What's New In DevTools (Chrome 93) | Blog | Chrome for Developers
Editable CSS container queries in the Styles pane You can now view and edit CSS container queries in the Styles pane. Container queries provide a much more dynamic approach to responsive design. The @container at-rule works in a similar way to a media query with @media. However, instead of querying the viewport and user agent for information, @container queries the ancestor container that matches
The latest news and insights from Google on security and safety on the Internet Unknown said... I don't think 'Certificate Transparency' is all it is made out to be. Why Google has abandoned enforcing certificate revocation via OCSP and CRL, is beyond me. You are the only ones with the position to get the CA's to return revocation information in a timely and meaningful manner - why not do that ins
AWS Certificate Manager (ACM)のCT(Certificate Transparency)をオプトアウトする | DevelopersIO
現時点ではAWS Management Consoleではオプトアウトに対応していないため、設定はAWS CLIなどACMのAPIを呼ぶ仕組みで対応します。今回はAWS CLIで設定します。 既存の証明書でCTをオプトアウトする AWS CLIで証明書のオプションを変更するaws acm update-certificate-optionsコマンドの--optionsオプションで指定します。証明書をARNで選択するので事前に控えておきましょう。 $ aws acm update-certificate-options \ --certificate-arn arn:aws:acm:us-east-1:XXXXXXXXXXXX:certificate/XXXXXXXXXXXX \ --options CertificateTransparencyLoggingPreference=DISAB
GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT
anubis: Anubis-DB - https://github.com/jonluca/anubis bevigil: CloudSEK BeVigil scans mobile application for OSINT assets (Requires an API key, see below.) - https://bevigil.com/osint-api baidu: Baidu search engine - www.baidu.com binaryedge: List of known subdomains (Requires an API key, see below.) - https://www.binaryedge.io bing: Microsoft search engine - https://www.bing.com bingapi: Microsof
Apple Platform Deployment Welcome Intro to Apple platform deployment What’s new Plan the deployment Intro to declarative device management and MDM Declarative device management Intro to declarative device management Use declarative device management to manage Apple devices Mobile device management Intro to MDM profiles Intro to MDM payloads About device supervision Choose a deployment model Apple
Retrieved from Google 'Aviator' log. (ct.googleapis.com/aviator) Input Log Entry Number 1 - 14234525 (last number retrieved at 2016/04/11) number: or... GACHA GACHA See Also About this page (Written in Japanese) Certificate Transparency RFC 6962
フィードバックを送信 転送データの暗号化 コレクションでコンテンツを整理 必要に応じて、コンテンツの保存と分類を行います。 これは Google が暗号化によってどのようにデータを保護しているかに関する 3 番目のホワイトペーパーです。このホワイトペーパーでは、Google Cloud と Google Workspace での転送データの暗号化について詳しく説明します。 Google ではすべての Google プロダクトで、顧客データを高度に保護するとともに、セキュリティ保護の方式についても可能な限り透明性を確保するよう努めています。 このコンテンツの最終更新日は 2022 年 9 月で、作成時点の状況を表しています。お客様の保護の継続的な改善のために、Google のセキュリティ ポリシーとシステムは変更される場合があります。 CIO レベルの概要 Google では転送データの信頼
App Transport Security | Apple Developer Forums
This thread has been locked by a moderator; it no longer accepts new replies. You’re now watching this thread. If you’ve opted in to email or web notifications, you’ll be notified when there’s activity. Click again to stop watching or visit your profile to manage watched threads and notifications. You’ve stopped watching this thread and will no longer receive emails or web notifications when there
NIST Special Publication 800-207 Zero Trust Architecture Scott Rose Oliver Borchert Stu Mitchell Sean Connelly This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-207 C O M P U T E R S E C U R I T Y NIST Special Publication 800-207 Zero Trust Architecture Scott Rose Oliver Borchert Advanced Network Technologies Division Information Technology Laboratory Stu Mitch
Vulnerabilities related to url parser, etc / shibuya.xss #8
0.md This is src doc of my presentation on shibuya.xss #8 (2016-11-14) https://speakerdeck.com/mala/shibuya-dot-xss-techtalk-number-8 The main topic is vulnerabilities related to url parser. PHP https://bugs.php.net/bug.php?id=73192 Java/OpenJDK http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/cd0585378c46 (CVE-2016-5552) Android https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae
What's New In DevTools (Chrome 84) | Blog | Chrome for Developers
Fix site issues with the new Issues tab The new Issues tab in the Drawer aims to help reduce the notification fatigue and clutter of the Console. Currently, the Console is the central place for website developers, libraries, frameworks, and Chrome itself to log messages, warnings, and errors. The Issues tab presents warnings from the browser in a structured, aggregated, and actionable way, links t
What's New In DevTools (Chrome 75) | Blog | Chrome for Developers
Hello! Here's what's new in Chrome DevTools in Chrome 75. Video version of this page Meaningful preset values when autocompleting CSS functions Some CSS properties, like filter, take functions for values. For example, filter: blur(1px) adds a 1-pixel blur to a node. When autocompleting properties like filter, DevTools now populates the property with a meaningful value so that you can preview what
What's New In DevTools (Chrome 63) | Blog | Chrome for Developers
Welcome back! New features coming to DevTools in Chrome 63 include: Multi-client remote debugging support. Workspaces 2.0. Four new audits. Simulate push notifications with custom data. Trigger background sync events with custom tags. Read on or watch the video below to learn more! Multi-client remote debugging support If you've ever tried debugging an app from an IDE like VS Code or WebStorm, you
Updating Browsers Quickly: Flags, Respins, and Components
text/plain ericlaw talks about security, the web, and software in general By this point, most browser enthusiasts know that Chrome has a rapid release cycle, releasing a new stable version of the browser approximately every six 4 weeks (2022 Update: now every four weeks). The Edge team adopted that rapid release cadence for our new browser, and we’re already releasing new Edge Dev Channel builds e
実はこのブログ、無駄にSSLに対応しています。つい先日、Google Chrome 53の安定版が公開されたので、更新したらSSL証明書エラーが出るようになりました。 Certificate Transparency(証明書の透明性)エラー 色々書かれていますが、NET:ERR_CERTIFICATE_TRANSPARENCY_REQUIREDとのことなので、ようするにCertificate Transparency(証明書の透明性)関係でエラーになっているみたいです。(Certificate Transparencyとは何ぞや?という方は下記をご参照ください。) Certificate Transparency(証明書の透明性)|SSLサーバ証明書 ジオトラスト 調べてみると、Chrome 53から「SSLサーバ証明書がCTのログサーバーに登録されていないとエラーが出る」ように仕様変更さ
EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed "Heartbleed," that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet. 1 Heartbleed isn't a bug in the
CloudFlair: Bypassing Cloudflare using Internet-wide scan data - Christophe Tafani-Dereeper
Christophe Tafani-Dereeper Personal tech and security blog about things I like, use, dislike and misuse. Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or exploit web-based vulnerabilities that
January 5, 2016 On the dangers of a blockchain monoculture At first there was Bitcoin†: the world’s most successful cryptocurrency to-date. But lately there has been more and more talk about “the Bitcoin blockchain”, “the blockchain”, “blockchain”, or “blockchain technology”. Bloomberg reports that Nasdaq is seeking to show progress using the much-hyped blockchain. LWN notes The Linux Foundation r
Looking Forward to 2019
Let’s Encrypt had a great year in 2018. We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change! We’d like to thank all of the people and organizations who worked hard to create a mo
Configuration Profile Reference Developer Contents Configuration Profile Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Payload Dictionary Keys Common to All Payloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Payload-Specific Property Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Active Directory Certi
WireGuard is a registered trademark of Jason A. Donenfeld. Tailscale Funnel, a tool that lets you share a web server on your private tailnet with the public internet, is now available as a beta feature for all users. With Funnel enabled, you can share access to a local development server, test a webhook, or even host a blog. We got nerdsniped into simulating our logo going through a funnel. Funnel
はじめに Chrome62のリリース 残念なこと Xデーはいつ? まとめ 余談 SSL証明書の表示方法 2クリックでの表示方法 はじめに ”あトん”です。随分ご無沙汰してます。 先月過去記事をhttps化したFC2ブログに里帰りさせたので、はてなブログでの記事数はこれを含め21記事に激減しました。 月にたった2つ記事しかアップしない典型的なさぼり管理者になってしまいました。 3週間ぶりの記事は、またか!と思われるかもしれませんが、SSLに関する内容です。 先月はてなブログはSSL化の計画を説明しましたが、期待していた進捗がありませんでした。9月25日に告知したスケジュールは遅れているみたいですね。 第一段階:はてなブログのダッシュボード・管理画面をHTTPS化します まず、はてなブログをお使いのすべてのユーザー様に関係し、移行が比較的容易な管理画面からHTTPS化を実施します。早ければ来週
What's New In DevTools (Chrome 78) | Blog | Chrome for Developers
Multi-client support in the Audits panel You can now use the Audits panel in combination with other DevTools features like Request Blocking and Local Overrides. For example, suppose that your Audits panel report says that your page's performance score is 70 and one of your biggest performance opportunities is eliminating render-blocking resources. Figure 1. The initial Performance score. Figure 2.
What's New In DevTools (Chrome 79) | Blog | Chrome for Developers
New features for cookies Debug why a cookie was blocked After recording network activity, select a network resource and then navigate to the updated Cookies tab to understand why that resource's request or response cookies were blocked. See Changes to the default behavior without SameSite to understand why you might be seeing more blocked cookies in Chrome 76 and later. The Cookies tab. Yellow Req
What's New in DevTools (Chrome 118) | Blog | Chrome for Developers
New section for custom properties in Elements > Styles The Elements panel now supports the @property CSS at-rule. It lets you define CSS custom properties explicitly and register them in a stylesheet without running any JavaScript. To inspect your registered custom properties, in Elements > Styles, hover over the property name and see its descriptors in a tooltip. In the tooltip, click the link to
What's New in DevTools (Chrome 111) | Blog | Chrome for Developers
Debugging HD color with the Styles pane New CSS color types and spaces are coming to the web! It is equally exciting that DevTools introduced new tools to help developers create, convert and debug High Definition color. The Styles pane now supports 12 new color spaces and 7 new gamuts as outlined in the CSS Color Level 4 specification. See High Definition CSS Color Guide for a comprehensive unders
Published 2016-02-19 During the months I worked in Let’s Encrypt’s operations team I got fairly used to being the go-to man for any question that a database query could solve. I also threw together the code for the Let’s Encrypt Stats page. All said, I’d gotten quite attached to being able to query the Let’s Encrypt data set. Now, however, I don’t have any access to the datacenters, or the databas
関連キーワード VPN | Cisco Systems | 脆弱性対策 安全な接続のために何を注意すべきか 2018年の初め、Cisco SystemsやPulse Secureといった大手VPNベンダーの製品に脆弱(ぜいじゃく)性が発見された。リモートからの攻撃や中間者攻撃といった深刻な脅威を生じさせる可能性があるという。企業は脆弱性を使った攻撃回避のため、VPNの使用を一切やめることを検討すべきだろうか。その場合、どんなVPN代替策を模索すればいいのか。 Pulse Secureはバージョン「5.2R9」と「5.3R4.2」で、問題となった脆弱性(SSL証明書認証の脆弱性)を修正した。脆弱性の情報をデータベース化して公開しているWebサイトの「kb.cert.org」では、脆弱性を修正しない場合、Pulse SecureのVPN製品「Pulse Secure Linux GUI」を信頼
Last week, 470 authors made a total of 1,883 changes to the Blink, Chromium, v8 and Skia repositories. 1,803 changes were made in the week before that, some of which I’ll mention in this update as well. Chromium’s Developer Tools already supported zooming in on the interface itself, which can now be reset by using <ctrl>/<cmd> + <0>. Using the same control key + <1…9> can now be used to switch bet
text/plain ericlaw talks about security, the web, and software in general The Top Level Domain (TLD) is the final label in a fully-qualified domain name: The most common TLD you’ll see is com, but you may be surprised to learn that there are 1479 registered TLDs today. This list can be subdivided into categories: Generic TLDs (gTLD) like .com Country Code TLDs (ccTLDs) like .uk, each of which is c
Everything you should know about certificates and PKI but are too afraid to ask
Everything you should know about certificates and PKI but are too afraid to askUpdated on: May 20, 2024 Certificates and public key infrastructure (PKI) are hard. No shit, right? I know a lot of smart people who've avoided this particular rabbit hole. Personally, I avoided it for a long time and felt some shame for not knowing more. The obvious result was a vicious cycle: I was too embarrassed to
The latest news and insights from Google on security and safety on the Internet Unknown said... I guess that when you say "to inspect encrypted traffic with the knowledge of the users on that network", you meant in fact "to inspect encrypted traffic without the knowledge of the users on that network" ? December 7, 2013 at 5:41 PM Lincoln DeCoursey said... Okay well, how and when did it happen? The
Securing Custom Domains with SSL | App Engine standard environment for Python 2 | Google Cloud
Securing Custom Domains with SSL Stay organized with collections Save and categorize content based on your preferences. App Engine SSL support offers globally distributed SSL endpoints and built-in load balancing to serve your app securely, reliably, and quickly to a worldwide audience. By default, HTTPS connections on your custom domain are enabled automatically using managed SSL certificates. Af
2022年のAndroidにおけるProxy設定と NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED の回避方法 - セキュアスカイプラス
ホーム エンジニアブログ 2022年のAndroidにおけるProxy設定と NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED の回避方法 こんにちは、SSTでWeb脆弱性診断用のツール(スキャンツール)開発をしている坂本(Twitter, GitHub)です。 本記事では Android で burp などMITM型*1 のProxyを設定する方法と、Android版 Chrome 99 以上で発生する NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED の回避方法を紹介します。 弊社では診断対象となるWebアプリのHTTP(S)通信を MITM型Proxy で取得し、検査用に編集してサーバに送っています。 「Proxyを挟めること」が診断を進める上での必須要件であり、Proxyを挟めないと診断はもとより、アプリの挙動
On Friday, July 7, an unauthorized connection to one of our technical partners resulted in the modification of the name servers [NS] of 751 domain names which then pointed traffic to the impacted domains to a malicious site. Our technical team was notified shortly thereafter and proceeded immediately to reverse the updates on impacted domains and investigate the incident. Pending the completion of
無料のSSLサーバ証明書をゲットする
電子フロンティア財団から無料のSSLサーバ証明書が出るようです。 その名も「Let’s Encrypt」 所謂ドメイン認証(DV証明書)のSSLサーバ証明書で、ドメインの所有者が簡単な認証だけでDV証明書の発行を無料で受けられるようです。 提供開始時期は2015年の夏。 常時SSL推奨、というのは以前より言われていますが、なかなか普及しないSSL。 Let’s Encryptはそんな状況を打破し、Webサイトでやり取りされる全てのデータの暗号化実現を目指して発足したようです。 ちなみにLet’s Encryptは、 Mozilla Cisco Systems Akamai EFF IdenTrust ミシガン大学の研究者 などによる協同の取り組みで、新しく設立された非営利組織Internet Security Research Group (ISRG)によって運営される団体の名称。 Let
What's New In DevTools (Chrome 101) | Blog | Chrome for Developers
Import and export recorded user flows as a JSON file The Recorder panel now supports importing and exporting user flow recordings as a JSON file. This addition makes it easier to share user flows and can be useful for bug reporting. For example, download this JSON file. You can import it with the import button and replay the user flow. Apart from that, you can export the recording as well. After r
What's New In DevTools (Chrome 86) | Blog | Chrome for Developers
New Media panel DevTools now displays media players information in the Media panel. Prior to the new media panel in DevTools, logging and debug information about video players could be found in chrome://media-internals. The new Media panel provides an easier way to view events, logs, properties, and a timeline of frame decodes in the same browser tab as the video player itself. You can live view a
knqyf263's blog
情報を発信する人のところに情報が集まることを日々実感しているので、Linuxのメモリ管理に特に詳しいわけではないのですが最近遭遇した問題について自分の理解を書いておきます。ざっと調べても同じことを書いている人を見つけられなかったので、公開には意義があると考えています。識者の方がフィードバックをくださると嬉しいです。 ※ AIの出力をベースに書いているのでいつもと少し文体が違います。 背景 要約 調査 再現の難しさ Goアプリケーションの調査 pprofによる分析 GCログの調査 Linuxの調査 Goランタイムの調査 GoのGCとTHP khugepagedの問題 Goランタイムにおける回避策 回避策の削除 max_ptes_noneのデフォルト値について MADV_NOHUGEPAGEをやめた理由 調査内容まとめ 解決策 検証 C言語 Go言語 まとめ 背景 Go言語で書かれたOSSのア
自堕落な技術者の日記 : Cipher Suite - livedoor Blog(ブログ)
慶応義塾大学とレピダムさんで共同調査された「日本政府機関Webサイト(.go.jp)のTLS対応状況について(2015.03.04)」を大変興味深く拝見し、もうちょっと知りたいことも多々あったので、私も調べてみるかなぁと思い、今日はそのご報告を、と。 調査対象 .go.jpドメインのサイトには省庁、外局、独立行政法人、政府系のイベントで作られたサイトなどがあり、そのうちパブリックなサイトのSSLサーバー証明書の枚数は2015年3月4日時点で累計1,819枚のようでした。そのうち、ユニークなコモンネーム(FQDNもしくはワイルドーカード証明書のドメイン)の数は877ありました。 省庁、それらの外局、それらが所管する独立行政法人の数で分類すると以下のような構成になっています。(実はこの表を作るのが一番大変だった。証明書はあるからFQDNはすぐに集まるんだけども、FQDNの独法や局や委員会なんか
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Maintaining digital certificate security
Service access with Managed Apple IDs
Certificate Transparency GACHA
転送データの暗号化 | Documentation | Google Cloud
NIST Special Publication 800-207 Zero Trust Architecture
Google Chrome 53に更新したら証明書エラーが出るようになった話 | サトにゃんのメモ帳
Why the Web Needs Perfect Forward Secrecy More Than Ever
On the dangers of a blockchain monoculture • Tony Arcieri
Configuration Profile Reference
Tailscale Funnel now available in beta
HTTP の全ページが「保護されていません」表示になるXデーはいつ? - after work Labo
Early Impacts of Let's Encrypt
VPNの安全神話は崩壊? 次に利用を検討すべきVPN代替製品
Peter Beverloo
New TLDs: Not Bad, Actually
Further improving digital certificate security
Detailed incident report – Gandi News