Firefox 52 released

Added support for WebAssembly, an emerging standard that brings near-native performance to Web-based games, apps, and software libraries without the use of plugins.

Added automatic captive portal detection, for easier access to Wi-Fi hotspots. When accessing the Internet via a captive portal, Firefox will alert users and open the portal login page in a new tab.

Implemented the Strict Secure Cookies specification which forbids insecure HTTP sites from setting cookies with the “secure” attribute. In some cases, this will prevent an insecure site from setting a cookie with the same name as an existing “secure” cookie from the same base domain.

Added user warnings for non-secure HTTP pages with logins. Firefox now displays a “This connection is not secure” message when users click into the username and password fields on pages that don’t use


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/btoLRaIUJIQ/

Original article

Building an API Gateway with Lua and Nginx

When we work on microservices, there are often a number of common concerns / functionalities that should be shared amongst different services.

These common functionality include authentication, monitoring, logging, rate-limiting, IP whitelisting, and request transformations.

Instead of having each service verify their own request guarantees, it makes sense to offload these functionalities to a central gateway / proxy. This way, your engineering team is focused on building actual features/services and less boilerplate.

Most of the functionality of a service should be delegated to a proxy.

This pattern is often called the API Gateway.

Today, we’ll be building a simple API gateway from scratch. Alternatively, you can use some existing open source / commercial gateways from this curated list.

A Minimum Viable Gateway

For simplicity, we’ll work on just two core features:

Routing: We want to specify which services to forward requests to when a request hits a particular route at our gateway.

Request Transformation:


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/hH3HmPl6Uko/

Original article

Notepad++ V 7.3.3 – Fix CIA Hacking Notepad++ Issue

Home
News
Fix CIA Hacking Issue
08 Mar 2017 21:58:00

“Vault 7: CIA Hacking Tools Revealed” has been published by Wikileaks recentely, and Notepad++ is on the list.
The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.It doesn’t mean that CIA is interested in your coding skill or in your sex message content, but rather it prevents raising any red flags while the DLL does data collection in the background.
For remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch.
Checking the certificate of a DLL makes it harder to hack. Note that once users’ PCs


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/4-zdpzMFocQ/notepad-7.3.3-fix-cia-hacking-issue.html

Original article

The busy JavaScript developer’s guide to LoopBack: Hello, World!

LoopBack is one of many open source Node.js frameworks that have
recently rebooted the possibilities for server-side JavaScript development.
Set up LoopBack in your development environment, then write your first
LoopBack API using the command line and IBM API Connect, an API lifecycle
management platform.


Original URL: http://www.ibm.com/developerworks/opensource/library/wa-get-started-with-loopback-neward-1/index.html?ca=drs-

Original article

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XXew9yWWGTU/mozilla-firefox-52-released-as-esr-branch-will-receive-security-updates-until-2018

Original article

Logitech G Pro Mechanical Gaming Keyboard now available

PC gaming is a huge business nowadays, with consumers not only spending a lot of money on games and hardware, but dedicating much time to the pastime too. Heck, people don’t just play video games themselves, they also watch other people play them. Amazon’s Twitch platform is full of people streaming themselves playing games, and even more people watching them. As the gaming scene grows, the hardware offerings seem to get better and better. After all, the bigger the market, the bigger the incentive to cater to it. Logitech has long supported the PC gaming community, especially with its iconic… [Continue Reading]


Original URL: https://betanews.com/2017/03/07/logitech-g-pro-mechanical-gaming-keyboard-esports/

Original article

Services – Critical – Arbitrary Code Execution – SA-CONTRIB-2017-029

Advisory ID: DRUPAL-SA-CONTRIB-2016-029
Project: Services (third-party module)
Version: 7.x
Date: 2017-March-08
Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Arbitrary PHP code execution
Description
This module provides a standardized solution for building API’s so that external clients can communicate with Drupal.
The module accepts user submitted data in PHP’s serialization format (“Content-Type: application/vnd.php.serialized”) which can lead to arbitrary remote code execution.
This vulnerability is mitigated by the fact that an attacker must know your Service Endpoint’s path, and your Service Endpoint must have “application/vnd.php.serialized” enabled as a request parser.

CVE identifier(s) issued
A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
Services 7.x-3.x versions prior to 7.x-3.19.
Drupal core is not affected. If you do not use the contributed Services module, there is nothing you need to do.
Solution
Install the latest version:
If you use the Services 3.x module for Drupal 7.x, upgrade to Services 7.x-3.19
You may disable “application/vnd.php.serialized” under “Request parsing” in Drupal to prevent


Original URL: https://www.drupal.org/node/2858847

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: