➠ Cloudflare Public Bug Bounty: cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests
➠ Komplette Nachricht lesen
The value of the cd (check disabled) flag was not correctly validated in DNS-over-HTTPS JSON API requests to cloudflare-dns.com. In result, despite explicitly setting the flag value to 0 or false (according to the Cloudflare 22.214.171.124 documentation) the DNSSEC verification was not enforced for an unaware end user. The fix was released by Cloudflare Engineering team and the flag in question is now validated......
➤ Ähnliche Beiträge für 'Cloudflare Public Bug Bounty: cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests'
Domotics - a can-o-worms vom 2537.98 Punkte
This morning, I’ve been browsing and thinking about ISO/IEC 27403, a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. Compared to a [reasonably well controlled] corporate situation, there are numerous ‘challenges’ (risks) in the home
Information risk and security management reporting vom 2537.81 Punkte
Last Thursday, a member of the ISO27k Forum launched a new discussion thread with this poser (lightly edited):"Having recently become an ISMS coordinator, I must prepare a monthly report to management. How does one write an information security report? What should be reported?" Over the weekend we've raised an
Professional services - concluding phase vom 2535.33 Punkte
Having introduced this blog series and covered information risks applicable to the preliminary and operational phases of a professional services engagement, it's time to cover the third and final phase when the engagement and business relationship comes to an end.Eventually, all relationships draw to
Professional services - operational phase vom 2532.82 Punkte
Following-on from the preliminary phase I covered yesterday, the longest phase of most professional services engagements is the part where the services are delivered. With the contractual formalities out of the way, the supplier starts the service, providing consultancy support or specialist advice. The client receives
Windows 10 SDK Preview Build 18298 available now! vom 1074.53 Punkte
Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18298 or greater). The Preview SDK Build 18298 contains bug fixes and under development changes to the API surface area.
DNS over HTTPS (DoH): Ultimate Guide vom 1035.16 Punkte
Can you imagine a situation when clients are hacked even before they connect to website they are willing to browse. That's the trick which hackers use to hack websites even highly secure websites!! Are you using SSL certificate on your web server?
5 useful JSON tools to improve your productivity vom 927.74 Punkte
Global internet health check and network outage report vom 893.06 Punkte
The reliability of services delivered by ISPs, cloud providers and conferencing services (such as unified communications-as-a-service) is critical for enterprise organizations. ThousandEyes monitors how providers are handling any performance challenges
Gimp für Einsteiger: Die besten Tipps zur Bildverbesserung – 27. Geburtstag vom 799.28 Punkte
Update 22.11.022: Gimp ist 27 Jahre alt Vor 27 Jahren, am 21.11.1995, erschien die erste Version von Gimp. Mehr dazu lesen Sie hier. Update Ende Das ist Gimp Das Bildbearbeitungsprogramm Gimp (GNU Image Manipulation Program) ist eine kostenlose, aber trotzdem leistungsstarke Bildbearbeitung. Mit wenigen Mausklicks peppen Sie mittelmäßige Fotos sichtbar auf, verändern Farben, Kontrast und Helligkeit und schneiden die Bilder ganz auf Ihre Bedürf
Announcing Secure DNS with Twingate vom 760.69 Punkte
Businesses around the world are in the midst of a tectonic shift to support a work-from-anywhere workforce without sacrificing company security. Our customers tell us their IT and security teams are grappling with how to provide employees with the same
CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints vom 735.66 Punkte
REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort!Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and headerIntelligent: tests are generated based on data types and constraint
What is JSON? vom 729.67 Punkte