专访:黑客段子手“呆子不开口”| 宅客故事
“呆子不开口”原名吕伟,新浪微博粉丝 23671,现任某著名母婴社区电商公司安全技术部门总监,网友称他为安全圈段子手。 呆子不开口擅长 web漏洞挖掘和安全架构,尤其是“点击链接进账号”系列的漏洞,并分享了很多相关的议题,有兴趣的可以去他的博客 http://lvwei.me ,微博 http://weibo.com/lvwei 。 一...
View ArticleLack of IoT security could be our downfall
Just as healthcare providers need PALS certification to keep up with new discoveries and advancements in medicine, individuals who work in IT need to become recertified with data security measures....
View Article一群黑客聚在一起开会是什么场面?
php?url=0FcQ5tsjrT" alt="一群黑客聚在一起开会是什么场面?" />有哪些值得关注的黑客会议?参加体验如何?Flanker Edward,Pwn2Own冠军@按照我们团队的内部会议评定标准和个人参会演讲经历讲一讲吧。这几年大概讲过这些比较大的会议,先讲大陆外的。 工业界第一会议,毋庸置疑。规模最大,研究方向众多,参会人数最多,业界关注度最高。Blackhat USA...
View Article2月10日 - 每日安全知识热点
热点概要: Ticketbleed:F5 BIG-IP设备TLS/SSL堆栈漏洞(CVE-2016-9244)、 利用Node.js反序列化的漏洞执行远程代码 、 Microsoft Office Word 恶意宏执行 、 未修补的jQuery Mobile XSS 、 看我如何利用Self-XSS 、绕过三星实时内核保护、 Angular CSP策略绕过...
View Article360报告详解网络诈骗 广东用户最受不法分子关注
360报告详解网络诈骗 广东用户最受不法分子关注 3小时前来源:028pxw.com 原标题:360报告详解网络诈骗 广东用户最受不法分子关注 一个手机短信可能骗走数万元,一个假冒银行网站可能将储户上百万元席卷而空。近年来,电信诈骗愈演愈烈,让很多无辜百姓深受其害。今年,北京台春晚郭冬临的小品《取钱》便描述了一段关于电信诈骗的情节,让人印象深刻。 php?url=0FcQNKX05E"...
View ArticleHTTPS及HTTPS中间人攻击
全站 HTTPS正在称为潮流趋势, 国内实现全站 https的有淘宝和百度两家 0x01:https的作用 C I A:机密性,完整性,可用性(可用性是合法用户可以访问自己有权限访问的资源) 解决的是信息传输中数据被篡改。窃取 加密:对称、非对称、单向 0x02:https工作原理 https的工作原理还是有必要研究下的(原理我也是从网上学习总结的,感谢这些前辈) 1. 客户端发起HTTPS请求...
View ArticleSecurity Monk vs. Emperor Palpatine
This week, we continue our ongoing ransomware discussion with the Inside Out Security Show panel Kilian Englert, Mike Buckbee, and Mike Thompson. But before we launched into our conversation, as an...
View Article网上购物,我们如何防止网络诈骗?
网上购物,我们如何防止网络诈骗? 12小时前来源:中老年之家 原标题:网上购物,我们如何防止网络诈骗? 现在,信息技术发达。我们可以在网上进行购物,但是与此同时也会带来极大的风险,很多骗子会利用网络上的漏洞对你进行诈骗。稍不留神,就容易损失金钱。...
View Article主打安全的360手机,也来了一拨“不怎么安全”的营销
主打安全的360手机,也来了一拨“不怎么安全”的营销 一点号TASTER昨天 做机难,难于上青天! php?url=0FcQ1Dcmc8" alt="主打安全的360手机,也来了一拨“不怎么安全”的营销" />小红圈+红白数据线,360手机上多多少少有别的品牌的影子。当然这次的营销,也算是步入zuk后尘。 前几天网上爆出这么一张图,据说是诺基亚的N系列新机,传的沸沸扬扬:...
View ArticleCNNVD漏洞月报(2017年01月)
CNNVD漏洞月报(2017年01月) 一点号CNNVD安全动态3天前 php?url=0FblC7HtiG" alt="CNNVD漏洞月报(2017年01月)" /> 本期导读漏洞态势 根据国家信息安全漏洞库(CNNVD)统计,2017年1月份采集安全漏洞共661个,Android平台成为黑客重要攻击目标。...
View Article2017年全球8大网络安全威胁趋势预测
2017年全球8大网络安全威胁趋势预测 2小时前来源:CodeSec php?url=0FcXLpur81" alt="2017年全球8大网络安全威胁趋势预测" />1. 更多的IOT意味着更多的DDOS攻击2008年,IBM提议智能城市建设,就是所谓的Smart City。之后,越来越多的科技会议都在探讨研究Smart City这个理念。要建设Smart...
View Article研究人员在Mac上发现了基于Word宏的病毒
在 windows 电脑中传播多年之后,恶意 Word 文档病毒开始蔓延到 Mac 了。 在 Windows 电脑中传播多年之后,恶意 Word 文档病毒开始蔓延到 Mac 了。这个文档中包含有一个在后台默默执行的宏命令,同时还会下载一个可以监视摄像头、窃取密码、读取浏览器历史记录等的应用程序。 据外媒 Cult of Mac 报道,基于 Word 宏命令的恶意软件已经困扰 PC 用户超过 10...
View ArticleBug bounties and extortion
As the popularity of my services like report-uri.io and securityheaders.io has increased they've started to attract more attention. Most of this is good but I've recently started to experience...
View Article5 must-see security sessions at Google Cloud Next '17
So many sessions, so little time. Google Cloud Next '17 , taking place next month, features over 200 breakout sessions; many geared directly at security professionals. If you only have time on your...
View Article8 Alternative Mac Browsers That Focus On Privacy, Anonymity And Security
Everybody knows the usual browser Google Chrome, Opera, Mozilla Firefox and Microsoft Internet Explorer. For those that are relatively new to web browser engine , there are 5 main rendering engine,...
View ArticleArby's fast food chain falls victim to security breach
Arby’s, the fast food chain that proudly proclaims it has the meats , apparently also has something else lax security. Krebs on Security reported Thursday that sources at nearly half a dozen banks and...
View ArticlePractical Steps for Protecting IoT Devices
The security of IoT devices is a high priority these days, as attackers can use Distributed Denial of Service (DDoS) attacks to target them and wreak havoc on a system. “Due to the sheer volume of...
View ArticlePonemon: Doubt Dogs IT On Security Tools, Spending
The Ponemon Institute shows how IT security staffs want better technology tools and better skill sets to ward off invasive threats. A major new survey by the Ponemon Institute has found that over...
View ArticleOne Step Closer To Crowdpatching and Patch Bounties
Launching 0patch Builder Things have been happening fast in the 0patch land lately: in the last few weeks we extended our OS coverage from windows to Ubuntu andFedora (still alpha, but major technical...
View Article