OpenSSL 1.1 API migration path (or the lack thereof...)
As many of you will already be aware, the OpenSSL 1.1.0 release intentionally introduced significant API changes from the previous release[0][1]. In summary, a large number of data structures that were...
View Article11 Verizon Devices Receiving Updates Right Now
If you are one ofVerizon’s millions of customers, you may want to check your phone for an update. Beginning December 28, the mobile service provider has been rolling out updates to eleven different...
View ArticleHappy new year! Here’s our look back at the year on Naked Security
Happy new year to all our readers around the globe! With 2017 almost upon us, it’s timeto take a look at the most popular Naked Security articles of 2016. We’ve split the posts into fourcategories each...
View Article年度盛誉揭晓 | WitAwards 2016互联网安全年度评选结果
人们常说信息安全是个朝阳产业,尤其在中国,这个行业还刚刚起步,无论是环境还是制度显然都不够成熟。CodeSec期望通过 「WitAwards 2016互联网安全年度评选」 发掘全年卓越的安全产品和杰出人物,鼓励安全行业优秀的企业、技术、产品和人物,推动安全领域的发展与创新,也让更多普通人了解安全行业。...
View Article美称俄罗斯干预总统选举的恶意软件曝光 数州自查网络
美称俄罗斯干预总统选举的恶意软件曝光 数州自查网络 1小时前来源:新华网 一家运营美国佛蒙特州电力系统的机构去年12月30日说,他们在一台笔记本电脑内发现了恶意软件,并且将这一软件关联所谓俄罗斯涉嫌通过网络袭击干预美国总统选举的“黑客门”。 这件事曝光后,美国多个州政府12月31日要求专家重新检查州政府和供电系统的网络安全。...
View Article吴沈括副教授就网络安全法治接受《中国信息安全》采访
吴沈括副教授就网络安全法治接受《中国信息安全》采访 一点号网络犯罪工作坊昨天 php?url=0FMbHXIlYK" alt="吴沈括副教授就网络安全法治接受《中国信息安全》采访" />编者按...
View Article美称“俄制”恶意软件曝光 多个州政府检查网络安全
美称“俄制”恶意软件曝光 多个州政府检查网络安全 4小时前来源:环球网 新华社电 一家运营美国佛蒙特州电力系统的机构去年12月30日说,他们在一台笔记本电脑内发现了恶意软件,并且将这一软件关联所谓俄罗斯涉嫌通过网络袭击干预美国总统选举的“黑客门”。这件事曝光后,美国多个州政府去年12月31日要求专家重新检查州政府和供电系统的网络安全。...
View Article聚焦网络安全:“我的国”都出手了,你还在麻痹大意吗?
聚焦网络安全:“我的国”都出手了,你还在麻痹大意吗? 一点号中国军网18分钟前 元旦小长假,战友们是不是将“对自己更好一点”的精神贯彻到底?比如,该玩玩、该嗨嗨、该买买!(哈哈,我早已看透了你们的套路。)不过,元旦假期很欢乐,也要很“谨慎”。 为什么这样说呢? 因为越是休息的时候,人越容易懈怠、麻痹大意。因而,越是休息的时候,战友们就越是要绷紧心中那根保密的弦。...
View Article多个PHP mail函数引发的命令执行漏洞分析
阅读: 8 近期,国外安全研究人 @dawid_golunski 曝光了多个使用php mail函数引发命令执行的漏洞。众多使用php内置mail函数的第三方邮件库,如phpmailer,SwiftMailer 纷纷中招, 主要有: CVE-2016-10033 CVE-2016-10045 CVE-2016-10074 文章目录 漏洞成因 这些漏洞的成因和之前曝光的...
View Article2016's hacks, attacks and security blunders
All for nothing All it takes to get the FBI's panties in a bunch is for someone to say "no" -- and bunched they became when the agency wanted to get into an encrypted iPhone related to the San...
View ArticleSecurity Questions are Bullshit
I’m pretty much unhappy with the use of “Security Questions” things like “what’s your mother’s maiden name”, or “what was your first pet”. These questions are sometimes used to strengthen an existing...
View Article4 security measures that strengthen big data governance
Image: iStock/Hamster3d As companies continue to redefine IT processes to cope with the semi-structured and unstructured data that characterize big data, they are also recognizing that standard data...
View ArticleLG posts January security bulletin ahead of Google with Android and...
Google has been releasing monthly security patches like clockwork ever since it revamped the Android security model in the wake of Stage Fright. Samsung and LG are also trying to keep up with the...
View ArticleFree SSL Certificates with LetsEncrypt and Docker
Everyone loves security, yeah?! Up until recently, it's cost a fair whack of money to use SSL certificates on your website. This has been a barrier for a lot of smaller website, which subsequently...
View Article为何你不必在意别人在 Hacker News 上对你的产品的负面评价
很多现在的知名产品、公司在开发初期到 Hacker News 上发帖征求大家对产品的意见。本文考古了当年 Airbnb、Dropbox、Quora 等的帖子,多数留言都不看好他们;倒是已关门了的 Homejoy 评价挺正面的。 你把作品放到网上征求别人的意见,就得做好被吐槽、被毒舌、甚至被人身攻击的打算,这是一个大礼包,要嘛都得接受、要嘛就别放到网上了。真正好的 idea...
View Article12月31日 - 每日安全知识热点
热点概要: CVE-2016-7255:分析挖掘windows内核提权漏洞 、 利用快捷方式作为恶意软件的入口点 、 JSM Bypass via createClassLoader 、 Zend Framework (zend-mail) < 2.4.11 Remote Code Execution 、 FireFox的vuln和exploit...
View Article黑客 Only_guest 亲身讲述的三个“非主流诈骗”故事 | FIT 2017专题
雷锋网按 :Only_guest 张瑞冬,FIT 2017大会上号称“无人敢说不帅的白帽子”,双螺旋攻防实验室负责人、PKAV团队负责人,既是四川大学特聘网络安全专家,也是民间最具影响力的白帽子之一。 FIT 互联网安全创新大会,是由安全媒体 CodeSec 主办的安全峰会。安全领域年度重磅成果和创新的互联网安全技术会在这里展示。 两年前,怀着一颗拯救世界的心,Only guest...
View ArticleLG posts info on January 2017 Android security updates
While we still have a few more hours until 2016 reaches its end,LG has decided to go ahead and post the patch numbers on Google’s January 2017 security updates for Android. LG’s website also has...
View Article挑战中寻找机遇:CodeSec2017互联网安全创新大会(FIT)次日素描
你看到的也许是问题,而他们看到的是机遇。 响应着这一届FIT2017(CodeSec 2017互联网安全创新大会)的主题“脉动与机遇”,第二天的日程当中更多的演讲者分享了,在新挑战不断发生、攻击不断演化的情况下,自己的企业和团队如何迎战,甚至将之转变为新的机遇。 企业安全工坊 IoT之殇...
View ArticleDecember security update starts hitting Samsung Galaxy A5 (2016)
Samsung has started pushing out a new security update to itsGalaxy A5 (2016) smartphone. Weighing in at under 11MB and arriving as firmware version XXS3BPLA, the update brings along Android security...
View Article