21 C
Thursday, August 17, 2017
Home Tags Hypertext Markup Language (HTML)

Tag: Hypertext Markup Language (HTML)

Microsoft Windows automatically executes code specified in shortcut(LNK)files.
Open Shortest Path First(OSPF)protocol implementations may improperly determine Link State Advertisement(LSA)recency for LSAs with MaxSequenceNumber.

Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain.
And in some parts of the world, the end will come even sooner.
In the beginning of 2017, Kaspersky Lab became aware of new activities by an APT actor we have been tracking for several years called Spring Dragon (also known as LotusBlossom).
Information about the new attacks arrived from a research partner in Taiwan and we decided to review the actorrsquo;s tools, techniques and activities.
Inmarsat Solutions offers a shipboard email client service,AmosConnect 8(AC8),which was designed to be utilized over satellite networks in a highly optimized manner.

A third-party security research firm has identified two security vulnerabilities in the client software:On-board ship network access could provide visibility of user names and passwords configured on the client device.

A backdoor account has been identified in the client that provides full system privileges.

This vulnerability could be exploited remotely.

An attacker with high skill would be able to exploit this vulnerability.

AmosConnect 8 has been deemed end of life,and no longer supported.
Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software.
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
Contentious feature is added, without mandate to protect security researchers.
"High risk" exploit patch was issued in May of 2016.
Samsung Magician fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.
HPE's SiteScope is vulnerable to several cryptographic issues,insufficiently protected credentials,and missing authentication.
OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device,manufactured by CalAmp,has an SMS(text message)interface. We have found multiple deployments where no password was configured for this interface by the integrator/reseller.

Companies using the CalAmp hardware should be aware that they need to set a password or disable SMS.
Vendors were notified and the SMS interface was disabled or password-protected by all vendors known to be affected.
Years ago, all you needed to be a developer was an editor, a compiler, and hopefully some kind of revision control system. (Sadly, many developers still donrsquo;t use revision control systems properly.)These days, you need to know more even for basic software development. Herersquo;s the top 10 list of tools every modern developer should know and use:[ The art of programming moves rapidly.
InfoWorld helps you navigate whatrsquo;s running hot and what's going cold. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]
Git and GitHub: Although there are companies that still use Subversion or CVS even, let alone the awful Clearcase, you probably shouldnrsquo;t work at one of them.

Git is now a basic skill like tying your shoes or spell checking. SSH: Yeah, I know: Yoursquo;re a Windows developer and you donrsquo;t know no stinking shell.

But yoursquo;re going to run into having to create an SSH key or do other SSH stuff.
So you may as well learn now. Terminal Services or remote login: Even if yoursquo;re a Linux or Mac person, sooner or later yoursquo;ll have to deal with Windows.

These tools are how you will connect in. Amazon Web Services: AWS isnrsquo;t just cloud, it is the reason you donrsquo;t have to wait on IT.

There are other cloud providers, but yoursquo;ll have to deal with AWS sooner or later.

AWS has gotten so big that you canrsquo;t know all of AWS any more, but you do need to know at least the EC2 stuff. JavaScript: You donrsquo;t need to know it cold, but this is the scripting language of the now.
If a product or tool is going to add a scripting API, it will probably be for JavaScript. Bash and PowerShell: Sure, more modern devops tools are handy, but sooner or later something isnrsquo;t going to work and it wonrsquo;t have quite what you need.
So, expect to need to know how to write a basic restart script, grab an error code from an exiting command, or do a few things in a loop.

Thatrsquo;s what Bash (in Linux, many Unixes, MacOS, and Windows 10) and Microsoftrsquo;s PowerShell let you do.

Bonus: Add a tool like Grep (PowerShellrsquo;s equivalent Select-String is more wordy) and yoursquo;ll be an even more powerful deity. MongoDB: You need to know how to work with at least one document database. MongoDB is the easiest to learn. Whether yoursquo;re ultimately going to use MongoDB isnrsquo;t relevant; what matters is learning how to deal with a new-generation database.
If yoursquo;re going to use an index like Apache Solr, which is document-shaped, or yoursquo;re going to work with a more columnar structured database, the MongoDB skills will transfer. Curl and Invoke-RestMethod: Most software now has a REST API. On Mac and Linux, Curl is the command-line tool that lets you test and tweak and even script against a REST API.
In PowerShell, it is Invoke-RestMethod (although like everything on PowerShell, it requires more typing).

There are GUI tools like Postman that accomplish the same work, but a serious developer needs to be able to move past a point-and-click interface for efficiencyrsquo;s sake. Markdown: This is the format of the README.md file in GitHub. You should be able to read and write a simple Markdown document.

And thatrsquo;s easy because it has just seven symbols: (# is a header, ## is a subheader, * is a bullet, __ and ** are bold, _ and * are italics, ` is monospace, and --- is a break or rule). Markdown editors often have extensions but those are the basics.

From that basic markup language, you can get slides, PDFs, and HTML. Often these output formats can be consistently formatted with CSS or some other way.

Best of all, you donrsquo;t end up with smart quotes in your code samples. Basic HTML: I canrsquo;t make a decent-looking web page to save my life; Irsquo;m a back-end developer.

But whether yoursquo;re going to stub something out or have to parse HTML, you will need to know basics of the web markup language. To read this article in full or to leave a comment, please click here