Six essential processes for keeping data secure
Data is one of the most valuable assets a business has at its disposal, covering anything from financial transactions to important customer and prospect details. Using data effectively can positively...
View ArticleHortonworks HDP 2.5: Improved Security and Data Governance
At Hadoop Summit in San Jose on Tuesday, June 28, 2016, Hortonworks announced a new release of its Hortonworks Data Platform (HDP) Hadoop distribution, version 2.5, as well as an expansion of its...
View ArticleStunnel Security for Oracle
Jul 28, 2016 ByCharles Fisher in Databases Encryption HOWTOs Oracle Security Oracle has integrated modern Transport Layer Security (TLS) network encryption into its eponymous database product, and TLS...
View ArticleApple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black...
By Roger Fingas Thursday, July 28, 2016, 01:17 pm PT (04:17 pm ET) Apple's head of Security Engineering and Architecture will go into "unprecedented technical detail" on iOS security during a talk at...
View ArticleContinuous Updating Tool VersionEye Now Open Source
VersionEye has open-sourced its eponymous continuous integration tool that helps with updated project dependencies. Coined "continuous updating", the tool provides update notifications, licence...
View ArticleApple engineer to give behind the scenes look at iOS 10 security
In an unprecedented talk, Apple plans to give the world an in-depth look at the security features on iOS 10 at the Black Hat USA 2016 conference where hundreds of the top computer security...
View ArticleDeloitte’s Risk Intelligence in the Cloud
The cyber-attack landscape is expanding with new and growing threats. From the proliferation of Internet of Things-connected devices to the increasing number of “hacktivists” and ransomware attacks on...
View Article构筑安全基石 实现“弯道超车”
信息化是当今世界经济和社会发展大势,也是实现国家现代化和经济转型升级的关键环节。习近平总书记高度重视我国信息化发展,在中央网络安全和信息化领导小组第一次会议上做出了“没有信息化就没有现代化”的重要论断。《国家信息化发展战略纲要》的发布,进一步凸显了我国建设网络强国、占据信息化制高点的强大决心。纲要明确提出大力增强信息化发展能力,把发展核心技术,做强信息产业发在了首要位置。...
View ArticleQRLJacking:劫持快速登陆时使用的二维码
如果你在电脑上用过微信,一定对下面的画面不陌生。实际上不仅是微信,Line、WhatsApp都使用这种简单快速的验证系统。 SQRL登录系统 这种系统叫做SQRL(Secure Quick Response Login,安全快速响应登录),这是一种基于二维码的验证系统,特点就是可以让用户快速地登陆网站,不需要输入用户名密码。...
View Article如何用Splunk建立可疑DNS报警系统
题外话:当了很久的潜水员和伸手党,实在觉得有愧于心,但又拿不出太好的东西。想了很久,发现CodeSec中甚少提到Splunk大数据分析的应用,在此抛砖引玉,拿一些自己的东西出来给大家参考,希望能给予大家一点启发。 Splunk是一个可运行于各种平台的 IT 数据分析、日志分析、业务数据分析软件,支持的操作系统包含windows,linux, Solaris, FreeBSD, AIX, MacOS,...
View ArticleLastPass再曝多枚高危漏洞,用户账号信息存在被盗风险
LastPass是全球最流行的云密码管理工具之一。这款工具主打用户的互联网账号和密码管理,和1Pass很相似。在PC端,用户可以使用LastPass提供的浏览器插件对自己的账号密码进行管理,在手机端则是APP。...
View ArticleIT管理中的安全痛点及解决方法
近些年,随着需要缓解的网络威胁层出不穷愈趋严重,企业安全管理员的角色也变得越来越复杂了,同时,他们自身的痛点也发生了改变。 今天的安全主管们要负责整个公司网络风险的评估、沟通和管理。他们必须通告队友具体安全漏洞的位置,然后指派相关负责人采取行动缓解威胁。安全管理员们还要负责通报高管和董事会公司网络风险事务的当前状况,以及该怎样减小这些风险。风险情报软件提供商 Bay Dynamics...
View ArticleSQL Server 数据加密与解密
前段时间在客户公司,有一个很活泼的程序员给我展示他写的SQL Server 加密功能。由于测试库和正式库在同一台服务器里,于是一个不小心把正式库的所有存储过程、函数、视图全加密了。还好加密的方式只是在 AS 位置前增加了 WITH ENCRYPTION ,虽然不能查看内容但不影响程序的运行。...
View Article美民主党一委员会网站遭黑客入侵 FBI进行调查
据外媒报道,有知情者消息称,美国联邦调查局(FBI)正在调查美国民主党国会竞选委员会(DCCC)网站遭黑客入侵的事件,并怀疑这起事件可能同此前该党全国委员会电邮外泄事件有关联。 报道称,美国民主党全国委员会的邮箱遭入侵,导致大批电邮外泄的事件,已令民主党本周在费城举行的民主党全国代表大会蒙上阴影。...
View ArticleQRLJacking:如何劫持快速登陆时使用的二维码
如果你在电脑上用过微信,一定对下面的画面不陌生。实际上不仅是微信,Line、WhatsApp都使用这种简单快速的验证系统。 SQRL登录系统 这种系统叫做SQRL(Secure Quick Response Login,安全快速响应登录),这是一种基于二维码的验证系统,特点就是可以让用户快速地登陆网站,不需要输入用户名密码。...
View Article为证明老师无能 日本少年黑掉400余学校网站
日前,英国《每日电讯报》报道,日本一名16岁的少年因为恶意攻击大阪教育委员会的服务器,并黑掉了当地444家学校的网站而被起诉。 这起网络攻击事件发生在去年11月,这名少年当时仅有15岁。而据该少年表示,他这么做是为了“证明老师们的无能”。 据日本媒体报道,这也是日本国内第一起类似的网络攻击事件。目前,该少年已被逮捕,所用的电脑和黑客相关的书籍也已被发现,并将面临妨碍业务的指控。...
View ArticleWatch Out for Modobag! It’s Motorized Luggage You Can Ride ― Really
Ah, the road warrior of the business world. The image is almost universal ― a business person in the airport running along pulling their luggage, a laptop on one shoulder, a carry on, an overcoat of...
View ArticleSecurity researcher finds message storage flaw in WhatsApp, says same...
WhatsApp may have this year followediMessage’s lead in adopting end-to-end encryption for its messages, but a security researcher says thatboth still havea security flaw that can allow deleted...
View ArticleThe 10 Security Commandments for every SysAdmin
System administrators are responsible for the reliable operation of corporate IT resources, working around the clock to manage deployments and upgrades, as well as finding the fastest way to solve...
View ArticleServiceNow pushes into new markets as founder earns a break
Fred Luddy’s been writing code for 44 years, but 13 years ago he became best known for founding ServiceNow. Since that time, the firm has expanded from its core IT service management roots into areas...
View Article