给产品经理讲技术|Web安全之:SQL注入攻击
【文章摘要】不过我们只需要记住一个原则就行了,永远不要相信外界输入的数据。现在扫描SQL注入的工具也有很多,上线前,多用安全工具扫一扫,防范有疏漏。 【相关推荐】 给产品经理讲技术|年入千万就指望它了,视频直播背后的技术 给产品经理讲技术|H5基础知识:表单 给产品经理讲技术|撩妹技术三部曲之“设计模式” 给产品经理讲技术丨没线,并不可怕? 给产品经理讲技术丨提需求的正确姿势是什么...
View Article华为钱晓斌:企业风险管理需充分重视的五大安全挑战
2016年6月24日-25日,由51CTO举办的 WOT2016企业安全技术峰会 将在北京JW万豪酒店召开。会前,51CTO记者采访了峰会特邀讲师、华为安全业务TMG主任钱晓斌,就企业安全风险管理,企业安全威胁中常见的DDoS攻击防护两方面的内容进行了深入交流。...
View Article从博客的搬迁到创造的乐趣
几天前因为一些很蠢的原因,我的域名被微信加入了黑名单,分享我的博客链接到朋友圈只有我自己能看见。还好我在大概两周前开始考虑博客搬迁的事情。我在万网买了 lutaonan.com 的域名,以后只要访问这个域名就能直接访问我的博客,RSS 地址为 http://lutaonan.com/rss 。 http://djyde.github.io 将不再更新,一个月后会强制定向到...
View ArticlePatching MyBB to use Bcrypt
So, it's now 2016. GPU password-cracking is pretty well-known and accessible, yet companies and developers are still using little more than md5 to hash customers' passwords! Notice I simply said...
View ArticleFlash Player更新 修复高危安全漏洞
Adobe公司近日发布了最新的Flash Player 22.0.0.192版本,目的是修复已发现的一个严重安全漏洞。 据悉,Adobe在几天前发现了一个名为CVE-2016-4171的安全漏洞,该安全漏洞对windows、Macintosh、linux操作系统具有影响,也就是说所有桌面电脑用户都被该漏洞威胁。 为此,Adobe抓紧发布了Flash Player...
View ArticleGoogle pays $550,000 to people who found security holes in Android - CNET
Google's Android mascot. Stephen Shankland/CNET Google paid 82 people a total of $550,000 in the last year for finding security vulnerabilities that could let hackers compromise phones, tablets, cars...
View ArticleWhat companies need to know when creating a BYOD work environment
Increase workforce agility and mobility by going BYOD. If you're considering implementing a BYOD (bring your own device) policy in your workplace, there are a few things you should consider before...
View ArticleGeek Reading June 17, 2016 #1130
It has been a while, but some security news leads our day. First, The Next Web reports on 45M passwords being stolen from over 1100 VerticalScope forums. This has the potential to bleed into another...
View ArticleHacker gives pro-ISIS Twitter users a pro-gay look - CNET
Twitter accounts associated with ISIS got gay pride graphics. Screenshot by Stephen Shankland/CNET A hacker associated with the Anonymous activist group has given several Twitter accounts a pro-gay...
View ArticleHow visibility can help detect and counter DDoS attacks
It’s been proven that preventive medical strategies are more cost-effective for treatment and better solutions to support long-term health than reactive medical measures. Anticipating issues and...
View ArticleHas TeamViewer Been Hacked?
Over the last month there have been numerous TeamViewer users reporting unauthorized access into their computers that resulted in financial loss and stolen credentials. TeamViewer is a software package...
View ArticleCVE-2016-2178: OpenSSL DSA follows a non-constant time codepath
Products Openwall GNU/*/linux server OS John the Ripper password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists for password...
View ArticleBuilding a BitTorrent client from scratch in C#
Back to index BitTorrent Building a BitTorrent client from scratch in C# BitTorrent History Components This Project Code Scope References Tools Testing BEncoding Decoding Encoding Torrents Structure...
View ArticleThe DAO is under attack, a third of its ether reserves stolen
The DAO , a digital Decentralised Autonomous Organisation that has been set up to support projects related to Ethereum, a public blockchain platform that allows programmable transactions, has been hit...
View ArticleWhy aren't PGP and SSH keys popular as a second factor?
One of the major up-and-coming MFA methods is U2F, which relies on an initial key exchange and challenge-response mechanism. It's a relatively new protocol, and is only starting to see more widespread...
View ArticleDan Guido: Modern iOS Application Security
As mobile applications still gain in popularity and more and more transactions are carried out via mobile devices, security is topic of growing importance. In his talk "Modern iOS Application...
View ArticleOfficial Adobe Flash uninstallers were a security hazard
The official uninstallers that Adobe supplied for those wishing to remove the plugin from their windows installation have for some time been supplying hackers with a ‘privilege escalation’ attack...
View ArticleJune security update lands for the Verizon Galaxy Note 5 and S6 edge+
Verizon has begun pushing out a new update to its Samsung Galaxy Note 5 andGalaxy S6 edge+ handsets in the past 24 hours. There aren’t any major new features packed in here, but the updates do include...
View ArticleEquinix Service Aims To Scrub Out DDoS Attacks
Equinix is making F5 Networks' Silverline protection available in a handful of its International Business Exchange data centers. Silverline can detect the launch of an attack as it makes use of the...
View Article鹅厂安全校招笔试题(转自PKAV)
某安全媒体上放了投稿人答案,其中诸多疏漏。中午我们pkav都做了一遍并且激烈的争论后得出的我们的答案,大家看一下是不是还有错的?本身我都标注了颜色什么的,但是发上来估计都没了。 说实在的这些题很多题目就有问题。。。可以争论的地方很多。 0×02 不定项选择题-30 1 应用程序开发过程中,下面那些开发习惯可能导致安全漏洞?() A 在程序代码中打印日志输出敏感信息方便调式 B...
View Article