Three layers of encryption keeps you safe when SSL/TLS fails
No 1Passworddata is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe...
View ArticleSHA1 collision via ASCII art
Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper , you'll find it all comes down to a small ~128 byte chunk of random-looking...
View ArticleGoogle震惊密码界,攻破了网络加密的基石SHA-1算法
雷锋网 (公众号:雷锋网) 消息,在美国的2月23日,Google在密码学领域干了一件大事,它宣布了一个公开的SHA-1算法碰撞方法,将这种算法攻破了。这也是对曾经在密码学中最流行的算法宣判死亡。不过好消息是,几乎没有人仍在使用SHA-1了,所以看到这篇文章的你,也不需要安装什么安全补丁。但Google公布的结果对网络安全仍有十分重大的意义。...
View ArticleIT security breaches: Why users shouldn't take all the blame anymore
Is it time to start blaming processes, not people? Image: iStock Cybersecurity professionals need to stop blaming users for being unable to follow security policies in the workplace, and realise that...
View ArticleTrump’s national security adviser knows the pitfalls of his job ― he wrote...
One of President Trump’s first and most controversial foreign policy moves was to reorganize the National Security Council, removing the chairman of the Joint Chiefs of Staff as a permanent member and...
View ArticleHow to assess security automation tools
This column is available in a weekly newsletter called IT Best Practices. Clickhere to subscribe. During my recent trip to Tel Aviv to attend CyberTech 2017, I had a one-on-one conversation with Barak...
View Article网络安全之App端安全漏洞:备份功能开启及本地拒绝服务漏洞解析
网络安全之App端安全漏洞:备份功能开启及本地拒绝服务漏洞解析 昨天来源:红黑联盟 网络安全之App端安全漏洞:备份功能开启及本地拒绝服务漏洞解析。上次介绍了有关 App 端敏感信息泄露的问题,那么在 App 端还有哪些安全漏洞值得开发者深思及注意呢? 当一款 App 装在手机 A 上,用户张三登录过该 App ,登录数据被保存在该手机 A 上。执行备份后在另一台手机 B 恢复,恢复完成后,在手机...
View Article伊朗黑客对中东发起名为Magic Hound的网络间谍行为
近期,安全研究人员发现被称为Magic Hound的网络间谍行为与伊朗黑客和Shamoon 2恶意软件有关。 针对中东的间谍行为 来自Palo Alto Networks的安全专家最近发现了一个与伊朗有关的最新网络间谍行为,攻击目标主要是一些中东组织。这个被称为Magic...
View Article【威胁通告】dotCMS SQL注入漏洞
阅读: 118 2017年2月15日,seclists.org网站发布了关于dotCMS存在SQL注入漏洞的消息。文章称,dotCMS 3.6.1及其之前的部分版本,在“/categoriesServlet”的q和inode参数上存在SQL注入,未经身份认证的攻击者可以利用该漏洞获取敏感数据。...
View ArticleCryptographic Pills Episode 1 - Modern Cryptography
In the last days I started to look at the Cryptography's Theory again. I guess it's an interesting subject for anyone involved in the IT world: for developers and security specialists understand some...
View ArticleNecurs Botnet Gets Proxy Module with DDOS Capabilities
Massive Necurs botnet, known for sending large spam campaigns, including the Locky ransomware that's been infecting countless computers, might soon be turned into a DDOS tool. According to a new study...
View ArticleMariadb基于ssl的主从复制
Mariadb基于ssl的主从复制 一、前言 备份数据库是生产环境中的首要任务,重中之重。一般配置中mariadb的主从传输是明文传输,但是有时候对一些特殊业务来说是不允许的,为了保证数据在传输过程中的安全性,因此使用基于SSL的复制会大大加强数据的安全性。 二、准备工作 1、实验系统环境:...
View ArticleGoogle shatters SHA-1, but don’t worry the Internet is still working
Whole areas of modern computing rely on the concept of certain things being “computationally infeasible” including encryption. “Computationally infeasible”meansmean that certain mathematical operations...
View ArticleWeb Development Reading List #171: Leaks, SHA-1 Collision, And Brotli
Web Development Reading List #171: Leaks, SHA-1 Collision, And Brotli ByAnselm Hannemann February 24th, 2017 Web Development Reading List Phew, what a week! Due to an HTML-parsing bug, Cloudflare...
View ArticleSuspect Arrested In Connection With Mirai Botnet
One million Deutsche Telekom customers were knocked offline in a November 2016 cyberattack. A 29-year-old man was arrested by British police at a London airport on Wednesday in connection with the...
View ArticleEverything You Need to Know About Cloudbleed, the Latest Internet Security...
Image: Cloudflare / Gizmodo Have you heard? A tiny bug in Cloudflare’s code has led an unknown quantity of data―including passwords, personal information, messages, cookies, and more― to leak all over...
View ArticleMalwarebytes teams up with Cybersecurity Factory
Malwarebytes is proud to support Cybersecurity Factory , a 10-week summer program for early-stage cybersecurity companies. This program runs in collaboration with Highland Capital Partners provides...
View ArticlePrivate messages and other sensitive data leaked by Cloudflare. Here’s what...
Welcome to The Dashlane Tech Check for February 24, 2017! I’ll help you catch up on all Dashlane -related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack...
View ArticleMonth in Review: Apple Security in February 2017
Another month, another round of Applesecurity news. Like last month, February has certainlykept the news coming―this time including a tidal wave of new malware designed to infect Macs. New Mac...
View ArticleThese rules force Internet providers to protect the data they have on you....
A person writing a review on a laptop. (iStock) Federal regulators on Monday will move to stop certain privacy regulations from going into effect that weredesignedto safeguard consumers' personal...
View Article