Home Tags Hypertext Transfer Protocol (HTTP)

Tag: Hypertext Transfer Protocol (HTTP)

Spring Dragon – Updated Activity

In the beginning of 2017, Kaspersky Lab became aware of new activities by an APT actor we have been tracking for several years called Spring Dragon (also known as LotusBlossom).
Information about the new attacks arrived from a research partner in Taiwan and we decided to review the actorrsquo;s tools, techniques and activities.

VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor...

Inmarsat Solutions offers a shipboard email client service,AmosConnect 8(AC8),which was designed to be utilized over satellite networks in a highly optimized manner.

A third-party security research firm has identified two security vulnerabilities in the client software:On-board ship network access could provide visibility of user names and passwords configured on the client device.

A backdoor account has been identified in the client that provides full system privileges.

This vulnerability could be exploited remotely.

An attacker with high skill would be able to exploit this vulnerability.

AmosConnect 8 has been deemed end of life,and no longer supported.
Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software.

Why you should use Apache Solr

Apache Solr is a subproject of Apache Lucene, which is the indexing technology behind most recently created search and index technology.
Solr is a search engine at heart, but it is much more than that.
It is a NoSQL database with transactional support.
It is a document database that offers SQL support and executes it in a distributed manner.Sound interesting? Join me for a closer look. (Full disclosure: I work for Lucidworks, which employs many of the key contributors to the Solr project.)[ NoSQL grudge match: MongoDB and Couchbase Server go nose to nose. | Keep up with hot topics in programming with InfoWorldrsquo;s Application Development newsletter. ]You need a decent machine (or just use an AWS instance) with ideally 8GB or more RAM. You can find Solr at http://lucene.apache.org/solr. You also need the Java Virtual Machine version 8. Unzip/untar Solr into a directory, make sure JAVA_HOME is set, and that the java binary is in your path.

Change to the directory Solr is in and type bin/solr start -e cloud -noprompt.

This starts a two node cluster on your laptop with a sample collection called gettingstarted already loaded.To read this article in full or to leave a comment, please click here

Cisco ASR 5000 Series Aggregation Services Routers Access Control List Security...

A vulnerability in certain filtering mechanisms of access control listsnbsp;(ACLs) for Cisconbsp;ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass ACL rules that have been conf...

Cisco Web Security Appliance Administrative Interface Access Control Bypass Vulnerability

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative ma...

VU#547255: Dahua IP cameras Sonia web interface is vulnerable to stack...

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.

How to make your Web API responses consistent and useful

When working with ASP.Net Web API, it is important to return a consistent response for all the requests that are processed by your API regardless of success or failure.

This makes it a lot easier to consume the API, without requiring complex code on...

How to do partial updates to REST API resources

The HTTP verb named PATCH can be used for partial updates, i.e., when you would like to update just a few fields of a resource. While you could update a resource “partiallyrdquo; using HTTP PUT, by sending the entire resource with the updated values, that is potentially problematic.

At the very least, you might end up consuming more network bandwidth than necessary.For partial updates, HTTP PATCH is easier and safer, and ASP.NET Web API provides excellent support for HTTP PATCH requests.

This article will discuss how we can use PATCH to perform partial updates when working with RESTful services using Web API.[ Discover the power of Bash on Windows. | The power of PowerShell: PowerShell intro for Windows Server admins • PowerShell intro for Exchange admins • Essential PowerShell scripts for security admins • All about PowerShell providers and modules. | Keep up with hot topics in programming with InfoWorldrsquo;s App Dev Report newsletter. ]PATCH vs. PUT The HTTP PATCH method should be used whenever you would like to change or update just a small part of the state of the resource. You should use the PUT method only when you would like to replace the resource in its entirety. Note that PATCH is not a replacement for PUT or POST, but just a way of applying a delta update to a resource representation. Roy Fielding, who authored the REST architectural style and many web standards, said that he created PATCH because “partial PUT is never RESTful.”To read this article in full or to leave a comment, please click here

Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for...

Upgrade will allow even more webpages to be protected by HTTPS.

Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability

A vulnerability in the web-based GUI of Cisconbsp;Wide Area Application Servicesnbsp;(WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability...

The rules for REST: How to be RESTful in HTTP/JSON APIs

Recently, I was trying to write a little client script for Apache Solr.
It was just supposed to add some data, retrieve it, and delete it.
I thought Irsquo;d just do obvious things.

But as it turns out I actually had to read carefully.You see, if I post to http://localhost:8983/solr/my_collection/update/json/docs a JSON document {"id": "1","title": "Doc 1"}, it shows up somewhere other than http://localhost:8983/solr/my_collection/update/json/docs/1.[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn where HTML5 is headed next. ]Solr is essentially a search engine.
Solr has a HTTP/JSON-based API. However, it isnrsquo;t exactly a REST API because it doesnrsquo;t really follow any of the rules for a well-defined REST interface.
I whine about this sometimes. Maybe one day if I have time Irsquo;ll even fix it. (I work for Lucidworks, which does most of the development of Solr.)To read this article in full or to leave a comment, please click here

How to use correlation IDs in ASP.Net Web API

When working with microservices that communicate over the HTTP protocol, you will want to use correlation IDs to track individual requests.

Because requests might flow through many services that are spread across multiple systems, tracking them with correlation IDs will be your only hope of detecting and diagnosing errors that might creep into the middleware systems.

This article discusses what correlation IDs are, why they are useful, and how they can be used in ASP.Net Web API.What are correlation IDs? Letrsquo;s assume you have implemented a microservices architecture.
In an application comprised of microservices, different aspects of incoming requests will be handled by different microservices, all working asynchronously on their specific tasks and ultimately coming together to generate the response. Now, if something goes wrong, how would you determine by looking at the logs exactly where the request failed? Your logs might contain millions upon millions of log messages.
It would be a daunting task to find the relevant log entries among so many messages.To read this article in full or to leave a comment, please click here