat Enterprise Linux 7 기반 시스템의 기본 저장소 Apache Tomcat 6/7/8 버전 ※ 해당 OS : RedHat, CentOS, Fedora, Oracle Linux, openSUSE □ 해결 방안 o 해당 벤더사의 최신 Apache Tomcat 패키지 업데이트 o 패키지 업데이트가 불가능한 사용자는 /usr/lib/tmpfiles.d/tomcat.conf 파일의 쓰기권한을 제거 – chmod 644 /usr/lib/tmpfiles.d/tomcat.conf 명령어를 통해 권한을 변경 □ 기타 문의사항 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118 [참고사이트] [1] https://access.redhat.com/security/cve/CVE-2016-5425

Instagram app for Windows 10 expands to PC and tablets

2016-10-14 KENNETH 0

Instagram app for Windows 10 expands to PC and tablets We’re excited to share that the Instagram app for Windows 10 is expanding beyond its current mobile availability and is optimized for tablets and PCs today. The app is free to download from the Windows Store. We welcomed the Instagram app for Windows 10 mobile back in April, and you can now use the app right from your Windows 10 tablet or PC with Windows-only experiences such as Live Tiles, which let you see new photos and notifications right from your home screen. Here are some of the features you can use in Instagram for Windows 10: Post and edit photos* – Instagram makes sharing moments with everyone in your world easy, speedy, and fun. Stories – Stories from people you follow will appear in a row at the top of [ more… ]

No Image

USN-3097-2: Linux kernel (OMAP4) vulnerabilities

2016-10-14 KENNETH 0

USN-3097-2: Linux kernel (OMAP4) vulnerabilities Ubuntu Security Notice USN-3097-2 13th October, 2016 linux-ti-omap4 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-ti-omap4 – Linux kernel for OMAP4 Details Marco Grassi discovered a use-after-free condition could occur in the TCPretransmit queue handling code in the Linux kernel. A local attacker coulduse this to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in theLinux kernel. A local attacker could use this to corrupt audit logs ordisrupt system-call auditing. (CVE-2016-6136) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controllerdriver in the Linux kernel when handling ioctl()s. A local attacker coulduse this to cause a denial of service (system [ more… ]