Clik here to view.
[安恒信息每日资讯 2016.08.04]
[安恒信息每日资讯2016.08.04] http://seclab.dbappsecurity.com.cn/?cat=15 [国际资讯] 1.越南调查显示机场被黑事件蓄谋已久,黑客或已潜伏2年 http://www.easyaq.com/newsdetail/id/2106034596.shtml 2.【DefCon2016】黑客用6美元打造出一款能够入侵酒店客房与POS系统的工具...
View ArticleClik here to view.
If You Fail to Plan
Contact Jason White If Only I Knew How A developer friend of mine (and his wife especially) wondered how I landed this magical job where I could work remote with occasional travel (I think they’d like...
View ArticleClik here to view.
Web Server Makers Plug Four Security Holes in HTTP/2 Protocol Implementation
Two Imperva researchers have worked closely with major Web server makers to plug four security vulnerabilities in the HTTP/2 protocol implementation that launched a year ago. HTTP/2 is the next...
View ArticleBest Of Black Hat Innovation Awards: And The Winners Are...
Best Of Black Hat Innovation Awards: And The Winners Are Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging...
View ArticleClik here to view.
牢牢锁定特权帐户的七个办法
【51CTO.com 快译】特权帐户(privileged account)到底是什么?为什么它们很重要? 特权帐户里面含有企业组织用来访问数据中心中和整个企业运行的所有设备的全部登录信息。这包括操作系统、数据库、程序和所有网络设备(比如路由器和交换机)的密码。 所以简而言之,访问特权帐户的密码无异于打开数据王国的钥匙。...
View ArticleResearchers Show How To Steal Payment Card Data From PIN Pads
Attack works even against chip-enabled EMV smartcards. BLACK HAT USA―Las Vegas―The manner in which many PIN pads used by consumers to pay for purchases and communicate with point-of-sale systems make...
View Article社工与社工库那些事
什么是社工?是不是经常听见说谁又被社工了,或者谁社工了谁?那么到底什么是社工?社工可与百度百科搜索社工得到的结果是不同的,可不是什么社会工作,或者社区工作,社工的全称是社会工程学。带上一个工程,再带上一个学字,然后觉得高端大气上档次了,哈哈。开个玩笑,言归正传! 社会工程学原理...
View ArticleClik here to view.
提升十倍!浪潮推针对Https的SSL解决方案
摘要:近年来互联网上的安全事故频发,因此行业内开始了新的一轮对互联网安全的大讨论。其中已经有20多年历史的Http协议备受争议,由于其采用明文传输,让黑客有了可乘之机。但是其"安全版本"Https处理效率慢导致的访问延时则成为阻碍其推广的一大瓶颈。近期,浪潮推出了针对Https的SSL加解密加速解决方案,使Https加解密效率提升十倍以上,保障访问安全的同时,不会影响网站访问的效率,为打造更安全的网...
View ArticleClik here to view.
Clik here to view.
百度安全受邀出席2016世界黑客大会 治愈全球安卓系统顽疾
2016年7月30日至8月8日,一年一度的BlackHat世界黑帽技术大会和DEFCON黑客大会在拉斯维加斯如期举行。来自全球的数万名顶级黑客汇聚于此,共同参与这场黑客界的年度大趴。...
View ArticleClik here to view.
黑客组团成功破解特斯拉自动驾驶系统
网易科技讯 8月5日消息,据美国《连线》杂志报道,近日,由美国南卡罗来纳州大学(University of South Carolina)、中国浙江大学以及中国安全厂商奇虎360相关人员共同组成的研究团队称他们利用现有的无线电设备以及声光发生器成功欺骗了特斯拉自动驾驶系统的传感器并使其失效,在实验中特斯拉的车载电脑因此出现了虚警和漏警现象。 今年5月电动汽车制造商特斯拉的一辆Model...
View ArticleClik here to view.
Phisherfolk phlock to Rio for the Olympics
Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 with IBM and Fortinet reporting new banking trojans and cyber crime activity in...
View ArticleEttercap劫持辅助Metasploit进行浏览器攻击
00x01 如果在同局域网下你想尝试攻破对方机器但是他并没有开放你可利用的端口进行攻击 但是你惊讶的发现,你在Http劫持的时候看到一个可疑的邮箱与密码,这样你便拿下了他的账户 但是你想深入到他的计算机中留下你想要的痕迹来显示你惊人的技术 But,你没有任何方式,只能眼睁睁的看着他逃脱你得魔爪,可是你甘心么? 00x02 攻击器前的准备 1#Kali系统一台 2#被攻击者邮箱 # # 00X03...
View ArticleClik here to view.
「GeekCar Daily」8.5:黑客入侵特斯拉 Autopilot,大陆集团开发自动驾驶技术
黑客侵入特斯拉 Autopilot,碰撞报警失效 美国南卡罗莱纳大学、浙江大学和奇虎 360 组成的团队,把特斯拉 Model S 的硬件重新配置后成功侵入了 Autopilot 半自动驾驶系统。这个团队用两套设备准确的干扰了特斯拉的雷达传感器,让车探测不出障碍物。团队还用另外一些设备让超声波传感器失效,在自动停车时不会对障碍物报警。...
View Article搞定互联网安全的四大计划
摘要:互联网安全正处于危机中。本文中,我们将为您提供四项切实可行的解决方案建议――包括一套自上而下的改变互联网运作的全方位的计划。 现如今,互联网可以说是无处不在。从我们手中的各种移动设备到我们工作所使用的电脑的互联,我们无时无刻不是生活和工作在其中的。但不幸的是,我们在线工作生活在安全保障方面并不充分。任何坚定的黑客都可以窃听到我们说过什么,并通过模仿冒充我们,执行各种网络恶意活动。...
View ArticleClik here to view.
iOS 9.3.4 released with an “important security fix” that patches Pangu...
Apple on Thursday unexpectedly released iOS 9.3.4, a minor update to the mobile operating system powering the iPhone, iPad and iPod touch. Release notes accompanying the small download mention that...
View ArticleKeycloak Admin Client(s) - multiple ways to manage your SSO system #keycloak...
Did you know that there are multiple ways to manage your Keycloak SSO system? 1. Keycloak Admin Web Console This is probably the most known possibility to manage your Keycloak installation: the Admin...
View ArticleClik here to view.
Evaluating Commercial Code for Security & Quality at Black Hat
Traveling to security conferences from Boston can be like a mini-reunion. On the flight into Las Vegas I ran into former colleagues from @stake, Veracode , Cigital , and Savant Protection (now part of...
View Article.NET Framework 4.6.2 Delivers WPF and Security Improvements
The latest release of the .NET Framework provides several new features centered around WPF and security― including some long-awaited improvements to ClickOnce deployed applications. Microsoft released...
View ArticleClik here to view.
iOS 9.3.4 released, fixing critical security hole. Update now
Apple has just released iOS 9.3.4, the latest versions of its mobile operating system for iPhone and iPad users, and owners of the devices are recommended to upgrade as soon as possible. The reason why...
View Article