Category: segurança

Published January 14, 2019 by

mkcert: valid HTTPS certificates for localhost

I found it today when googling for some solution for my mac and it works!

The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let’s Encrypt, development still mostly ends up happening over HTTP because no one can get an universally valid certificate for localhost.

This is a problem because more and more browser features are being made available only to secure origins, and testing with HTTP hides any mixed content issues that can break a production HTTPS website. Developing with HTTPS should be as easy as deploying with HTTPS.

link to github

segurança

Published May 25, 2018 by

IBM ICS – Product Information for General Data Protection Regulation (GDPR)

IBM publised a TechNote listing links and pdf files about GDPR for ICS products

See the TechNote here

Thanks to Robert Ingran for sharing this.

segurança

Published November 18, 2017 by

Quad9 free anycast DNS from IBM

Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. 

Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. 

Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system.

More information here

Qualidade segurança

Published November 5, 2015 by

HTTP response splitting attack in WebSphere Application Server

There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel.

More information on this link

portal segurança WebSphere WebSphere Portal

security websphere http ibm

Published October 23, 2015 by

Security Vulnerability in IBM WebSphere Portal

Several versions of WebSphere Portar are vulnerable.

BM WebSphere Portal could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within web applications. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

How to fix this vulnerability ? Go to this link from IBM

 

segurança WebSphere WebSphere Portal

security WebSphere Portal

Published May 19, 2009 by

Segurança de Grupos Domino

Em alguns casos é desejado ou necessário que algumas pessoas possam administrar os grupos no diretório Domino. Aparentemente é suficiente colocar o usuário ou grupo de usuários com acesso de editor/autor na ACL do names.nsf e marcar a role GroupModifier.  O problema é que se for dado este direito o usuário pode alterar qualquer grupo do Diretório, inclusive se colocar como LocalDomainAdmins ou Administrator ou outro grupo de segurança.
 Para solucionar o problema com segurança o  TN 1370433 explica uma alternativa onde não é necessário alterar o design do formuário Groups

segurança