Tagged articles

information security

1019 articles · Page 10 of 11
21CTO
21CTO
Apr 2, 2018 · Information Security

Why HTTPS Needs Both Symmetric and Asymmetric Encryption Explained

This article walks through a step‑by‑step reconstruction of HTTPS design, showing why secure communication requires per‑client symmetric keys negotiated via asymmetric encryption, digital certificates from trusted CAs, and how signatures and random numbers protect against man‑in‑the‑middle attacks.

EncryptionHTTPSdigital certificate
0 likes · 13 min read
Why HTTPS Needs Both Symmetric and Asymmetric Encryption Explained
Tencent Cloud Developer
Tencent Cloud Developer
Apr 2, 2018 · Information Security

Game Security Technology Salon: DDoS Defense and Anti-Cheat Solutions

The Tencent Cloud GAME-TECH Salon in Beijing on April 13 will examine DDoS attack trends, showcase the new Aegis high‑defense solution, and provide game developers with multi‑scenario risk analysis, optimal defense strategies, and real‑world case studies to strengthen operational security and cost‑effective protection.

Cloud ProtectionDDoS DefenseGame Security
0 likes · 3 min read
Game Security Technology Salon: DDoS Defense and Anti-Cheat Solutions
MaGe Linux Operations
MaGe Linux Operations
Mar 26, 2018 · Information Security

Understanding HTTPS: Why Encryption Matters and How It Works

This article explains what HTTPS is, why encrypting HTTP traffic is essential, how symmetric and asymmetric encryption protect data, the role of certificates and public‑key infrastructure, and the performance impact of the HTTPS handshake, providing a concise Q&A guide for beginners.

EncryptionHTTPSinformation security
0 likes · 11 min read
Understanding HTTPS: Why Encryption Matters and How It Works
Meituan Technology Team
Meituan Technology Team
Feb 2, 2018 · Information Security

Detection Techniques for Xposed Installer and Cydia Substrate on Android

The article explains how Android hooking frameworks Xposed Installer and Cydia Substrate operate and provides practical Java‑ and native‑level detection methods—such as package‑name checks, stack‑trace inspection, memory‑map scanning, and signature matching—to identify their presence and strengthen app security.

AndroidCydia SubstrateHook Detection
0 likes · 15 min read
Detection Techniques for Xposed Installer and Cydia Substrate on Android
360 Quality & Efficiency
360 Quality & Efficiency
Jan 22, 2018 · Information Security

High‑Risk Android WebView Cross‑Origin Access Vulnerability – Description, Impact, Detection, and Mitigation

A security bulletin released on January 9 2018 details a critical Android WebView cross‑origin vulnerability that can expose user privacy data and credentials, outlines its widespread impact on many apps, and provides detection tools and concrete remediation steps for developers.

AndroidCross-OriginSecurity Vulnerability
0 likes · 4 min read
High‑Risk Android WebView Cross‑Origin Access Vulnerability – Description, Impact, Detection, and Mitigation
Suning Technology
Suning Technology
Jan 17, 2018 · Information Security

How Suning Built a Robust Security Architecture for E‑Commerce

This article examines Suning's evolution from a basic network‑operations unit to a comprehensive security ecosystem, detailing its organizational structure, protection platforms, integrated risk‑control mechanisms, big‑data threat perception system, and management processes that together safeguard its e‑commerce operations.

Risk ManagementThreat Detectione-commerce
0 likes · 12 min read
How Suning Built a Robust Security Architecture for E‑Commerce
MaGe Linux Operations
MaGe Linux Operations
Jan 4, 2018 · Information Security

Unveiling Meltdown: How Speculative Execution Leaks Data and How to Fix It

The article explains the Meltdown CPU vulnerability discovered by Google Project Zero, detailing its speculative‑execution root cause, how attackers can read protected memory across virtual machines, the performance‑impacting OS‑level mitigations like KPTI, and the broader implications for cloud providers and users.

CPU vulnerabilityKPTIMeltdown
0 likes · 7 min read
Unveiling Meltdown: How Speculative Execution Leaks Data and How to Fix It
Ctrip Technology
Ctrip Technology
Nov 30, 2017 · Information Security

Machine Learning Practices for Web Attack Detection in Ctrip's Nile System

This article describes how Ctrip's security team replaced rule‑based web attack detection with a Spark‑powered machine‑learning pipeline, detailing the system architecture, feature engineering using TF‑IDF, model training, evaluation, online deployment, and future enhancements to improve detection accuracy and performance.

Anomaly DetectionPythoninformation security
0 likes · 17 min read
Machine Learning Practices for Web Attack Detection in Ctrip's Nile System
21CTO
21CTO
Nov 24, 2017 · Information Security

Why Linus Torvalds Slammed Kernel Security Hardening – A Deep Dive

Linus Torvalds publicly rebuked recent kernel security hardening attempts, arguing that such changes often introduce bugs, should be deferred until final review, and that many security developers act irrationally, sparking a heated debate on the Linux mailing list.

Linus TorvaldsLinuxhardening
0 likes · 3 min read
Why Linus Torvalds Slammed Kernel Security Hardening – A Deep Dive
ITPUB
ITPUB
Nov 21, 2017 · Information Security

Why Linus Torvalds Slammed Security‑Hardening Patches in Linux 4.15

During the debate over new features for Linux kernel 4.15, Linus Torvalds harshly rejected security‑hardening changes proposed by Kees Cook, calling them unnecessary bugs and criticizing the approach of killing processes to enforce new rules.

Linus TorvaldsLinuxUsercopy
0 likes · 6 min read
Why Linus Torvalds Slammed Security‑Hardening Patches in Linux 4.15
21CTO
21CTO
Nov 8, 2017 · Information Security

How an Alibaba iOS Engineer Built a Mobile Anti‑Phishing Shield

An interview with Alibaba Security's iOS lead reveals his personal journey, the development of a global anti‑phishing feature for the 钱盾 app, and insights on KPI, product‑operation collaboration, and the broader challenges of delivering security innovations on mobile platforms.

AlibabaiOS developmentinformation security
0 likes · 9 min read
How an Alibaba iOS Engineer Built a Mobile Anti‑Phishing Shield
MaGe Linux Operations
MaGe Linux Operations
Oct 18, 2017 · Information Security

How Zabbix Guest Access Enables Unauthenticated SQL Injection – Full Exploit Walkthrough

This article details a high‑severity SQL injection vulnerability in Zabbix’s jsrpc.php profileIdx2 parameter that allows unauthenticated attackers to gain system privileges, outlines its impact, demonstrates testing methods with screenshots, analyzes the vulnerable code paths, and recommends mitigation steps such as upgrading, patching, and disabling the guest account.

Guest accessPATCHSQL Injection
0 likes · 5 min read
How Zabbix Guest Access Enables Unauthenticated SQL Injection – Full Exploit Walkthrough
Alibaba Cloud Developer
Alibaba Cloud Developer
Oct 15, 2017 · Information Security

How Alibaba’s Data Security Maturity Model (DSMM) Is Shaping China’s Data Protection Landscape

The article explains Alibaba's Data Security Maturity Model (DSMM), its partnership program, the involvement of 17 leading security firms, and how the model aims to improve data security capabilities across industries by establishing standardized assessment criteria and fostering ecosystem collaboration.

AlibabaBig DataDSMM
0 likes · 10 min read
How Alibaba’s Data Security Maturity Model (DSMM) Is Shaping China’s Data Protection Landscape
21CTO
21CTO
Sep 19, 2017 · Information Security

What Really Caused the Equifax Breach? Unpacking Apache Struts Vulnerabilities (CVE‑2017‑5638 & CVE‑2017‑9805)

The Equifax data breach exposed 143 million Americans' personal information due to unpatched Apache Struts flaws, chiefly CVE‑2017‑5638 and possibly CVE‑2017‑9805, prompting a swift response from the Apache Software Foundation and highlighting the critical need for timely vulnerability management.

Apache StrutsCVE-2017-5638CVE-2017-9805
0 likes · 7 min read
What Really Caused the Equifax Breach? Unpacking Apache Struts Vulnerabilities (CVE‑2017‑5638 & CVE‑2017‑9805)
Didi Tech
Didi Tech
Sep 8, 2017 · Industry Insights

How Didi’s “Orange Pile” Unified Mobile Platform Boosted Employee Productivity

The article details how Didi’s internal app “Orange Pile” consolidated scattered workplace tools into a single mobile platform, describing the technical challenges, security measures, user‑experience improvements, ecosystem integration, adoption metrics, and future development plans.

Case StudyInternal toolsinformation security
0 likes · 7 min read
How Didi’s “Orange Pile” Unified Mobile Platform Boosted Employee Productivity
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
Aug 29, 2017 · Information Security

Rethinking Web Security: A Front‑End Perspective on Attack and Defense

From a front‑end engineer’s viewpoint, this article dissects web security as a holistic system, examines attack motives, targets, and vectors across browsers, transmission channels, and servers, and proposes coordinated front‑end and back‑end defenses such as encryption, signing, XSS filtering, URL whitelisting, and CSRF mitigation.

Defense Strategiesattack vectorsfrontend
0 likes · 14 min read
Rethinking Web Security: A Front‑End Perspective on Attack and Defense
21CTO
21CTO
Aug 27, 2017 · Information Security

How to Secure User Passwords: From Weak Hashes to PBKDF2, bcrypt, and scrypt

This article examines common password‑storage techniques, explains why plain‑text, symmetric encryption, and simple hashes are insecure, and demonstrates how modern algorithms like PBKDF2, bcrypt, and scrypt, together with proper salting and iteration, can effectively protect user credentials against large‑scale cracking attacks.

EncryptionHashingPBKDF2
0 likes · 8 min read
How to Secure User Passwords: From Weak Hashes to PBKDF2, bcrypt, and scrypt
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
Aug 20, 2017 · Information Security

How a Web‑Ad Trojan Exploits IE to Deploy Crypto Mining

Tencent's security lab uncovered a large‑scale trojan spread via pornographic web ads that exploits the CVE‑2016‑0189 IE vulnerability, installs a backdoor, and runs a Zcash mining program, while also distributing Linux malware and controlling numerous C&C servers across Chinese provinces.

CVE-2016-0189IE vulnerabilityMalware Analysis
0 likes · 8 min read
How a Web‑Ad Trojan Exploits IE to Deploy Crypto Mining
MaGe Linux Operations
MaGe Linux Operations
Aug 19, 2017 · Information Security

How XShell Became a Backdoor: Deep Dive into Its Malicious Shellcode

Tencent Security Lab dissected the compromised XShell remote terminal, revealing a three‑stage malicious process where patched binaries load encrypted shellcode, exfiltrate system information via dynamically generated DGA domains, and ultimately deploy a svchost‑based payload, with detailed IOC listings and remediation advice.

DGAIOCMalware Analysis
0 likes · 7 min read
How XShell Became a Backdoor: Deep Dive into Its Malicious Shellcode
Alibaba Cloud Developer
Alibaba Cloud Developer
Aug 16, 2017 · Artificial Intelligence

Why Alibaba’s AI and Security Leaders Made MIT’s TR35 List in 2017

In August 2017 MIT Technology Review honored Alibaba AI Lab chief scientist Wang Gang and Alibaba Cloud chief security scientist Wu Hanqing as part of its global TR35 young innovators, marking the first time two researchers from a Chinese company appeared on the prestigious list and highlighting China’s rising influence in AI and security research.

Alibaba AIMIT TR35Tech Innovation
0 likes · 5 min read
Why Alibaba’s AI and Security Leaders Made MIT’s TR35 List in 2017
MaGe Linux Operations
MaGe Linux Operations
Aug 15, 2017 · Information Security

Xshell Backdoor Discovered in Build 1326 – Critical Security Alert

A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.

Remote Code ExecutionVulnerabilitybackdoor
0 likes · 4 min read
Xshell Backdoor Discovered in Build 1326 – Critical Security Alert
Efficient Ops
Efficient Ops
Aug 14, 2017 · Information Security

Critical Xshell Backdoor Alert: How Malicious DLLs Leak Data and What to Do

A recent security advisory reveals that popular remote terminal Xshell versions contain a backdoor in the nssock2.dll component, enabling shellcode to harvest host information, generate monthly DGA domains, and potentially expose sensitive data, prompting immediate version checks and upgrades.

DGAMalwareXshell
0 likes · 6 min read
Critical Xshell Backdoor Alert: How Malicious DLLs Leak Data and What to Do
21CTO
21CTO
Aug 13, 2017 · Information Security

How Researchers Root Amazon Echo to Turn It Into a Stealthy Audio Spy

Security researchers discovered a physical attack vector on Amazon Echo that exposes its debug panel and allows booting from an external SD card, enabling persistent root access, covert audio streaming, and a full remote control backdoor, with detailed hardware and firmware exploitation steps provided.

Amazon EchoRoot Accessaudio eavesdropping
0 likes · 11 min read
How Researchers Root Amazon Echo to Turn It Into a Stealthy Audio Spy
DevOps
DevOps
Aug 10, 2017 · Information Security

Securing VSTS with Azure Conditional Access: A Step‑by‑Step Guide

This article explains how to protect Visual Studio Team Services (VSTS) by integrating Azure Conditional Access, covering account binding, rule creation, user and group selection, condition settings such as sign‑in risk and location, and testing the resulting access restrictions.

Azure ADAzure Conditional Accesscloud security
0 likes · 6 min read
Securing VSTS with Azure Conditional Access: A Step‑by‑Step Guide
21CTO
21CTO
Jul 18, 2017 · Information Security

Why ECC Is Outpacing RSA: History, Algorithms, and Performance Benchmarks

This article traces the evolution of cryptography from ancient substitution ciphers to modern standards like DES, RSA, and ECC, explains symmetric and asymmetric encryption, compares ECC and RSA in security and efficiency, and presents cloud‑server performance tests showing ECC‑256’s superiority in speed and resource usage.

ECCEncryptionRSA
0 likes · 9 min read
Why ECC Is Outpacing RSA: History, Algorithms, and Performance Benchmarks
21CTO
21CTO
Jul 11, 2017 · Fundamentals

From Mainframes to Cloud‑Native OS: How Elastos Envisions the Next Generation of Operating Systems

This extensive essay traces the evolution of computer operating systems from the 1940s to today, analyzes the limitations of current OS architectures, and proposes a cloud‑native, container‑based future exemplified by the open‑source Elastos platform, highlighting security, interoperability, and new business models.

Cloud ComputingIoTOperating Systems
0 likes · 37 min read
From Mainframes to Cloud‑Native OS: How Elastos Envisions the Next Generation of Operating Systems
Ctrip Technology
Ctrip Technology
Jul 6, 2017 · Information Security

Automating Web Vulnerability Detection at Ctrip: Architecture and Implementation of the Hulk Project

This article describes Ctrip's automated web vulnerability detection system, detailing the shift from active to passive scanning, the distributed architecture using traffic mirroring, message queues, Redis, and MySQL, and the processes for data collection, de‑duplication, scanning, and vulnerability management.

Ctripdistributed architectureinformation security
0 likes · 8 min read
Automating Web Vulnerability Detection at Ctrip: Architecture and Implementation of the Hulk Project
MaGe Linux Operations
MaGe Linux Operations
Jun 28, 2017 · Information Security

Build a Python Wi‑Fi Scanner to Test Weak Passwords

This guide walks through setting up Python 2.7 with the pywifi module, preparing a dictionary of common Wi‑Fi passwords, configuring a scanner, scanning nearby hotspots, testing each network, and recording results to identify vulnerable access points.

Network ScanningPassword CrackingWiFi
0 likes · 3 min read
Build a Python Wi‑Fi Scanner to Test Weak Passwords
21CTO
21CTO
Jun 24, 2017 · Information Security

Why 95% of Web Traffic Is Bots: Inside the Crawling Arms Race

The article explores the hidden, high‑traffic world of web crawlers and anti‑crawling measures, revealing why most online requests are bots, how companies decide to crawl or block, the technical and organizational challenges involved, and what the future may hold for this perpetual cat‑and‑mouse game.

Industryanti‑crawlingbackend
0 likes · 22 min read
Why 95% of Web Traffic Is Bots: Inside the Crawling Arms Race
Architects Research Society
Architects Research Society
Jun 6, 2017 · Information Security

Embedded vs. Bolt‑On Security in the Internet of Things: Risks and Mitigation Strategies

The article examines how built‑in (embedded) security differs from bolt‑on security in IoT devices, outlines real‑world attack scenarios—including physical and network exploits—and recommends foundational security designs to protect connected sensors, actuators, and smart environments.

IoT Securitybolt‑on securityembedded security
0 likes · 8 min read
Embedded vs. Bolt‑On Security in the Internet of Things: Risks and Mitigation Strategies
Ctrip Technology
Ctrip Technology
Jun 5, 2017 · Information Security

Evolution of Ctrip's Graphical Captcha Service: From 1.0 to 2.0

This article recounts the development of Ctrip's graphical captcha system, describing its early .NET‑based implementation, the challenges encountered such as uniform difficulty, limited data collection, and poor user experience, and how successive redesigns—including multilingual support, adaptive difficulty, and slider‑plus‑character selection—balanced security and usability.

Risk Managementauthenticationcaptcha
0 likes · 14 min read
Evolution of Ctrip's Graphical Captcha Service: From 1.0 to 2.0
MaGe Linux Operations
MaGe Linux Operations
Jun 4, 2017 · Information Security

How Fireball Malware Hijacked 250 Million Browsers – Origins, Impact, and Defense

Check Point researchers reveal that the Fireball malware, linked to Chinese firm Rafotech, has infected up to 250 million Windows and macOS computers worldwide by bundling malicious browser extensions, hijacking search engines, and enabling extensive data theft, prompting detailed analysis of its origin, impact, and mitigation steps.

FireballMalwareRafotech
0 likes · 7 min read
How Fireball Malware Hijacked 250 Million Browsers – Origins, Impact, and Defense
MaGe Linux Operations
MaGe Linux Operations
Jun 3, 2017 · Information Security

The Dark Side of Web Crawling: Industry Secrets, Technical Battles, and Future Trends

This article explores the hidden, often unglamorous world of web crawling and anti‑crawling, detailing why companies need these technologies, the massive traffic they generate, the technical arms race between crawlers and defenders, and the evolving strategies and challenges that shape the industry today.

anti‑crawlinge-commerceinformation security
0 likes · 21 min read
The Dark Side of Web Crawling: Industry Secrets, Technical Battles, and Future Trends
Ctrip Technology
Ctrip Technology
May 22, 2017 · Information Security

The Dark Side of Web Crawling and Anti‑Crawling: Industry Realities and Technical Strategies

This article examines the hidden, often unglamorous world of web crawling and anti‑crawling, revealing why companies deploy aggressive scraping and defensive measures, the technical arms race between crawlers and defenders, the impact on engineers' careers, and future trends in this contested space.

Data Scrapinganti‑crawlinginformation security
0 likes · 21 min read
The Dark Side of Web Crawling and Anti‑Crawling: Industry Realities and Technical Strategies
MaGe Linux Operations
MaGe Linux Operations
May 15, 2017 · Information Security

Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution

An unauthenticated remote attacker can exploit a flaw in Linux kernel versions prior to 4.5’s udp.c, using crafted UDP packets with MSG_PEEK to trigger an unsafe checksum calculation, achieving arbitrary code execution and potential privilege escalation, though the vulnerability’s impact is limited due to rare MSG_PEEK usage.

CVE-2016-10229Linux kernelRemote Code Execution
0 likes · 4 min read
Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution
JD Retail Technology
JD Retail Technology
May 11, 2017 · Information Security

Unmanned Customer Service System Architecture and Security Testing Overview

This article explains the concept and architecture of an unmanned customer service system, outlines its security testing strategy—including interface, vulnerability scanning, privilege and data protection tests—describes database and web security methods, and provides practical command examples and tool recommendations.

SQLMapinformation securitysecurity testing
0 likes · 14 min read
Unmanned Customer Service System Architecture and Security Testing Overview
Architecture Digest
Architecture Digest
May 1, 2017 · Information Security

Overview and Architecture of the Xplico Network Forensics Tool

Xplico is an open‑source network forensics platform that reconstructs application‑level data from captured traffic, supporting numerous protocols, offering modular decoding, multithreaded processing, and flexible output to databases or files, making it valuable for security analysis and incident response.

Xplicoinformation securitynetwork forensics
0 likes · 9 min read
Overview and Architecture of the Xplico Network Forensics Tool
dbaplus Community
dbaplus Community
Apr 20, 2017 · Information Security

How Oracle Rootkits Hide Backdoors: Techniques, Code Samples, and Detection

This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.

OracleRootkitVulnerability
0 likes · 19 min read
How Oracle Rootkits Hide Backdoors: Techniques, Code Samples, and Detection
Efficient Ops
Efficient Ops
Apr 19, 2017 · Information Security

From Zero to Secure: How Zhaogang Built Its Information Security Operations

This article details Zhaogang's journey from a chaotic startup environment to a mature, multi‑stage security operation, covering its background, the four‑phase security framework, traditional security domains, and practical strategies for driving security initiatives across the organization.

B2BRisk ManagementSecurity Operations
0 likes · 17 min read
From Zero to Secure: How Zhaogang Built Its Information Security Operations
MaGe Linux Operations
MaGe Linux Operations
Apr 1, 2017 · Information Security

Hardening Linux Servers: Essential SSH & Firewall Configurations

This guide explains how to secure Linux servers against common attacks by configuring SELinux, iptables, SSH public‑key authentication, and immutable file attributes, while also showing real‑world scan results and practical hardening steps.

SSH Hardeningfirewallinformation security
0 likes · 7 min read
Hardening Linux Servers: Essential SSH & Firewall Configurations
Efficient Ops
Efficient Ops
Mar 23, 2017 · Information Security

Why Weak Passwords Still Threaten Enterprises: Real-World DevOps Security Risks

The article examines common security risks such as weak passwords, GitHub credential leaks, and misconfigurations in DevOps pipelines, illustrating how attackers exploit these flaws and offering practical mitigation strategies like access control, least‑privilege policies, robust password rules, and vulnerability tracking.

git securityinformation securitypassword policy
0 likes · 10 min read
Why Weak Passwords Still Threaten Enterprises: Real-World DevOps Security Risks
360 Zhihui Cloud Developer
360 Zhihui Cloud Developer
Mar 23, 2017 · Information Security

Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide

This article provides a comprehensive, step‑by‑step tutorial on installing and configuring Search Guard for Elasticsearch, covering feature overview, version compatibility, downloading required packages, local installation commands, SSL/TLS certificate generation, and detailed security settings to protect both transport and REST layers.

ElasticsearchInstallationSSL/TLS
0 likes · 11 min read
Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide
ITPUB
ITPUB
Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL InjectionServer Exploitation
0 likes · 17 min read
Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques
Nightwalker Tech
Nightwalker Tech
Mar 2, 2017 · Information Security

Techniques and Tools for Anti‑Spam Content Filtering in PHP

The discussion outlines practical anti‑spam strategies—including text length limits, keyword replacement, trie‑based data structures, AC automata, Bayesian and vector‑similarity algorithms, and PHP extensions such as libdatrie—while also sharing performance metrics and resource links for implementing robust content filtering systems.

PHPTriecontent filtering
0 likes · 4 min read
Techniques and Tools for Anti‑Spam Content Filtering in PHP
Ctrip Technology
Ctrip Technology
Jan 13, 2017 · Information Security

Ctrip Business Security: From Business‑Driven to Technology‑Driven Defense

This article outlines Ctrip's comprehensive business security strategy, detailing four major risk types, three core protection systems—including a unified captcha, a real‑time risk control engine, and a risk data platform—followed by a technology‑driven architecture, new captcha services, and future security directions.

Risk Managementbusiness securityfraud detection
0 likes · 11 min read
Ctrip Business Security: From Business‑Driven to Technology‑Driven Defense
Efficient Ops
Efficient Ops
Jan 4, 2017 · Information Security

How Deep Defense and Log Analysis Can Thwart Intrusions

This article explains Google’s BeyondCorp concept, the need for deep defense of internal and perimeter networks, and provides practical Linux scripts for monitoring processes, ports, command usage, system events, file changes, and SFTP activity to detect and mitigate host intrusions.

Deep DefenseLinux monitoringhost intrusion detection
0 likes · 10 min read
How Deep Defense and Log Analysis Can Thwart Intrusions
Efficient Ops
Efficient Ops
Dec 19, 2016 · Operations

What 16 Major 2016 Outages Teach Us About Disaster Recovery

This article reviews sixteen notable 2016 service outages across finance, cloud, and entertainment, analyzes their causes—ranging from power failures to DDoS attacks—and highlights the critical need for robust disaster‑recovery and information‑security practices.

Incident ManagementOperationsinformation security
0 likes · 11 min read
What 16 Major 2016 Outages Teach Us About Disaster Recovery
WeChat Backend Team
WeChat Backend Team
Dec 7, 2016 · Information Security

Unlocking TLS: Design Goals, History, and Modern Secure Communication

This article explores the TLS protocol in depth, outlining its design objectives, cryptographic foundations, historical evolution, detailed handshake and record layer mechanisms, security analyses, common pitfalls, and lessons for designing robust modern encrypted communication protocols.

information securityprotocol designsecure communication
0 likes · 12 min read
Unlocking TLS: Design Goals, History, and Modern Secure Communication
MaGe Linux Operations
MaGe Linux Operations
Nov 7, 2016 · Information Security

Why Banks Stay Silent on DDoS Attacks and How to Build Robust Defenses

The article examines why financial institutions keep DDoS incidents under wraps, shares insights from senior security officers, and outlines six practical strategies—including real‑time defense preparation, upstream mitigation, application‑layer protection, collaboration, emergency planning, and vigilance against secondary attacks—to strengthen resilience against increasingly sophisticated distributed denial‑of‑service threats.

Cyber DefenseDDoSbanking
0 likes · 10 min read
Why Banks Stay Silent on DDoS Attacks and How to Build Robust Defenses
Qunar Tech Salon
Qunar Tech Salon
Oct 10, 2016 · Information Security

Evolution of Ctrip's Risk Defense Systems: From .NET Era to the Ares Platform

This article reviews the rapid growth of China’s OTA market, the rise of black‑market threats, and how Ctrip’s security team has iteratively redesigned its risk‑defense architecture—from a .NET‑based real‑time system, through an offline risk‑library, to the integrated Ares platform—highlighting each stage’s strengths, shortcomings, and lessons learned.

Ares platformCtripRisk Management
0 likes · 11 min read
Evolution of Ctrip's Risk Defense Systems: From .NET Era to the Ares Platform
Node Underground
Node Underground
Sep 29, 2016 · Information Security

What Critical Security Fixes Did Node.js Release on Sep 28?

On September 28 Node.js issued four security updates—including maintenance releases 0.10.47 and 0.12.16, LTS 4.6.0 Argon, and stable 6.7.0—addressing multiple CVEs such as wildcard certificate validation, HTTP header validation, OCSP extension misuse, and the SWEET32 attack, and urging users to upgrade promptly.

CVENode.jsOpenSSL
0 likes · 3 min read
What Critical Security Fixes Did Node.js Release on Sep 28?
Architects' Tech Alliance
Architects' Tech Alliance
Sep 7, 2016 · Operations

How Agentless Backup Works in Cloud Environments and Its Trade‑offs

The article examines agentless backup technology, comparing its implementation in virtualized and physical environments, detailing supported interfaces, evaluating a real‑world Asigra Cloud Backup case, and discussing security risks, performance impacts, and when traditional agents remain necessary.

Cloud BackupData ProtectionOperations
0 likes · 7 min read
How Agentless Backup Works in Cloud Environments and Its Trade‑offs
Efficient Ops
Efficient Ops
Aug 29, 2016 · Information Security

How Tencent Secures Mobile Games: Inside Their Anti‑Cheat Architecture

This article details Tencent's comprehensive game security approach, covering common threats like cheats and malware, the value and cost of security systems, architectural design, core protection modules, operational results, and the company's external security services for game developers.

Game SecurityMobile GamesTencent
0 likes · 18 min read
How Tencent Secures Mobile Games: Inside Their Anti‑Cheat Architecture
ITPUB
ITPUB
Aug 22, 2016 · Information Security

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.

PATCHSQL InjectionVulnerability
0 likes · 4 min read
How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability
Baidu Intelligent Testing
Baidu Intelligent Testing
Jun 28, 2016 · Information Security

Business Security Testing: Concepts, Techniques, and Practical Tools

This article introduces business security testing, explaining its background, overall workflow, and detailed techniques such as network request interception with tools like TamperIE, Chrome DevTools, and tcpdump, as well as cookie manipulation, backend authentication forging, and replay attacks on GET and POST interfaces.

Network Interceptionbusiness securitycookie tampering
0 likes · 12 min read
Business Security Testing: Concepts, Techniques, and Practical Tools
Ctrip Technology
Ctrip Technology
Jun 16, 2016 · Information Security

Ctrip Achieves ISO 27001 Certification, Strengthening Information Security for Online Travel Services

Ctrip has become the first Chinese online travel service to obtain ISO 27001 certification, demonstrating enhanced information security management for its financial and business‑travel divisions and reassuring users that their personal and payment data are protected throughout the booking process.

CtripData ProtectionISO 27001
0 likes · 6 min read
Ctrip Achieves ISO 27001 Certification, Strengthening Information Security for Online Travel Services
ITPUB
ITPUB
May 11, 2016 · Information Security

Uncovering a Hidden Compiler Backdoor on a 3B2 System – A Day‑by‑Day Debugging Saga

A programmer hired to fix a quirky questionnaire program on an old 3B2 machine discovers that the source code repeatedly reverts, the curses library is tampered, and ultimately a malicious compiler injects backdoor code, leading to a multi‑day forensic investigation and replacement of the toolchain.

compilercursesinformation security
0 likes · 9 min read
Uncovering a Hidden Compiler Backdoor on a 3B2 System – A Day‑by‑Day Debugging Saga
360 Quality & Efficiency
360 Quality & Efficiency
May 9, 2016 · Information Security

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.

information securitynetwork securitypenetration testing
0 likes · 20 min read
Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices
21CTO
21CTO
May 7, 2016 · Information Security

Inside a Wi‑Fi Hack: From Router Cracking to Personal Data Exposure

The author recounts how they infiltrated a neighbor's Wi‑Fi by cracking the WPA2 password, accessed the router’s web admin, harvested personal accounts and photos, even controlled a TV box, and concludes with practical security recommendations for everyday users.

ARP sniffingPassword CrackingWi-Fi hacking
0 likes · 9 min read
Inside a Wi‑Fi Hack: From Router Cracking to Personal Data Exposure
MaGe Linux Operations
MaGe Linux Operations
Apr 23, 2016 · Information Security

From Staog to Windigo: A 20‑Year Journey Through Linux Malware

This article chronicles the evolution of Linux malware from the first recognized virus Staog in 1996 through notable threats such as Bliss, Slapper, Badbunny, Snakso, Hand of Thief, Windigo and the Shellshock‑related Mayhem botnet, highlighting how increasing Linux adoption has attracted attackers.

LinuxMalwarecyber threats
0 likes · 6 min read
From Staog to Windigo: A 20‑Year Journey Through Linux Malware
Big Data and Microservices
Big Data and Microservices
Apr 21, 2016 · Information Security

How Can Banks Secure Big Data? Key Strategies for Protecting Customer Information

In the era of big data, banks face unprecedented information security challenges due to massive, valuable, and highly damaging data breaches, and must adopt encryption, flexible access control, rigorous auditing, DLP solutions, strict data management, and robust outsourcing controls to safeguard customer information.

Access ControlBig DataDLP
0 likes · 10 min read
How Can Banks Secure Big Data? Key Strategies for Protecting Customer Information
MaGe Linux Operations
MaGe Linux Operations
Apr 20, 2016 · Information Security

Why Your SSL Certificate Is Untrusted and How to Fix It

This guide explains the five most common reasons an SSL certificate appears untrusted—such as using a self‑signed certificate, misconfigured trust chain, missing domain coverage, expiration, or lack of SNI support—and provides practical steps to resolve each issue.

CertificateSNISSL
0 likes · 6 min read
Why Your SSL Certificate Is Untrusted and How to Fix It
Architecture Digest
Architecture Digest
Apr 10, 2016 · Information Security

Introduction to HTTPS, SSL/TLS, and Related Encryption Technologies

This article provides a comprehensive overview of HTTPS, explaining its purpose, advantages, and drawbacks, and delves into the underlying cryptographic concepts such as symmetric and asymmetric encryption, hash algorithms, digital signatures, digital certificates, and the detailed SSL/TLS handshake process.

EncryptionHTTPSSSL
0 likes · 19 min read
Introduction to HTTPS, SSL/TLS, and Related Encryption Technologies
Big Data and Microservices
Big Data and Microservices
Mar 28, 2016 · Information Security

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.

Code InjectionDatabase SecurityDefense
0 likes · 14 min read
Understanding Database SQL Injection: Types, Examples, and Defense Strategies
21CTO
21CTO
Mar 22, 2016 · Information Security

How to Outsmart AI-Powered Web Scrapers: Two Powerful Anti‑Crawling Tricks

Web crawlers, especially AI‑driven ones, threaten site performance and data ownership, so this article reviews common anti‑scraping methods—from IP and header analysis to behavior detection—and reveals two unconventional defenses: data poisoning and a deposit‑based access model that penalize malicious bots.

AIData ProtectionWeb Scraping
0 likes · 5 min read
How to Outsmart AI-Powered Web Scrapers: Two Powerful Anti‑Crawling Tricks
21CTO
21CTO
Mar 20, 2016 · Information Security

7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users

This article surveys seven modern hacking tricks—from fake Wi‑Fi hotspots and cookie theft to file‑name deception, path hijacking, hosts‑file redirection, watering‑hole attacks, and bait‑replacement—explaining how they work, why they succeed, and practical defenses for users and developers.

MalwareSocial Engineeringinformation security
0 likes · 13 min read
7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users
DevOps
DevOps
Mar 17, 2016 · Information Security

How to Create Memorable Yet Hard-to-Guess Passwords

This article shares practical techniques for generating passwords that are easy to remember but difficult for others to guess, including using initials of poems, personal info combined with app names and random numbers, and custom keyboard patterns, while emphasizing the importance of a consistent rule.

best practicesinformation securitymemorable passwords
0 likes · 4 min read
How to Create Memorable Yet Hard-to-Guess Passwords
21CTO
21CTO
Feb 27, 2016 · Information Security

Samy Kamkar’s YouTube Hacks: Turning Everyday Gadgets into Security Experiments

Samy Kamkar’s YouTube series “Applied Hacking” showcases a range of inventive security experiments—from toy‑controlled garage doors and 3D‑printed lock‑picking robots to USB keyloggers, drone hijacking, remote‑car exploits, and credit‑card cloning tools—illustrating how everyday devices can be repurposed for hacking.

Hardware HackingIoTSamy Kamkar
0 likes · 9 min read
Samy Kamkar’s YouTube Hacks: Turning Everyday Gadgets into Security Experiments
ITPUB
ITPUB
Feb 23, 2016 · Information Security

How to Detect a Compromised Linux Mint 17.3 ISO and Secure Your System

Linux Mint warned that attackers replaced the official 17.3 Cinnamon ISO with a back‑doored version, and users can verify integrity using MD5 checksums, look for a hidden file, and follow remediation steps to protect their data and reinstall safely.

ISO tamperingLinux MintMD5 verification
0 likes · 4 min read
How to Detect a Compromised Linux Mint 17.3 ISO and Secure Your System
ITPUB
ITPUB
Jan 29, 2016 · Information Security

Why Strict Password Rules Fail and How to Design Better Policies

The article critiques common mandatory password complexity rules, explains why they often reduce security and usability, and proposes simpler, more effective approaches such as longer minimum lengths, pattern restrictions, and using strength estimators like zxcvbn, illustrated with Laravel implementation examples.

Laravelinformation securitypassword policy
0 likes · 5 min read
Why Strict Password Rules Fail and How to Design Better Policies
Architect
Architect
Jan 22, 2016 · Information Security

Analysis of New MD5 Collision Malware and Its Attack Techniques

This article examines the evolution of a malicious MD5 collision campaign from 2014‑2015, detailing the chosen‑prefix collision method, the combination with digital signatures and dual‑signature tricks, the full infection workflow, and the large‑scale propagation and impact on millions of Windows users.

MD5 collisionMalware Analysischosen-prefix collision
0 likes · 15 min read
Analysis of New MD5 Collision Malware and Its Attack Techniques
Alibaba Cloud Infrastructure
Alibaba Cloud Infrastructure
Jan 22, 2016 · Information Security

Understanding SSL/TLS Certificates, CAs, and PKI: Types, Generation, History, and Security Practices

This article explains the fundamentals of server certificates, private keys, and certificate authorities, classifies DV/OV/EV certificates, describes how to generate and inspect them, outlines CA history and notable incidents, and discusses PKI security measures such as HPKP and Certificate Transparency.

CAHTTPSPKI
0 likes · 12 min read
Understanding SSL/TLS Certificates, CAs, and PKI: Types, Generation, History, and Security Practices
ITPUB
ITPUB
Jan 21, 2016 · Information Security

How a Tiny JavaScript Snippet Can Crash Major Browsers and Reboot iPhones

A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine its behavior, potential as a 0‑day exploit, and possible misuse in attacks.

0dayJavaScriptbrowser exploit
0 likes · 3 min read
How a Tiny JavaScript Snippet Can Crash Major Browsers and Reboot iPhones
ITPUB
ITPUB
Jan 21, 2016 · Information Security

How a Tiny JavaScript Snippet Can Crash Browsers and Reboot iPhones

A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine the code, observed effects on desktop and mobile, and discuss whether it is a bug or a true 0‑day exploit.

0dayCrashJavaScript
0 likes · 4 min read
How a Tiny JavaScript Snippet Can Crash Browsers and Reboot iPhones
ITPUB
ITPUB
Dec 28, 2015 · Information Security

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

This guide outlines the fundamental concepts, mindset, and step‑by‑step skills needed for beginners to start learning hacking and information security, covering everything from basic network knowledge to legal considerations.

SQL Injectionhacking basicsinformation security
0 likes · 10 min read
How to Start Learning Hacking: Foundations, Mindset, and Essential Skills
21CTO
21CTO
Dec 21, 2015 · Information Security

Why Open Source Is Becoming the Top Choice for Enterprise Security and Innovation

Over the past decade, open‑source software has surged in the enterprise sector, driven by startups and venture capital, with surveys showing widespread adoption, increased contributions, and strong security advantages that are reshaping IT architecture, cloud, and big‑data strategies.

Big DataCloud ComputingVenture Capital
0 likes · 4 min read
Why Open Source Is Becoming the Top Choice for Enterprise Security and Innovation
ITPUB
ITPUB
Dec 21, 2015 · Information Security

How to Shield Your Personal Data: Cold War Secrets and Modern Privacy Hacks

The article explores historical privacy tactics of the USSR and the United States, offers practical habits for protecting personal information online, explains how to detect leaked data using search engines and social‑media checks, and suggests strategies for mitigating exposure and crafting false identities.

PrivacySearch Engineidentity protection
0 likes · 6 min read
How to Shield Your Personal Data: Cold War Secrets and Modern Privacy Hacks
Qunar Tech Salon
Qunar Tech Salon
Dec 17, 2015 · Information Security

100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’

The article presents a comprehensive list of one hundred practical web‑application defense techniques—ranging from HTTP request analysis and ModSecurity rule creation to honeypot deployment and automated threat intelligence—drawn from the under‑appreciated book “Web Application Defender’s Cookbook.”

Defensive TechniquesModSecurityWAF
0 likes · 17 min read
100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’
Architect
Architect
Dec 11, 2015 · Information Security

Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline

The article presents a comprehensive technical analysis of a sophisticated Windows trojan that masquerades as a Word document, detailing its delivery method, file extraction process, registry modifications, remote‑control capabilities, and the organized, targeted attack infrastructure behind it.

C2 infrastructureMalware AnalysisRemote access
0 likes · 10 min read
Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline