Google only stopped scanning the emails for advertising purposes, as the article states. Google definitely actively scans emails for malicious content (see https://support.google.com/mail/answer/25760?hl=en and…
https://www.hackerone.com/company/open-source-community HackerOne has a free offering for open source projects. ^^ Let me know if you have any questions (I manage it). :-)
Now, that could be a valid issue, indeed, though not sure for how long I care about those devices continuing to work without any valid upgrade path... Using things like HSTS and CSP's `upgrade-insecure-requests` would…
> There are always practical limitations to site-wide technical changes, and HTTPS Everywhere is no different. Sites and content we consider ‘archival’ that involve no signing in or personalisation, such as the News…
> Earlier in 2016, the Chromium development team decided to implement a change to Google Chrome, preventing access to certain in-browser features on ‘insecure’ (non-HTTPS) web pages. In practice, this meant that key…
Isn't this why projects such as Homebrew thrive? For me personally, I just `brew install git`, and I keep it updated that way (`brew update && brew upgrade`)... Sure, Apple should ship a fix, but there are ways around…
https://developer.mozilla.org/en-US/docs/Web/API/RandomSourc... solves that. Just need to tweak the code. I submitted https://github.com/arik-so/tsa/issues/4 about this issue.
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1557787 is the tracking bug for this issue. Seems like it's fixed on xenial but not yet in older releases.
Note that Seafile seems to still be using a very old and EOL'd version of Django that has known security issues (currently v1.5.12, I believe). https://github.com/haiwen/seafile/issues/1502
Just use Let's Encrypt. :) Signed, The guy who marked that bug report invalid.
Zenefits and ZenPayroll are two completely different companies. Don't let the "Zen" part confuse you. :)
Ah, so this is why Facebook tries to load Flash on almost every page... Allows them to gather data like this. Always wondered why Flash was "needed". (another reason to put Flash behind click-to-play and/or push for…
Yes, Firefox has supported public key pinning for a while now. You can check the latest status at https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinn...
Yet another new crypto protocol... "Yay" What about when HTTP/2 becomes popular? You'll still have to deal with TLS then unless you deal with TCP connections directly (and bypass HTTP).
Please read http://www.djm.org.uk/protect-yourself-from-non-obvious-dang... (https://news.ycombinator.com/item?id=8385213).
Dupe of https://news.ycombinator.com/item?id=8452931
It's always a good idea to regularly check https://wiki.mozilla.org/Security/Server_Side_TLS and ensure your web servers / load balancers are using the best possible (for your particular users) settings. If you don't…
If it's truely unused, you should be using /bin/false instead of /bin/sh. Note that /bin/sh is not always dash in many cases, so just because you are using /bin/sh over /bin/bash doesn't mean you're not vulnerable.
You can't buy Landscape directly, sadly... You have to pay for Ubuntu Advantage, which is their support offering, which is why it's a ridiculous $$$ per server.
I have no interest in paying for Ubuntu Advantage. I would happily pay a reasonable amount for just Landscape, but Canonical doesn't offer that. Get your sales guys to fix that, and you'll end up with a lot more…
Not sure how power issues would affect every single region. Logic dictates it's likely a security issue.
60-120 days? Your equipment will all be fully compromised by then. I can understand not updating for feature/bug fix updates, but for security updates, you should be patching as soon as possible.
This is nothing like Google CRLSet. CRLSet is just a way of collecting the CRLs from a ton of different CAs and having a way to push those out to Chrome browsers easily without users having to individually download them…
Does this support HTTPS or just HTTP? If it supports HTTPS, does it support TLS pinning?
There's no security problem here. If you refresh the page, you're given a new set of keys/salts. This is an API for random key/salt generation for use in WordPress installs.
Google only stopped scanning the emails for advertising purposes, as the article states. Google definitely actively scans emails for malicious content (see https://support.google.com/mail/answer/25760?hl=en and…
https://www.hackerone.com/company/open-source-community HackerOne has a free offering for open source projects. ^^ Let me know if you have any questions (I manage it). :-)
Now, that could be a valid issue, indeed, though not sure for how long I care about those devices continuing to work without any valid upgrade path... Using things like HSTS and CSP's `upgrade-insecure-requests` would…
> There are always practical limitations to site-wide technical changes, and HTTPS Everywhere is no different. Sites and content we consider ‘archival’ that involve no signing in or personalisation, such as the News…
> Earlier in 2016, the Chromium development team decided to implement a change to Google Chrome, preventing access to certain in-browser features on ‘insecure’ (non-HTTPS) web pages. In practice, this meant that key…
Isn't this why projects such as Homebrew thrive? For me personally, I just `brew install git`, and I keep it updated that way (`brew update && brew upgrade`)... Sure, Apple should ship a fix, but there are ways around…
https://developer.mozilla.org/en-US/docs/Web/API/RandomSourc... solves that. Just need to tweak the code. I submitted https://github.com/arik-so/tsa/issues/4 about this issue.
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1557787 is the tracking bug for this issue. Seems like it's fixed on xenial but not yet in older releases.
Note that Seafile seems to still be using a very old and EOL'd version of Django that has known security issues (currently v1.5.12, I believe). https://github.com/haiwen/seafile/issues/1502
Just use Let's Encrypt. :) Signed, The guy who marked that bug report invalid.
Zenefits and ZenPayroll are two completely different companies. Don't let the "Zen" part confuse you. :)
Ah, so this is why Facebook tries to load Flash on almost every page... Allows them to gather data like this. Always wondered why Flash was "needed". (another reason to put Flash behind click-to-play and/or push for…
Yes, Firefox has supported public key pinning for a while now. You can check the latest status at https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinn...
Yet another new crypto protocol... "Yay" What about when HTTP/2 becomes popular? You'll still have to deal with TLS then unless you deal with TCP connections directly (and bypass HTTP).
Please read http://www.djm.org.uk/protect-yourself-from-non-obvious-dang... (https://news.ycombinator.com/item?id=8385213).
Dupe of https://news.ycombinator.com/item?id=8452931
It's always a good idea to regularly check https://wiki.mozilla.org/Security/Server_Side_TLS and ensure your web servers / load balancers are using the best possible (for your particular users) settings. If you don't…
If it's truely unused, you should be using /bin/false instead of /bin/sh. Note that /bin/sh is not always dash in many cases, so just because you are using /bin/sh over /bin/bash doesn't mean you're not vulnerable.
You can't buy Landscape directly, sadly... You have to pay for Ubuntu Advantage, which is their support offering, which is why it's a ridiculous $$$ per server.
I have no interest in paying for Ubuntu Advantage. I would happily pay a reasonable amount for just Landscape, but Canonical doesn't offer that. Get your sales guys to fix that, and you'll end up with a lot more…
Not sure how power issues would affect every single region. Logic dictates it's likely a security issue.
60-120 days? Your equipment will all be fully compromised by then. I can understand not updating for feature/bug fix updates, but for security updates, you should be patching as soon as possible.
This is nothing like Google CRLSet. CRLSet is just a way of collecting the CRLs from a ton of different CAs and having a way to push those out to Chrome browsers easily without users having to individually download them…
Does this support HTTPS or just HTTP? If it supports HTTPS, does it support TLS pinning?
There's no security problem here. If you refresh the page, you're given a new set of keys/salts. This is an API for random key/salt generation for use in WordPress installs.