国内首次公开僵尸网络主控服务器数量
2015年全年,360威胁情报中心共监测到僵尸网络主控服务器13599个。这是来自360威胁情报中心《DDoS攻击商业破坏力研究报告》的最新数据,也是国内首次公开僵尸网络主控服务器的数量。主控服务器是大量僵尸网络的控制者,可以称得上是僵尸网络中的僵尸王。...
View ArticleNode v6.2.2 (Current)
http : req.read(0) could cause incoming connections to stall and time out under certain conditions. (Fedor Indutny) #7211 When freeing the socket to be reused in keep-alive Agent wait for both...
View ArticleMongoDB Security: Why pay for Enterprise when Open Source has you covered?
Does ensuring MongoDB security justify the cost of the Enterpriseversion? In my opinion, the answer is no. MongoDBInc blasted anemail with astudyshowingthat the average cost of a data breach can be...
View ArticleHow Hired Hackers Got “Complete Control” Of Palantir
Palantir Technologies has cultivated a reputation as perhaps the most formidable data analysis firm in Silicon Valley, doing secretive work for defense and intelligence agencies as well as Wall Street...
View ArticleSecuring Citrix NetScaler VPX to score A+ rating on SSL Labs
I’ve received quite a few requests from clients over the past few months requesting to secure their NetScaler published services to score an A+ on Qualys SSL Labs: https://www.ssllabs.com/ssltest/ I’m...
View ArticleRig Exploit Kit sends Qbot Bot Configuration Traffic
Jun 17, 2016 by Analysis in Bot NOTES: In a May 30th, 2016 post I detailed how Rig Exploit Kit (EK) was using a redirect gate to send a bot . You can use that blog post to decipher the obfuscation...
View ArticleThis Is The Hacker Allegedly Behind The LinkedIn and MySpace Megabreaches
In the last few weeks, more than half a billion passwords stolen from some of the biggest social media websites in the world have been traded and sold in the internet’s underground. The data, taken...
View Article5 things you should know about password managers
New data breaches are coming to light almost weekly and they reveal a simple but troubling fact: many people still choose weak passwords and reuse them across multiple sites. The reality is,...
View ArticleR packaging industry close-up: How fast are we growing?
I worked a bit over the weekend preparing my talk to be delivered at the seminar organized by IBPAD this week at University of Brasilia, addressing the interfaces of Big Data and Society. I was...
View ArticleAndroid Security Rewards paid out half a million in 1st year
Apparently, crime really does pay. Okay, technically, not a crime, but rather finding vulnerabilities in the Android ecosystem. Google launched the Android Security Rewards last year as part of their...
View Article百度安全推家人守护 你回家的那天才是父亲节
近日,不少人的朋友圈都被百度安全《我与父亲的格子人生》这一H5刷屏,网友们看着画满格子的A4纸纷纷感慨时光易逝,要好好珍惜当下。...
View Article广州"伪基站"诈骗警情下降21%, 腾讯手机管家提供技术支持
近日,一则题为“广州男子弃车逃跑,留女伴在车内被抓”的新闻令人啼笑皆非。事实上,这是6月16日广州警方在召开打击“伪基站”与电信诈骗发布会时,公布的关于南沙“伪基站”团伙暴力拒捕的典型案例:广州一男子开车搭载“伪基站”设备,被发现后疯狂拒捕弃车逃跑,留女伴在车上被抓。...
View Article易观智库:5月腾讯手机管家跃升至移动APP总榜第七,月活1.8亿
日前,Analysys易观智库发布了2016年5月最受欢迎的移动APPTOP500榜单。除了微信、QQ等社交类以及视频、浏览器等APP外,腾讯手机管家成为唯一一款跻身前十强的安全类APP,以1.80亿月活跃用户数位列总榜第七,持续领跑安软行业。 (图:易观智库2016年5月移动APPTOP500榜单前十强)...
View Article让子弹多飞一会:论如何优化DDoS
假设1枚炮弹击中目标的伤害为10,而4枚炮弹同时击中目标的伤害为200。现在我方只有一门火炮,4枚炮弹。此火炮每次只能发射一枚炮弹。问如何操作可以使其伤害达到200? 答案是”让子弹多飞一会儿”,不过这个回答不是来自姜文的电影,而是源于美军在二战中提出的 MRSI (Multiple Rounds Simultaneous Impact)技术,粗糙的翻译一下就是“发射多次却同时命中”。...
View ArticleThe DAO Attack: Who’s To Blame?
Within the whirlwind of discussion after the recent DAO attack, some people within the community have developed a perspective surrounding the attacker that I’d like to challenge. The perspective is...
View ArticleAndorid Studio NDK开发-使用库
C语言是一个巨大的宝库,系统底层的很多的实现都是基于C语言实现的,比如图像处理,加密等。 C语言的运行效率也是很高的,因此为了效率有时候也会引入第三方的C语言库。 总而言之,会在NDK开发的过程中会使用大量的库,系统自带的库,第三方库等。 在 gradle-experimental 中使用C语言的库是非常便利的。 调用系统库...
View ArticleInsecure Direct Object Reference And Its Prevention Mechanism
Insecure Direct Object References occur if any application provides direct access to any object based on user-supplied inputs. As a result, the attackers can bypass the authorization of the...
View ArticleThe Pentagon expands program for hackers to test its security
Back in March, the US's Department of Defense launched a "Hack the Pentagon" campaign to get hackers to test their websites and security networks for vulnerabilities, without the threat of jail time....
View Article北约正式将网络确定为战场
据德国《画报(Bild)》报道, 6月14日北大西洋公约组织(NATO)秘书长斯托尔滕贝格(Jens Stoltenber)在比利时布鲁塞尔的一场新闻发布上宣布,“网络”将正式成为各北约成员国的战场。 这也意味着对北约成员国中任何一国的攻击将被视为对整个联盟的攻击,所有成员国应援助受攻击国家。...
View Article卡巴斯基团队能隔离数据传输的移动充电设备Pure.开启众筹
卡巴斯基实验室的The Future Crew团队在Kickstarter上发起了一项众筹活动-Pure.充电器接头配件,这款配件能够让用户的智能手机在连接公用场所或陌生电脑的非信任 USB端口充电时确保数据信息安全,不会被感染上恶意软件。目前,直接针对移动设备通过USB端口传播的恶意软件正成为新的安全威胁。...
View Article