Clik here to view.
Stop focusing your information security efforts on the wrong things!
There once was a time not all that long ago when security teams could plead ignorant to IT security risks, with minimal possible consequence in terms of any significant damage coming to the company....
View ArticleClik here to view.
AWS Security Profiles: Ken Beer, General Manager, AWS Key Management Service
In the weeks leading up to re:Invent , we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that...
View ArticleClik here to view.
5 Reasons to Require Full Disk Encryption
You may already know that enabling full disk encryption (FDE) for your fleet of user systems can prevent a future disaster. But for those who need some convincing, here are five reasons to require FDE....
View ArticleAnother Reason to Care About Security
This is likely a short and quiet day for many of you with Thanksgiving in the US tomorrow. Most people have tomorrow off in the US, and those that do business with the US may have a quiet couple of...
View ArticleClik here to view.
当中国剩余定理邂逅RSA
前言 实在不知道起什么标题,于是滑稽了一波。写这篇文章的起源是2018高校网络信息安全管理运维挑战赛的一道RSA题目,借此机会,将中国剩余定理与RSA的结合研究一下。 题目描述 拿到题目很简短 身陷囹圄 发现 assert gcd(e1,(p1-1)*(q1-1))==14assert gcd(e2,(p2-1)*(q2-1))==14 那么本能想到公约数的问题,于是尝试 gcd(n1,n2)...
View ArticleClik here to view.
CVE-2018-9581分析:安卓RSSI广播敏感信息泄露漏洞
概要 安卓操作系统的系统广播会暴露WiFi信号强度信息(RSSI)。设别上的所有应用都可以在没有额外权限的情况下获取WiFi信号强度信息。恶意应用可以用这些信息进行室内定位以定位和追踪用户。同样地,底层Android API也可以获取这些信息。 该漏洞CVE编号为CVE-2018-9489,影响所有的安卓版本。Google目前还没有完全修复该漏洞,但在Android 9 /...
View ArticleClik here to view.
俄罗斯黑客组织APT29新动向:使用新型恶意软件攻击美国实体
在11月16日,印度安全公司Cybaze的研究人员发现了一种归属于俄罗斯黑客组织APT29的新型恶意软件,它似乎与最近针对许多美国重要实体的攻击有关,这包括军事机构、执法部门、国防承包商、媒体公司和制药公司。...
View ArticleClik here to view.
传说中很黄很暴力的暗网,被黑客灭掉了一半……
欢迎关注“创事记”的微信订阅号:sinachuangshiji 文/谢幺谢幺 来源:浅黑科技(qianheikeji) 昨日在朋友圈看到一则消息:“ 暗网最大托管商被黑客攻击,6500+网站被删 ”,遂找了一位安全技术大佬聊了聊,给大家分享一下这个“黑吃黑”的小故事。 1 北京时间2018年11月16日早上9点,安全工程师小杨开机没两分钟就发现不太对劲:...
View ArticleSafari’s default media controls get blocked when applying a...
I recently ran into an unexpected road block trying to deploy a Content-Security-Policy on a website that relied on the native media controls provided for the HTML <audio> and <video>...
View ArticleClik here to view.
R_ggplot2基础(一)
作者: 李誉辉 四川大学在读研究生 1 ggplot2特点 采用 图层 的设计方式,有利于结构化思维 将表征数据和图形细节分开,能快速将图形表现出来,使创造性绘图更加容易,而不必纠结于图形的细节,细节可以后期慢慢调整 将常见的统计变换融入到了绘图中 有明确的起始(ggplot开始)与终止(一句话一个图层),图层之间的叠加是靠“+”实现的,越往后,其图层越在上方...
View ArticleClik here to view.
360无线安全负责人:如何对入侵做到未卜先知
内容来源: 2018 年 9 月 18 日,360集团无线安全负责人柴坤哲在“2018第三届SSC安全峰会-白帽子之夜”进行《后无线渗透利用的艺术与未卜先知》的演讲分享。IT 大咖说作为独家视频合作方,经主办方和讲者审阅授权发布。 阅读字数: 2828 | 8分钟阅读 获取嘉宾演讲视频及PPT ,请点击:t.cn/EAdw9Pe。 摘要...
View ArticleFancy Bear hacker crew Putin dirty RATs in Word documents emailed to govt...
Russian state-backed hacking crew Fancy Bear (aka APT28) is distributing malware-riddled files with a suggested link to the recent Lion Air crash in order to dupe government workers into downloading...
View ArticleGenerate Random Alphanumeric Strings inPHP
Let me begin this post by saying that almost no event is truly random. Even the outcome of a classic coin toss could in theory be predicted if we knew the effect of every factor involved, like air...
View ArticleClik here to view.
TrickBot’s Bigger Bag of Tricks
By Noel Anthony Llimos and Carl Maverick Pascual TrickBot continues to evolve as itadds more features to steal users’ credentials, the most recent development we published being thepwgrab32 module....
View ArticleWorldPress Websites to be Under a Thread
In October 2018, in a popular plugin for generating accelerated mobile pages AMP for WP, a vulnerability was discovered that allows any registered user to gain administrator privileges. NowWordPress...
View ArticleClik here to view.
EOS.IO节点如何使用SSL
这是有关如何使用EOS内置的 http_plugin 设置一个安全的HTTPS API的指南。自2018-04-27 release版发布以来SSL开始支持。 首先,你必须使用DAWN-2018-04-27-ALPHA以上版本。 如果你运行 nodeos --version 它应该输出 2594537369 。否则你必须进行版本更新。 要更新,请运行你的eos repo拷贝: $ cd...
View ArticleClik here to view.
百度杀毒软件正式谢幕 下一个会是谁?
摘要: 自从360搞了免费安全软件之后,杀毒软件这个市场现在越来越没什么利润可言了,特别是在个人市场上。除360外,国内的金山、百度、腾讯等公司之前都推出了安全卫士、杀毒软件,如今百度要第一个放弃了,旗下的百度杀毒、百度卫士已经不再更新,不过手机卫士还会继续存在。 ......
View ArticleAsynchronous Ratcheting Tree: Group Messaging with Strong Security Guarantees
Asynchronous Ratcheting Tree Asynchronous Ratcheting Tree (ART) is a protocol for end-to-end encrypted group messaging. It aims to provide scalable group messaging while maintaining strong security...
View ArticleClik here to view.
Hackers Hit Adult Furry Website, Exposing Hundreds of Thousands of Users
Photo: Getty The website for an adult furry game was hacked, with 411,000 unique email addresses and other personal information leaked, according to Have I Been Pwned’s Troy Hunt . The website hosted...
View ArticleDevelopments Around Cloud TAP Capability
Whether it’s for troubleshooting or for security monitoring purposes, being able to capture network packets from inside a network at strategic points is invaluable. Think, for instance, of users...
View Article
