Home Tags Hypertext Transfer Protocol (HTTP)

Tag: Hypertext Transfer Protocol (HTTP)

Google tightens noose on HTTP: Chrome to stick ‘Not secure’ on...

In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.

Chrome to Mark More HTTP Pages ‘Not Secure’

Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode

IDG Contributor Network: My two cents on using the IHttpActionResult interface...

Microsoft's WebAPI has for quite some time been the framework of choice for building RESTful services that can work over HTTP. The IHttpActionResult interface has been introduced with WebAPI version 2 and provides a different way to send back responses from your WebAPI controller methods, and it leverages async and await by default.Essentially, IHttpActionResult is a factory for HttpResponsemessage.

The IHttpActionResult interface is contained in the System.Web.Http namespace and creates an instance of HttpResponseMessage asynchronously.

The IHttpActionResult comprises a collection of custom in-built responses that include: Ok, BadRequest, Exception, Conflict, Redirect, NotFound, and Unauthorized.To read this article in full or to leave a comment, please click here

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

Rooby language unites Go, Ruby

The Go and Ruby languages are partnered in the Rooby language intended for efficient development of microservices.The object-oriented language has Ruby's syntax and is written in Go.
It's for developing microservices that should be performant and ea...

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

Serverless computing picks up new Docker option

Serverless computing and Docker are fast turning into seatmates. Where you find one, you'll find the other.Case in point: Hyper.sh, a container hosting service that uses custom hypervisor technology to run containers on bare metal, has introduced Func, a Docker-centric spin on serverless computing.[ Get started: A developer’s guide to serverless computing. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]Func allows a user to deploy a function, triggered by a call, via a Docker image.

The image needs to be more or less self-contained ("code, dependencies, and data," according to the documentation) and parked in a public container registry. HTTP requests are sent to a running copy of the container image, and they can be retrieved by a function call ID. Headers in the request are available as environment variables. To read this article in full or to leave a comment, please click here

VU#334207: DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to...

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point,and allows full file permissions to the anonymous user.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure...

Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references.

VU#507496: GIGABYTE BRIX UEFI firmware fails to implement write protection and...

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms,versions vF6 and vF2 respectively,fails to properly set the BIOSWE,BLE,SMM_BWP,and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write arbitrary code to the platform firmware,potentially allowing for persistent firmware level rootkits or the creation of a permanent denial of service condition in the platform.