Config Server――配置内容的加密与解密
我们在Git仓库中存储的都是明文,但在很多场景下,某些敏感的配置内容(例如数据库账号、密码),应当被加密存储以提高安全性。Config Server为配置内容的加密与解密提供了支持。 安装JCE Config Server的加解密功能依赖Java Cryptography Extension(JCE)。 Java 8 JCE的地址是:...
View ArticleClik here to view.
HR 接收简历意外感染勒索软件 GoldenEye,须付上万赎金解密文件
稿源:HackerNews.cc翻译整理,封面来源:百度搜索。 转自 HackerNews.cc 原文链接: http://hackernews.cc/archives/4664 长期以来,勒索软件一直被认为是消费者和企业的主要威胁。最近一系列针对企业人力资源( HR...
View ArticleClik here to view.
CVE-2016-6313 随机数预测分析
本次分析源于去年HITCON的一题密码学题目, 比赛完了本来就准备分析一波, 但是一直拖到了现在, 该题利用到了CVE-2016-6313, 可以预测到gcrypt生成的随机数中第580-600共20byte的值 CVE-2016-6313 网上对该CVE没啥详细的分析, 就ppp的wp写的比较详细 漏洞代码段: POOLBLOCKS=30 DIGESTLEN=20 BLOCKLEN=64 其中...
View ArticleCollection of CSP bypasses
On this page, I'd like to collect a set of CSP bypasses related to nonces. CSP policies using nonces are considered very strong in terms of security. However, there are many (sometimes unusual)...
View ArticleFixing Critical Infrastructure Means Securing The IT Systems That Support It
IT security can mean the difference between life and death, just as much as a well-designed bridge. 2016 was a banner year for hackers. Coming on the heels of a devastating 2015 attack on Ukraine's...
View ArticleBlackBerry and Giuliani partner in cyber security venture
BlackBerry has been selected by Giuliani Partners to support cyber security consulting services to the government and to private firms. The recently released BlackBerry Secure platform will provide the...
View ArticleClik here to view.
想学习黑客技术吗?告诉你什么才是真正的黑客!
想学习黑客技术吗?告诉你什么才是真正的黑客! 一点号最后的大魔王3小时前 科技发展至今,我们的生活、工作和学习已经离不开互联网。而互联网中必须面对的一个大问题就是安全。然后,就涌现出了一批人,他们掌握着超高的计算机技术,对互联网知识了如指掌,他们有可能会维护我们的网络安全,当然这些技术也有可能严重威胁这我们的网络安全,这类人,我们就称之为黑客! php?url=0FPWxr7dwn"...
View ArticleUS Sues D-Link for Exposing Users to Hackers
The United States’ Federal Trade Commission (FTC) sued D-Link this week after the company failed to secure its devices, making routers and cameras vulnerable to hacks and exposing users and their data....
View ArticleClik here to view.
Using LetsEncrypt SSL Certificate with Communigate Pro
LetsEncrypt has been creating waves since it started providing SSL Certificates for free and has been applauded by many for this. Researchers and Enthusiasts have been providing support to this project...
View ArticleClik here to view.
Android签名机制简介
签名机制是Android系统相对于linux独有的安全机制,本文将对该机制做详细介绍。 一、介绍 Android的签名机制主要用在以下两个场合:App更新包的校验和申请手机权限时的权限检查。 1. 更新包的校验 用户在升级一款已经安装过的App时,如果程序的修改来自于同一来源,则允许升级安装,否则会提示签名不一致无法安装的提示。 2. 权限检查 对于申请权限的 protection level 为...
View ArticleFBI Hacker Says Breach Is Real, Promises Further Leaks
The FBI hack saga continues, this time with statements released by CyberZeist, the one behind the breach who claims to have accessed FBI’s content management system to steal some logins . In...
View ArticleClik here to view.
SWIFT Attacks Require Swift Investigations
SWIFT, the global financial messaging system, issued an alert message regarding new customer’s compromised environments by sophisticated adaptive attackers in an attempt to send fraudulent payment...
View ArticleClik here to view.
HyTrust 2017 Predictions: Cloudy Security to Securely to Cloud?
Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive. Contributed by Eric Chiu, Co-founder and President of Cloud and virtual...
View ArticleClik here to view.
Ransomware expected to dominate in 2017
Ransomware or malware that locks up data and demands payment for its release is set to evolve and make up the majority of cyber attacks in 2017, according to most predictions by security commentators....
View ArticleClik here to view.
Who wants to be a PCI ASV?
I think, most of financial and trade companies know about vulnerability scanning mainly because of PCI DSS. Vulnerability Assessment is, of course, an important issue, but when regular scanning is...
View ArticleClik here to view.
Get real online security with a virtual private network [Deals]
Online threats are no joke. Your personal data and digital identity can be stolen, your activity snooped, your content throttled depending on where you are in theworld. Thankfully, VPNSecure offers...
View ArticleReflections on Grizzly Steppe
On December 29, 2016, the United States Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint analysis report (JAR) detailing, in their words, “tools and...
View ArticleClik here to view.
Cisco Coverage for ‘GRIZZLY STEPPE’
Over the past several weeks, there have been ongoing discussions regarding cyber attacks that have occurred against several political, governmental, and private sector entities in the United States....
View ArticleClik here to view.
December Windows security patches crash Active Directory Admin Center
It's been three weeks since Microsoft released its December security patches, and a bad conflict with the Active Directory Admin Center (and, by some accounts, SCCM) is only now reaching the...
View ArticleClik here to view.
Tech security: oldies getting it in the neck again
Another day, another survey this time telling us that older people are increasingly susceptible to online fraud. According to the Daily Mirror , one million (sorry, one MILLION) older people may have...
View Article
