"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp
پس از خروج یکی، لاگینهای دیگر، با اولین درخواستی که به سرور ارسال میکنند، وادار به لاگین مجدد خواهند شد (چون بازه زمانی اعتبارسنجی security stamp موجود در کوکی، با اطلاعات جدید کاربر در سرور، به صفر تنظیم شدهاست). بنابراین این مورد صرفا با به روز رسانی security stamp کاربر در بانک اطلاعاتی عملی میشود که باید در حین logoff انجام شود:
await _userManager.UpdateSecurityStampAsync(user.Id);
4.Visual Studio 2017 15.7 منتشر شد
These are the customer-reported issues addressed in 15.7.4:
- Green squiggles and light bulb with "Macro in skipped region" message.
- F7 does not switch to code.
- F7 does not build anymore.
- F7 build does not work.
- LINK : error : Telemetry event upload failed: 'Failed to open connection to VCTIP'.
- AXML file doesn't open after update.
- F7 no longer toggles between the designer and the code.
- XAML Editor Error: Window is not supported in WPF project.
- WinForms View.ToggleDesigner does not work as it used to.
- Toggle designer key binding lost.
- F7 does not start a new build.
- F7 no longer toggles between Designer and Code views.
- There is a problem with structure definition in C language.
- Provisioning a new SQL Server and new SQL DB in a different region than the App Service plan fails.
Git Security Vulnerability
We also fixed a security vulnerability in Git that was disclosed by the Git community. The vulnerability can lead to arbitrary code execution when a user clones a malicious repository. This blog post has more information.
public bool CanUserAccess(ClaimsPrincipal user, string area, string controller, string action) { var currentClaimValue = $"{area}:{controller}:{action}"; var securedControllerActions = _mvcActionsDiscoveryService.GetAllSecuredControllerActionsWithPolicy(ConstantPolicies.DynamicPermission); if (!securedControllerActions.SelectMany(x => x.MvcActions).Any(x => x.ActionId == currentClaimValue)) { throw new KeyNotFoundException($@"The `secured` area={area}/controller={controller}/action={action} with `ConstantPolicies.DynamicPermission` policy not found. Please check you have entered the area/controller/action names correctly and also it's decorated with the correct security policy."); } if (!user.Identity.IsAuthenticated) { return false; } if (user.IsInRole(ConstantRoles.Admin)) { // Admin users have access to all of the pages. return true; } // Check for dynamic permissions // A user gets its permissions claims from the `ApplicationClaimsPrincipalFactory` class automatically and it includes the role claims too. return user.HasClaim(claim => claim.Type == ConstantPolicies.DynamicPermissionClaimType && claim.Value == currentClaimValue); }
public bool CanUserAccess(ClaimsPrincipal user, string area, string controller, string action) { if (!user.Identity.IsAuthenticated) { return false; } if (user.IsInRole(ConstantRoles.Admin)) { // Admin users have access to all of the pages. return true; } var currentClaimValue = $"{area}:{controller}:{action}"; var securedControllerActions = _mvcActionsDiscoveryService.GetAllSecuredControllerActionsWithPolicy(ConstantPolicies.DynamicPermission); if (!securedControllerActions.SelectMany(x => x.MvcActions).Any(x => x.ActionId == currentClaimValue)) { throw new KeyNotFoundException($@"The `secured` area={area}/controller={controller}/action={action} with `ConstantPolicies.DynamicPermission` policy not found. Please check you have entered the area/controller/action names correctly and also it's decorated with the correct security policy."); } // Check for dynamic permissions // A user gets its permissions claims from the `ApplicationClaimsPrincipalFactory` class automatically and it includes the role claims too. return user.HasClaim(claim => claim.Type == ConstantPolicies.DynamicPermissionClaimType && claim.Value == currentClaimValue); }
مجموعهی مهندسی معکوس برای همه!
This comprehensive set of reverse engineering tutorials covers x86, x64 as well as 32-bit ARM and 64-bit architectures. If you're a newbie looking to learn reversing, or just someone looking to revise on some concepts, you're at the right place. As a beginner, these tutorials will carry you from nothing upto the mid-basics of reverse engineering, a skill that everyone within the realm of cyber-security should possess. If you're here just to refresh some concepts, you can conveniently use the side bar to take a look at the sections that has been covered so far.
24.Visual Studio 2017 15.9 منتشر شد
Issues Fixed in 15.9.24
- Fixed a bug in the C++ linker missing imports when using umbrella LIBs with difference casing on postfix of DLL name.
- Fixed a bug in the ARM64 C++ compiler where the wrong values could be restored after setjmp.
- Fixed C++ compiler bug for proper folding of inline variable dynamic initializers.
- Made a change that enables Enterprise IT administrators and deployment engineers to configure tools like Microsoft Update client & SCCM to determine applicability of VS2017 updates hosted on Microsoft Update Catalog & WSUS.
Security Advisory Notices
jQuery 3.5.0 منتشر شد
The main change in this release is a security fix, and it’s possible you
will need to change your own code to adapt. Here’s why: jQuery used a
regex in its jQuery.htmlPrefilter
method to ensure that all closing tags were XHTML-compliant when passed
to methods. For example, this prefilter ensured that a call like jQuery("<div class='hot' />")
is actually converted to jQuery("<div class='hot'></div>")
. Recently, an issue was reported that demonstrated the regex could introduce a cross-site scripting (XSS) vulnerability.
14.Visual Studio 2017 15.9 منتشر شد
These are the issues addressed in 15.9.14:
- Fixed a bug causing Visual Studio 2017 crashes when switching branches.
- Fixed a bug causing internal compiler error (fbtctree.cpp', line 5540) during code analysis.
- Fixed a performance regression in memcpy/memset for Ryzen processors.
- Updated Service Fabric tooling to support the 6.5 Service Fabric release.
- Enabled screen reader to announce TeamExplorer's notifications properly on .NET 4.8.
- VS2017 15.8 Internal compiler error ('msc1.cpp', line 1518): Conflict between preprocessor and #import.
- ICE in PREfast 19.16.27023.1 (15.9 RTW).
Security Advisory Notices
5 آنتی ویروس رایگان برای ویندوز
Hackers are smart and users are not being able to cope with their pace of evolution. The result is malware outbreaks we get to know about frequently. Windows is the most widely used OS on Pcs. That makes it the most widely targeted OS too. What is an average user’s (by average I mean not too technical) defense in such case? The anti malware programs. Of course, you have to pay a decent price for your PC to be secured from latest malware derivatives, but what’s better than to get the security for no cost?
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' <URL> <URL>". Either the 'unsafe-inline' keyword, a hash ('sha256-e89EFOm4894OkHmgoH52lEUIFeaK8fITnql0='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.