Tag Archives: fortinet

AWS WAF 提供隨時更新的 Managed Rules

AWS WAF 推出了隨時更新的 Managed Rule:「Ready-to-Use Managed Rules Now Available on AWS WAF」。 這些 ruleset 是由 3rd-party 提供的: Choose from preconfigured RuleGroups provided in the AWS Marketplace by industry leading security experts: Alert Logic, Fortinet, Imperva, Trend Micro and TrustWave. 然後隨時更新: … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, Service, WWW|Tagged , , , , , , , , , , , , , , , , , , , , , , |Leave a comment

The DUHK Attack:因為亂數產生器的問題而造成的安全漏洞

在 Bruce Schneier 那邊看到的:「Attack on Old ANSI Random Number Generator」,攻擊的網站在「The DUHK Attack」,論文在「Practical state recovery attacks against legacy RNG implementations (PDF)」。 攻擊的對象是 ANSI X9.31 Random Number Generator: DUHK (Don't Use Hard-coded Keys) is a vulnerability that affects devices using the ANSI … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security|Tagged , , , , , , , , , , , , , , , |Leave a comment

Cisco 與 Fortinet 防火牆的 RCE 漏洞

NSA 使用這些漏洞來大量監聽企業的流量:「Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm」。 Cisco 已經確認這個安全性漏洞了,全系列包括已經停產的 Cisco PIX、上個世代的 Cisco ASA 5500 (但還有些型號還在賣),以及目前主力的 Cisco ASA 5500-X,另外還包括了安全模組系列也中獎:「Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability」。 Cisco ASA 5500 Series Adaptive Security … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Political, Security, Social, VPN, WWW|Tagged , , , , , , , , , , , , , , , , |Leave a comment