万豪并购引发的网络安全事件给我们的启示
如果说曾经有完美的数据泄露包装案例,那就是万豪最新披露的megabreach事件。两周前,这家连锁酒店宣布,万豪旗下的喜达屋酒店客房预订系统曾在2014年遭受过黑客攻击――就在万豪收购喜达屋酒店资产(包括瑞吉酒店、威斯汀酒店、喜来登酒店和W酒店)的两年前――此次攻击可能导致5亿顾客个人信息的泄露。...
View ArticleSecure Random Number Generation in Java
If you’ve been developing software for a while, you know how to generate a random number and perhaps even securely with Java’s SecureRandom class. Unfortunately, generating secure random numbers is...
View ArticleiOS 签名机制
前言 学习iOS签名机制,可参考如下学习路线: 加密解密(对称DES 3DES AES、非对称RSA)--->单向散列函数(MD4、MD5、SHA1-3)--->数字签名--->证书--->签名机制 一、加密解密 1.1 对称和非对称 为了防止传输信息被窃听,需要对传输信息进行加解密。根据密钥的使用方法,可以将密码分为 2...
View ArticleThinkPHP5.x命令执行漏洞分析
0x01 Start 2018.12.10晚上,看到有人发tp5命令执行,第一眼看到poc大致猜到什么原因,后来看到斗鱼src公众号的分析文章。这里分析记录一下。 0x02 简单分析 tp的框架启动不具体说了,这里从App::run开始分析。App.php第116行调用routeCheck函数,该函数返回的内容为: array(2) { ["type"]=> string(6)...
View Article报告称无业黑客最高能年赚50万美元 靠测试漏洞赚赏金
[ 摘要 ]通过搜索安全漏洞,并在特斯拉等大公司报告安全问题,自由职业黑客中的精英分子每年可以赚逾50万美元,前50名黑客平均每年赚14.5万美元。 腾讯科技讯 据外媒报道,根据道德黑客平台Bugcrowd发布的新数据显示,通过搜索安全漏洞,并在特斯拉等大公司和国防部这样的组织中报告系统的问题,自由职业黑客中的精英分子每年可以赚逾50万美元。...
View ArticleKeep the Lights on Your NERC CIP Compliance with FireMon
As a big American football fan, I have always been amazed at the amount of preparation the teams and the National Football League (NFL) go through to handle all their challenges every season. There are...
View ArticleEmail security systems leave organizations vulnerable
Email and data security company Mimecast has released the results of its latest Email Security Risk Assessment (ESRA) which finds that mail security systems inaccurately deemed nearly 17,000 dangerous...
View ArticleNew Trojan Targets PayPal App
Add to favorites The malware also overlays HTML-based phishing screens for five apps Security researchers at Slovakia’s ESET have identified a new banking Trojan that bypasses PayPal’stwo-factor...
View ArticleAccessibility Trojan malware steals PayPal money
We love Greek mythology so we find the Trojan War story interesting. We like the Trojan horse but not the Trojan virus. Unfortunately, the latter is all we can experience. Actually, it’s something you...
View ArticleCipherTrace加密货币安全报告:2018全年黑客窃取金额达9.27亿美元
2018,是加密货币行业最跌宕起伏的一年,也是遭受黑客攻击最多的一年。 由于人们对加密货币的热情高涨,以及普及度越来越广泛,各种安全问题也随之而来。根据区块链安全公司CipherTrace发布的最新报告显示,今年黑客从加密货币相关平台和交易所窃取的金额高达9.27亿美元,而且黑客攻击数量也达到了去年的3.5倍。...
View ArticleWe Have a Lot of Wood to Cut!
Anytime an executive moves to a new company the first question they get is, “Why did you pick that company?” In the case of Onapsis, I leapt at the opportunity because we have a massive role to play...
View Article散列函数与分流算法
散列函数 散列函数(hash function)对一种对任意输入,都返回一个固定长度输出的函数。常被用来检测信息的完整性,常用的函数有MD5,SHA1等。下载软件时,有的网站会提供一个md5值,下载完成后可以计算软件的md5值,对比是否与网站上的一致。如果不一致,可能是没下完整,也可以是被黑客”改造后”的软件,尽量不要安装。 散列函数应该有以下特点: 同样的输入,保证会有同样的输出。...
View ArticleTigera Raises $30M Series B Led by Insight Venture Partners
The new funding will help Tigera accelerate its growth with the rapid enterprise adoption of Kubernetes SAN FRANCISCO (BUSINESS WIRE) Tigera, an enterprise software company providing security and...
View ArticleThe Linux Setup Roxy Dee, Security Architect
Like Ruby, I’m a big LXDE fan. It’s so light and quite configureable. Ruby is also a command line enthusiast, so it’s no surprise to see terminal listed as an essential program. It’s also interesting...
View ArticleAustralian Assistance and Access Act
Danny O’Brien : With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the...
View ArticleThe evolution of Microsoft Threat Protection, December update
December was another month of significant development for Microsoft Threat Protection capabilities. As a quick recap, Microsoft Threat Protection is an integrated solution securing the modern...
View ArticleThe Personal Security Footprint Review
Once a year around this time I like to do some “winter cleaning” of my personal security footprint, mostly covering passwords and internet service accounts I have that may be out-of-date, unmaintained,...
View ArticleThe Next Shiny Object
“Four years!” As soon as the words left my mouth, I regretted saying them. Not because they were wrong, rather the incredulousness in my voice was instantly met with furrowed brows and folded arms....
View ArticleTigera raises $30M Series B for its Kubernetes security and compliance platform
Tigera , a startup that offers security and compliance solutions for Kubernetes container deployments, today announced that it has raised a $30 million Series B round led by Insight Partners. Existing...
View ArticleKey Escrow that Might Work
Instead of encrypting everything with a single government key, several government agencies need to provide new public keys every day. The private key must be under the control of a court. Each secure...
View Article
More Pages to Explore .....