Tagged articles

980 articles

Page 10 of 10

Jun 5, 2017 · Information Security

Evolution of Ctrip's Graphical Captcha Service: From 1.0 to 2.0

This article recounts the development of Ctrip's graphical captcha system, describing its early .NET‑based implementation, the challenges encountered such as uniform difficulty, limited data collection, and poor user experience, and how successive redesigns—including multilingual support, adaptive difficulty, and slider‑plus‑character selection—balanced security and usability.

AuthenticationCaptchaUser experience

0 likes · 14 min read

Evolution of Ctrip's Graphical Captcha Service: From 1.0 to 2.0

MaGe Linux Operations

Jun 4, 2017 · Information Security

How Fireball Malware Hijacked 250 Million Browsers – Origins, Impact, and Defense

Check Point researchers reveal that the Fireball malware, linked to Chinese firm Rafotech, has infected up to 250 million Windows and macOS computers worldwide by bundling malicious browser extensions, hijacking search engines, and enabling extensive data theft, prompting detailed analysis of its origin, impact, and mitigation steps.

FireballRafotechbrowser hijacking

0 likes · 7 min read

How Fireball Malware Hijacked 250 Million Browsers – Origins, Impact, and Defense

MaGe Linux Operations

Jun 3, 2017 · Information Security

The Dark Side of Web Crawling: Industry Secrets, Technical Battles, and Future Trends

This article explores the hidden, often unglamorous world of web crawling and anti‑crawling, detailing why companies need these technologies, the massive traffic they generate, the technical arms race between crawlers and defenders, and the evolving strategies and challenges that shape the industry today.

Web Crawlinganti‑crawlinge‑commerce

0 likes · 21 min read

The Dark Side of Web Crawling: Industry Secrets, Technical Battles, and Future Trends

Ctrip Technology

May 22, 2017 · Information Security

The Dark Side of Web Crawling and Anti‑Crawling: Industry Realities and Technical Strategies

This article examines the hidden, often unglamorous world of web crawling and anti‑crawling, revealing why companies deploy aggressive scraping and defensive measures, the technical arms race between crawlers and defenders, the impact on engineers' careers, and future trends in this contested space.

Web Crawlinganti‑crawlingdata-scraping

0 likes · 21 min read

The Dark Side of Web Crawling and Anti‑Crawling: Industry Realities and Technical Strategies

Architects Research Society

May 15, 2017 · Information Security

Embedded vs. Bolt‑On Security in the Internet of Things: Risks, Attacks, and Protective Strategies

The article examines how built‑in security components differ from bolt‑on solutions in IoT, highlighting real‑world vulnerabilities, physical attack scenarios, and the need for proactive, physically grounded security models to protect connected devices and users.

IoT securitybolt-on securitybuilt-in security

0 likes · 8 min read

Embedded vs. Bolt‑On Security in the Internet of Things: Risks, Attacks, and Protective Strategies

MaGe Linux Operations

May 15, 2017 · Information Security

Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution

An unauthenticated remote attacker can exploit a flaw in Linux kernel versions prior to 4.5’s udp.c, using crafted UDP packets with MSG_PEEK to trigger an unsafe checksum calculation, achieving arbitrary code execution and potential privilege escalation, though the vulnerability’s impact is limited due to rare MSG_PEEK usage.

CVE-2016-10229Linux kernelRemote Code Execution

0 likes · 4 min read

Critical Linux Kernel UDP Bug (CVE-2016-10229) Enables Remote Code Execution

JD Retail Technology

May 11, 2017 · Information Security

Unmanned Customer Service System Architecture and Security Testing Overview

This article explains the concept and architecture of an unmanned customer service system, outlines its security testing strategy—including interface, vulnerability scanning, privilege and data protection tests—describes database and web security methods, and provides practical command examples and tool recommendations.

SQLMapWeb Securityinformation security

0 likes · 14 min read

Unmanned Customer Service System Architecture and Security Testing Overview

ITPUB

May 3, 2017 · Information Security

Can Front‑End KDFs Strengthen Password Security? A Deep Dive into Client‑Side Hashing

This article explains the purpose of key‑derivation functions, compares fast and slow hash algorithms, and explores how moving password stretching to the browser can increase attack costs while balancing usability, with practical code examples and deployment considerations.

KDFPBKDF2frontend hashing

0 likes · 15 min read

Can Front‑End KDFs Strengthen Password Security? A Deep Dive into Client‑Side Hashing

Architecture Digest

May 1, 2017 · Information Security

Overview and Architecture of the Xplico Network Forensics Tool

Xplico is an open‑source network forensics platform that reconstructs application‑level data from captured traffic, supporting numerous protocols, offering modular decoding, multithreaded processing, and flexible output to databases or files, making it valuable for security analysis and incident response.

Packet CaptureXplicoinformation security

0 likes · 9 min read

Overview and Architecture of the Xplico Network Forensics Tool

MaGe Linux Operations

Apr 24, 2017 · Information Security

How a Redis Server Got Hijacked and What You Can Do to Prevent It

This article recounts a Redis server hijacking incident, details the step‑by‑step investigation and remediation process, and offers practical security recommendations to protect Redis deployments on Linux environments.

IntrusionSecurityinformation security

0 likes · 7 min read

How a Redis Server Got Hijacked and What You Can Do to Prevent It

dbaplus Community

Apr 20, 2017 · Information Security

How Oracle Rootkits Hide Backdoors: Techniques, Code Samples, and Detection

This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.

OracleRootkitVulnerability

0 likes · 19 min read

How Oracle Rootkits Hide Backdoors: Techniques, Code Samples, and Detection

Efficient Ops

Apr 19, 2017 · Information Security

From Zero to Secure: How Zhaogang Built Its Information Security Operations

This article details Zhaogang's journey from a chaotic startup environment to a mature, multi‑stage security operation, covering its background, the four‑phase security framework, traditional security domains, and practical strategies for driving security initiatives across the organization.

B2BSecurity Operationsinformation security

0 likes · 17 min read

From Zero to Secure: How Zhaogang Built Its Information Security Operations

Architects' Tech Alliance

Apr 5, 2017 · Information Security

Intelligent Video Surveillance and Anti‑Terrorism Techniques for Smart Cities

The article explains how high‑definition intelligent video monitoring, automated analysis, and layered VMS architecture enable pre‑warning, real‑time response, and post‑event evidence collection to strengthen anti‑terrorism security in smart city environments.

Smart Cityanti-terrorisminformation security

0 likes · 12 min read

Intelligent Video Surveillance and Anti‑Terrorism Techniques for Smart Cities

MaGe Linux Operations

Apr 1, 2017 · Information Security

Hardening Linux Servers: Essential SSH & Firewall Configurations

This guide explains how to secure Linux servers against common attacks by configuring SELinux, iptables, SSH public‑key authentication, and immutable file attributes, while also showing real‑world scan results and practical hardening steps.

SELinuxSSH HardeningServer Security

0 likes · 7 min read

Hardening Linux Servers: Essential SSH & Firewall Configurations

Architects' Tech Alliance

Mar 27, 2017 · Information Security

How Companies Track Personal Data and Ways to Protect Your Online Privacy

The article explains how various companies use technologies such as ultrasonic audio, facial recognition, smart TV monitoring, and image analysis to collect personal data, outlines the common pathways of information leakage, and offers practical advice for safeguarding online privacy.

data leakageinformation securitypersonal data

0 likes · 10 min read

How Companies Track Personal Data and Ways to Protect Your Online Privacy

Efficient Ops

Mar 23, 2017 · Information Security

Why Weak Passwords Still Threaten Enterprises: Real-World DevOps Security Risks

The article examines common security risks such as weak passwords, GitHub credential leaks, and misconfigurations in DevOps pipelines, illustrating how attackers exploit these flaws and offering practical mitigation strategies like access control, least‑privilege policies, robust password rules, and vulnerability tracking.

Password policygit securityinformation security

0 likes · 10 min read

Why Weak Passwords Still Threaten Enterprises: Real-World DevOps Security Risks

360 Zhihui Cloud Developer

Mar 23, 2017 · Information Security

Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide

This article provides a comprehensive, step‑by‑step tutorial on installing and configuring Search Guard for Elasticsearch, covering feature overview, version compatibility, downloading required packages, local installation commands, SSL/TLS certificate generation, and detailed security settings to protect both transport and REST layers.

ElasticsearchInstallationSSL/TLS

0 likes · 11 min read

Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide

ITPUB

Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL injectionServer Exploitation

0 likes · 17 min read

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

Nightwalker Tech

Mar 2, 2017 · Information Security

Techniques and Tools for Anti‑Spam Content Filtering in PHP

The discussion outlines practical anti‑spam strategies—including text length limits, keyword replacement, trie‑based data structures, AC automata, Bayesian and vector‑similarity algorithms, and PHP extensions such as libdatrie—while also sharing performance metrics and resource links for implementing robust content filtering systems.

PHPTriecontent filtering

0 likes · 4 min read

Techniques and Tools for Anti‑Spam Content Filtering in PHP

System Architect Go

Feb 26, 2017 · Information Security

Using Node.js Crypto Module for Hashing, HMAC, and Symmetric Encryption

This article introduces Node.js's built‑in crypto module, explaining how to perform one‑way hashing with SHA‑256, create HMACs for stronger integrity checks, and use symmetric cipher/decipher for encrypting and decrypting data, complete with practical code snippets.

HashNode.jscrypto

0 likes · 4 min read

Using Node.js Crypto Module for Hashing, HMAC, and Symmetric Encryption

Architects' Tech Alliance

Feb 24, 2017 · Information Security

Understanding SHA-1 Hash Collisions and Their Impact on Data Deduplication

Recent public SHA-1 collision demonstrated by Google and Dutch researchers highlights the insecurity of SHA-1, prompting a shift toward stronger hashes like SHA-256/3, and underscores the importance of robust hash functions in data deduplication, storage compression, and overall information security.

Hash CollisionSHA-1cryptography

0 likes · 7 min read

Understanding SHA-1 Hash Collisions and Their Impact on Data Deduplication

Ctrip Technology

Jan 13, 2017 · Information Security

Ctrip Business Security: From Business‑Driven to Technology‑Driven Defense

This article outlines Ctrip's comprehensive business security strategy, detailing four major risk types, three core protection systems—including a unified captcha, a real‑time risk control engine, and a risk data platform—followed by a technology‑driven architecture, new captcha services, and future security directions.

System Architecturebusiness securityfraud detection

0 likes · 11 min read

Ctrip Business Security: From Business‑Driven to Technology‑Driven Defense

Efficient Ops

Jan 4, 2017 · Information Security

How Deep Defense and Log Analysis Can Thwart Intrusions

This article explains Google’s BeyondCorp concept, the need for deep defense of internal and perimeter networks, and provides practical Linux scripts for monitoring processes, ports, command usage, system events, file changes, and SFTP activity to detect and mitigate host intrusions.

Deep DefenseLinux monitoringhost intrusion detection

0 likes · 10 min read

How Deep Defense and Log Analysis Can Thwart Intrusions

Art of Distributed System Architecture Design

Dec 28, 2016 · Information Security

How TCP Handshake Spoofing Exploits Sequence Numbers to Hijack Connections

The article explains the TCP handshake spoofing technique, showing how the 32‑bit sequence and acknowledgment fields can be abused to impersonate a client, the traffic volume required for a successful attack, and why TLS is the recommended mitigation.

TCPhandshake spoofinginformation security

0 likes · 5 min read

How TCP Handshake Spoofing Exploits Sequence Numbers to Hijack Connections

Efficient Ops

Dec 19, 2016 · Operations

What 16 Major 2016 Outages Teach Us About Disaster Recovery

This article reviews sixteen notable 2016 service outages across finance, cloud, and entertainment, analyzes their causes—ranging from power failures to DDoS attacks—and highlights the critical need for robust disaster‑recovery and information‑security practices.

Operationsincident managementinformation security

0 likes · 11 min read

What 16 Major 2016 Outages Teach Us About Disaster Recovery

Huawei Cloud Developer Alliance

Dec 16, 2016 · Information Security

What Secret Password Patterns Do Programmers Use? Surprising Stats & Creative Examples

This article showcases a collection of quirky, poetically inspired passwords used by programmers, explains their hidden meanings, and presents statistical insights into common password habits such as length, character composition, and usage trends among developers.

information securitypassword securitypassword statistics

0 likes · 7 min read

What Secret Password Patterns Do Programmers Use? Surprising Stats & Creative Examples

WeChat Backend Team

Dec 7, 2016 · Information Security

Unlocking TLS: Design Goals, History, and Modern Secure Communication

This article explores the TLS protocol in depth, outlining its design objectives, cryptographic foundations, historical evolution, detailed handshake and record layer mechanisms, security analyses, common pitfalls, and lessons for designing robust modern encrypted communication protocols.

TLSinformation securityprotocol design

0 likes · 12 min read

Unlocking TLS: Design Goals, History, and Modern Secure Communication

MaGe Linux Operations

Nov 7, 2016 · Information Security

Why Banks Stay Silent on DDoS Attacks and How to Build Robust Defenses

The article examines why financial institutions keep DDoS incidents under wraps, shares insights from senior security officers, and outlines six practical strategies—including real‑time defense preparation, upstream mitigation, application‑layer protection, collaboration, emergency planning, and vigilance against secondary attacks—to strengthen resilience against increasingly sophisticated distributed denial‑of‑service threats.

BankingCyber DefenseDDoS

0 likes · 10 min read

Why Banks Stay Silent on DDoS Attacks and How to Build Robust Defenses

Qunar Tech Salon

Oct 10, 2016 · Information Security

Evolution of Ctrip's Risk Defense Systems: From .NET Era to the Ares Platform

This article reviews the rapid growth of China’s OTA market, the rise of black‑market threats, and how Ctrip’s security team has iteratively redesigned its risk‑defense architecture—from a .NET‑based real‑time system, through an offline risk‑library, to the integrated Ares platform—highlighting each stage’s strengths, shortcomings, and lessons learned.

Ares platformCtripfraud detection

0 likes · 11 min read

Evolution of Ctrip's Risk Defense Systems: From .NET Era to the Ares Platform

Node Underground

Sep 29, 2016 · Information Security

What Critical Security Fixes Did Node.js Release on Sep 28?

On September 28 Node.js issued four security updates—including maintenance releases 0.10.47 and 0.12.16, LTS 4.6.0 Argon, and stable 6.7.0—addressing multiple CVEs such as wildcard certificate validation, HTTP header validation, OCSP extension misuse, and the SWEET32 attack, and urging users to upgrade promptly.

CVENode.jsOpenSSL

0 likes · 3 min read

What Critical Security Fixes Did Node.js Release on Sep 28?

Architects Research Society

Sep 12, 2016 · Information Security

Getting Started with Industrial Control System (ICS) Cybersecurity: Recommended Learning Resources

This article provides a curated list of introductory resources—including programming fundamentals, control‑system basics, and industry‑specific videos—to help newcomers and professionals alike begin their journey into industrial control system cybersecurity.

ICSLearning Resourcescontrol systems

0 likes · 10 min read

Getting Started with Industrial Control System (ICS) Cybersecurity: Recommended Learning Resources

Practical DevOps Architecture

Sep 8, 2016 · Information Security

Resolving ARP IP Conflict on Huawei AR2240 Router by Blocking Conflicting MAC with ACL

The article details a troubleshooting process for a Huawei AR2240 router experiencing external network access issues due to ARP IP conflicts, showing how to identify the conflicting MAC address from trap logs and resolve the problem by creating an ACL to deny the offending MAC on the relevant interface.

ACLARPHuawei

0 likes · 8 min read

Resolving ARP IP Conflict on Huawei AR2240 Router by Blocking Conflicting MAC with ACL

Architects' Tech Alliance

Sep 7, 2016 · Operations

How Agentless Backup Works in Cloud Environments and Its Trade‑offs

The article examines agentless backup technology, comparing its implementation in virtualized and physical environments, detailing supported interfaces, evaluating a real‑world Asigra Cloud Backup case, and discussing security risks, performance impacts, and when traditional agents remain necessary.

Cloud BackupData ProtectionOperations

0 likes · 7 min read

How Agentless Backup Works in Cloud Environments and Its Trade‑offs

Efficient Ops

Aug 29, 2016 · Information Security

How Tencent Secures Mobile Games: Inside Their Anti‑Cheat Architecture

This article details Tencent's comprehensive game security approach, covering common threats like cheats and malware, the value and cost of security systems, architectural design, core protection modules, operational results, and the company's external security services for game developers.

Game SecurityMobile GamesTencent

0 likes · 18 min read

How Tencent Secures Mobile Games: Inside Their Anti‑Cheat Architecture

ITPUB

Aug 22, 2016 · Information Security

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.

ExploitSQL injectionVulnerability

0 likes · 4 min read

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

Baidu Intelligent Testing

Jun 28, 2016 · Information Security

Business Security Testing: Concepts, Techniques, and Practical Tools

This article introduces business security testing, explaining its background, overall workflow, and detailed techniques such as network request interception with tools like TamperIE, Chrome DevTools, and tcpdump, as well as cookie manipulation, backend authentication forging, and replay attacks on GET and POST interfaces.

Network InterceptionReplay attackbusiness security

0 likes · 12 min read

Business Security Testing: Concepts, Techniques, and Practical Tools

Ctrip Technology

Jun 16, 2016 · Information Security

Ctrip Achieves ISO 27001 Certification, Strengthening Information Security for Online Travel Services

Ctrip has become the first Chinese online travel service to obtain ISO 27001 certification, demonstrating enhanced information security management for its financial and business‑travel divisions and reassuring users that their personal and payment data are protected throughout the booking process.

CtripData ProtectionISO 27001

0 likes · 6 min read

Ctrip Achieves ISO 27001 Certification, Strengthening Information Security for Online Travel Services

ITPUB

May 11, 2016 · Information Security

Uncovering a Hidden Compiler Backdoor on a 3B2 System – A Day‑by‑Day Debugging Saga

A programmer hired to fix a quirky questionnaire program on an old 3B2 machine discovers that the source code repeatedly reverts, the curses library is tampered, and ultimately a malicious compiler injects backdoor code, leading to a multi‑day forensic investigation and replacement of the toolchain.

compilercursesinformation security

0 likes · 9 min read

Uncovering a Hidden Compiler Backdoor on a 3B2 System – A Day‑by‑Day Debugging Saga

360 Quality & Efficiency

May 9, 2016 · Information Security

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.

information securitynetwork securitypenetration testing

0 likes · 20 min read

Comprehensive Guide to Security Testing: Methods, Tools, and Best Practices

21CTO

May 7, 2016 · Information Security

Inside a Wi‑Fi Hack: From Router Cracking to Personal Data Exposure

The author recounts how they infiltrated a neighbor's Wi‑Fi by cracking the WPA2 password, accessed the router’s web admin, harvested personal accounts and photos, even controlled a TV box, and concludes with practical security recommendations for everyday users.

ARP sniffingWi-Fi hackinginformation security

0 likes · 9 min read

Inside a Wi‑Fi Hack: From Router Cracking to Personal Data Exposure

MaGe Linux Operations

Apr 23, 2016 · Information Security

From Staog to Windigo: A 20‑Year Journey Through Linux Malware

This article chronicles the evolution of Linux malware from the first recognized virus Staog in 1996 through notable threats such as Bliss, Slapper, Badbunny, Snakso, Hand of Thief, Windigo and the Shellshock‑related Mayhem botnet, highlighting how increasing Linux adoption has attracted attackers.

Linuxcyber threatshistorical overview

0 likes · 6 min read

From Staog to Windigo: A 20‑Year Journey Through Linux Malware

Big Data and Microservices

Apr 21, 2016 · Information Security

How Can Banks Secure Big Data? Key Strategies for Protecting Customer Information

In the era of big data, banks face unprecedented information security challenges due to massive, valuable, and highly damaging data breaches, and must adopt encryption, flexible access control, rigorous auditing, DLP solutions, strict data management, and robust outsourcing controls to safeguard customer information.

BankingBig DataDLP

0 likes · 10 min read

How Can Banks Secure Big Data? Key Strategies for Protecting Customer Information

MaGe Linux Operations

Apr 20, 2016 · Information Security

Why Your SSL Certificate Is Untrusted and How to Fix It

This guide explains the five most common reasons an SSL certificate appears untrusted—such as using a self‑signed certificate, misconfigured trust chain, missing domain coverage, expiration, or lack of SNI support—and provides practical steps to resolve each issue.

CertificateSNISSL

0 likes · 6 min read

Why Your SSL Certificate Is Untrusted and How to Fix It

Architecture Digest

Apr 10, 2016 · Information Security

Introduction to HTTPS, SSL/TLS, and Related Encryption Technologies

This article provides a comprehensive overview of HTTPS, explaining its purpose, advantages, and drawbacks, and delves into the underlying cryptographic concepts such as symmetric and asymmetric encryption, hash algorithms, digital signatures, digital certificates, and the detailed SSL/TLS handshake process.

HTTPSSSLTLS

0 likes · 19 min read

Big Data and Microservices

Mar 28, 2016 · Information Security

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.

Code InjectionDatabase SecurityOracle

0 likes · 14 min read

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

21CTO

Mar 22, 2016 · Information Security

How to Outsmart AI-Powered Web Scrapers: Two Powerful Anti‑Crawling Tricks

Web crawlers, especially AI‑driven ones, threaten site performance and data ownership, so this article reviews common anti‑scraping methods—from IP and header analysis to behavior detection—and reveals two unconventional defenses: data poisoning and a deposit‑based access model that penalize malicious bots.

AIData ProtectionWeb Scraping

0 likes · 5 min read

How to Outsmart AI-Powered Web Scrapers: Two Powerful Anti‑Crawling Tricks

21CTO

Mar 20, 2016 · Information Security

7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users

This article surveys seven modern hacking tricks—from fake Wi‑Fi hotspots and cookie theft to file‑name deception, path hijacking, hosts‑file redirection, watering‑hole attacks, and bait‑replacement—explaining how they work, why they succeed, and practical defenses for users and developers.

Web Securityinformation securitymalware

0 likes · 13 min read

7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users

DevOps

Mar 17, 2016 · Information Security

How to Create Memorable Yet Hard-to-Guess Passwords

This article shares practical techniques for generating passwords that are easy to remember but difficult for others to guess, including using initials of poems, personal info combined with app names and random numbers, and custom keyboard patterns, while emphasizing the importance of a consistent rule.

best practicesinformation securitymemorable passwords

0 likes · 4 min read

How to Create Memorable Yet Hard-to-Guess Passwords

Efficient Ops

Mar 8, 2016 · Information Security

How to Build an Effective Information Security Response Plan Before a Breach

This article outlines why proactive information‑security preparedness, cross‑department response teams, and clear incident‑response checklists are essential for minimizing damage and maintaining trust when a data breach occurs.

Security Operationsdata breachincident response

0 likes · 14 min read

How to Build an Effective Information Security Response Plan Before a Breach

21CTO

Feb 27, 2016 · Information Security

Samy Kamkar’s YouTube Hacks: Turning Everyday Gadgets into Security Experiments

Samy Kamkar’s YouTube series “Applied Hacking” showcases a range of inventive security experiments—from toy‑controlled garage doors and 3D‑printed lock‑picking robots to USB keyloggers, drone hijacking, remote‑car exploits, and credit‑card cloning tools—illustrating how everyday devices can be repurposed for hacking.

Hardware HackingIoTSamy Kamkar

0 likes · 9 min read

Samy Kamkar’s YouTube Hacks: Turning Everyday Gadgets into Security Experiments

ITPUB

Feb 23, 2016 · Information Security

How to Detect a Compromised Linux Mint 17.3 ISO and Secure Your System

Linux Mint warned that attackers replaced the official 17.3 Cinnamon ISO with a back‑doored version, and users can verify integrity using MD5 checksums, look for a hidden file, and follow remediation steps to protect their data and reinstall safely.

ISO tamperingLinux MintMD5 verification

0 likes · 4 min read

How to Detect a Compromised Linux Mint 17.3 ISO and Secure Your System

ITPUB

Jan 29, 2016 · Information Security

Why Strict Password Rules Fail and How to Design Better Policies

The article critiques common mandatory password complexity rules, explains why they often reduce security and usability, and proposes simpler, more effective approaches such as longer minimum lengths, pattern restrictions, and using strength estimators like zxcvbn, illustrated with Laravel implementation examples.

LaravelPassword policyinformation security

0 likes · 5 min read

Why Strict Password Rules Fail and How to Design Better Policies

Architect

Jan 22, 2016 · Information Security

Analysis of New MD5 Collision Malware and Its Attack Techniques

This article examines the evolution of a malicious MD5 collision campaign from 2014‑2015, detailing the chosen‑prefix collision method, the combination with digital signatures and dual‑signature tricks, the full infection workflow, and the large‑scale propagation and impact on millions of Windows users.

MD5 collisionchosen-prefix collisiondigital signature

0 likes · 15 min read

Analysis of New MD5 Collision Malware and Its Attack Techniques

Alibaba Cloud Infrastructure

Jan 22, 2016 · Information Security

Understanding SSL/TLS Certificates, CAs, and PKI: Types, Generation, History, and Security Practices

This article explains the fundamentals of server certificates, private keys, and certificate authorities, classifies DV/OV/EV certificates, describes how to generate and inspect them, outlines CA history and notable incidents, and discusses PKI security measures such as HPKP and Certificate Transparency.

CAHTTPSPKI

0 likes · 12 min read

Understanding SSL/TLS Certificates, CAs, and PKI: Types, Generation, History, and Security Practices

ITPUB

Jan 21, 2016 · Information Security

How a Tiny JavaScript Snippet Can Crash Major Browsers and Reboot iPhones

A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine its behavior, potential as a 0‑day exploit, and possible misuse in attacks.

0dayJavaScriptbrowser exploit

0 likes · 3 min read

How a Tiny JavaScript Snippet Can Crash Major Browsers and Reboot iPhones

ITPUB

Jan 21, 2016 · Information Security

How a Tiny JavaScript Snippet Can Crash Browsers and Reboot iPhones

A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine the code, observed effects on desktop and mobile, and discuss whether it is a bug or a true 0‑day exploit.

0dayCrashJavaScript

0 likes · 4 min read

How a Tiny JavaScript Snippet Can Crash Browsers and Reboot iPhones

ITPUB

Dec 28, 2015 · Information Security

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

This guide outlines the fundamental concepts, mindset, and step‑by‑step skills needed for beginners to start learning hacking and information security, covering everything from basic network knowledge to legal considerations.

SQL injectionhacking basicsinformation security

0 likes · 10 min read

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

21CTO

Dec 21, 2015 · Information Security

Why Open Source Is Becoming the Top Choice for Enterprise Security and Innovation

Over the past decade, open‑source software has surged in the enterprise sector, driven by startups and venture capital, with surveys showing widespread adoption, increased contributions, and strong security advantages that are reshaping IT architecture, cloud, and big‑data strategies.

Big DataEnterprise Softwarecloud computing

0 likes · 4 min read

Why Open Source Is Becoming the Top Choice for Enterprise Security and Innovation

ITPUB

Dec 21, 2015 · Information Security

How to Shield Your Personal Data: Cold War Secrets and Modern Privacy Hacks

The article explores historical privacy tactics of the USSR and the United States, offers practical habits for protecting personal information online, explains how to detect leaked data using search engines and social‑media checks, and suggests strategies for mitigating exposure and crafting false identities.

identity protectioninformation securitypersonal data

0 likes · 6 min read

How to Shield Your Personal Data: Cold War Secrets and Modern Privacy Hacks

Qunar Tech Salon

Dec 17, 2015 · Information Security

100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’

The article presents a comprehensive list of one hundred practical web‑application defense techniques—ranging from HTTP request analysis and ModSecurity rule creation to honeypot deployment and automated threat intelligence—drawn from the under‑appreciated book “Web Application Defender’s Cookbook.”

Defensive TechniquesModSecurityWAF

0 likes · 17 min read

100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’

Architect

Dec 11, 2015 · Information Security

Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline

The article presents a comprehensive technical analysis of a sophisticated Windows trojan that masquerades as a Word document, detailing its delivery method, file extraction process, registry modifications, remote‑control capabilities, and the organized, targeted attack infrastructure behind it.

C2 infrastructureRemote accessWindows

0 likes · 10 min read

Detailed Analysis of a Targeted Trojan Distributed via a Fake Interview Outline

Java High-Performance Architecture

Dec 10, 2015 · Information Security

How a Compromised Alibaba Cloud Server Was Recovered: Key Security Lessons

A sudden shutdown of an Alibaba Cloud server revealed it had been hijacked as a bot, prompting a step‑by‑step remediation that highlights the importance of basic security hardening such as securing Redis, changing default SSH settings, and enabling cloud monitoring alerts.

Alibaba CloudSSHServer Hardening

0 likes · 3 min read

How a Compromised Alibaba Cloud Server Was Recovered: Key Security Lessons

21CTO

Dec 7, 2015 · Information Security

How Tencent Combats Fraudsters with Big Data and AI‑Powered Risk Engines

This article explains how Tencent uses big‑data collection, user profiling, and AI‑driven risk learning engines to detect and block malicious accounts, proxy IPs, and fraudulent activities across e‑commerce and other platforms, detailing the architecture, algorithms, and practical defenses employed.

Big Dataanti-fraudfraud detection

0 likes · 14 min read

How Tencent Combats Fraudsters with Big Data and AI‑Powered Risk Engines

Efficient Ops

Dec 5, 2015 · Information Security

Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning

This article shares insights from a security‑focused discussion on nurturing security‑oriented developers, balancing leadership and analyst needs in security visualization, and evaluating whether machine‑learning techniques truly add value to internal security data processing.

DevSecOpsinformation securitymachine learning

0 likes · 7 min read

Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning

Architect

Nov 26, 2015 · Information Security

Analysis of Password Structures and Patterns in Web Penetration Testing

This article examines how manually assigned passwords in web services exhibit predictable structures—prefixes, keywords, separators, and suffixes—by analyzing millions of leaked Gmail passwords and other data, and categorizes the patterns to aid security assessments.

information securitykeyword extractionpassword analysis

0 likes · 9 min read

Analysis of Password Structures and Patterns in Web Penetration Testing

ITPUB

Nov 26, 2015 · Information Security

How a Wormhole‑Style Vulnerability in 360 Browser Enables Remote Code Execution on Android

Security researchers discovered a wormhole‑style flaw in the popular 360 Browser for Android that allows remote code execution through a custom HTTP service, affecting both rooted and non‑rooted devices, and a patch (version 6.9.9.71) was released on November 23 to mitigate the issue.

360 BrowserAndroidRemote Code Execution

0 likes · 4 min read

How a Wormhole‑Style Vulnerability in 360 Browser Enables Remote Code Execution on Android

ITPUB

Nov 18, 2015 · Information Security

Prevent Remote Code Execution: Securing Java Serialization with a Simple Class Whitelist

The article explains how a widespread Java serialization vulnerability lets attackers execute remote commands by deserializing malicious objects, and describes a practical mitigation that overrides ObjectInputStream’s resolveClass method to enforce a whitelist, preventing unauthorized class instantiation without rewriting application code.

JavaVulnerabilityWhitelist

0 likes · 6 min read

Prevent Remote Code Execution: Securing Java Serialization with a Simple Class Whitelist

ITPUB

Nov 6, 2015 · Information Security

How I Decompiled a Malicious Android App and Uncovered Its Hidden Email Spy

A user received a suspicious SMS with a malicious app link, prompting an analyst to download, decompile, and dissect the Android malware, revealing hidden Device Admin permissions, obfuscated code, DES-encrypted credentials, and the attacker’s email address, ultimately exposing how the trojan steals personal data.

AndroidDES Encryptioninformation security

0 likes · 4 min read

How I Decompiled a Malicious Android App and Uncovered Its Hidden Email Spy

Efficient Ops

Oct 7, 2015 · Information Security

Why Information Security Mirrors Protecting Your Money: 4 Core Principles Explained

The article explores the essence of information security by comparing it to safeguarding personal money, detailing the four fundamental attributes—confidentiality, integrity, availability, and controllability—and illustrating how different conditions shape security needs, from personal to enterprise contexts.

AvailabilityData Protectionconfidentiality

0 likes · 13 min read

Why Information Security Mirrors Protecting Your Money: 4 Core Principles Explained

Tencent TDS Service

Sep 19, 2015 · Information Security

Understanding XcodeGhost: How It Operates and How to Detect It

This article explains the XcodeGhost malware that infected iOS developers, detailing its data‑reporting and command‑issuing capabilities, the potential threats it poses on older iOS versions, and practical steps to detect and remove an infected Xcode installation.

DetectionMobile DevelopmentXcodeGhost

0 likes · 6 min read

Understanding XcodeGhost: How It Operates and How to Detect It

Efficient Ops

Sep 4, 2015 · Information Security

Is the Cloud ‘Babysitter’ Model Stalling Security Innovation?

The article examines Alibaba Cloud’s recent security incident, compares the “babysitter” model with AWS’s shared‑responsibility approach, and discusses how overly‑protective cloud security can affect user awareness, third‑party vendors, and the overall health of China’s cloud security ecosystem.

Alibaba Cloudinformation securitysecurity ecosystem

0 likes · 7 min read

Is the Cloud ‘Babysitter’ Model Stalling Security Innovation?

21CTO

Aug 19, 2015 · Information Security

How Shor’s Algorithm Threatens RSA: Quantum Steps to Break Encryption

Shor’s algorithm leverages quantum parallelism to efficiently find integer factors, exposing the vulnerability of RSA encryption by locating periodicity in modular exponentiation, and the article outlines a five-step hybrid quantum‑classical procedure—including quantum Fourier transform—to break RSA keys.

Quantum ComputingRSAShor's algorithm

0 likes · 8 min read

How Shor’s Algorithm Threatens RSA: Quantum Steps to Break Encryption

Art of Distributed System Architecture Design

Aug 9, 2015 · Information Security

Understanding HTTP Hijacking and DNS Hijacking: Causes, Impacts, and Countermeasures

The article explains what HTTP and DNS hijacking are, illustrates real‑world examples, analyzes their causes and harms, and presents practical anti‑hijacking techniques such as data validation, HttpDNS, operator cache handling, and logging systems.

DNS hijackingHTTP hijackinganti-hijacking

0 likes · 11 min read

Understanding HTTP Hijacking and DNS Hijacking: Causes, Impacts, and Countermeasures

Efficient Ops

Jul 30, 2015 · Information Security

Designing a Multi‑Layer Ops Security Tower: Network, System & Permission Strategies

This article summarizes a comprehensive ops security talk that breaks down network segmentation, system hardening, and permission management into layered defenses, offering practical guidance on VLANs, ACLs, least‑privilege principles, and account auditing for robust enterprise protection.

System Hardeningaccess controlinformation security

0 likes · 11 min read

Designing a Multi‑Layer Ops Security Tower: Network, System & Permission Strategies

MaGe Linux Operations

May 26, 2015 · Information Security

Mastering Encryption: From Basics to OpenSSL PKI Implementation

This article explains the fundamentals of encryption, symmetric and asymmetric cryptography, digital certificates, PKI, and provides step‑by‑step guidance on using OpenSSL to generate keys, create a private CA, issue and revoke certificates for secure data transmission.

OpenSSLPKIdigital certificates

0 likes · 16 min read

Mastering Encryption: From Basics to OpenSSL PKI Implementation

Practical DevOps Architecture

May 12, 2015 · Information Security

Configuring Email Filtering Policies on USG Firewall

This guide details how to set up USG firewall email filtering to block specific attachment types, limit attachment size, and prevent messages containing prohibited keywords by creating pattern groups, defining a mail‑filter policy, applying it to the outbound interzone firewall view, and verifying the configuration.

USGattachment controlemail filtering

0 likes · 5 min read

Configuring Email Filtering Policies on USG Firewall

Baidu Tech Salon

Oct 28, 2014 · Information Security

Baidu International Antivirus Cloud Defense Strategy and User Interaction Design

At the 55th Baidu Technology Salon, Baidu International Antivirus unveiled a cloud‑defense system that replaces traditional local pop‑ups with controllable, operable alerts and cloud‑based monitoring, analysis, and response policies, enabling targeted strikes, richer actions, and smarter handling of unknown threats such as zero‑day exploits.

AntivirusCloud Defenseinformation security

0 likes · 9 min read

Baidu International Antivirus Cloud Defense Strategy and User Interaction Design

Baidu Tech Salon

Sep 26, 2014 · Information Security

Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations

The article outlines front‑end web security tactics—blocking all user‑supplied external links, sanitizing rich‑text to prevent XSS and iframe abuse, nullifying window.opener to stop phishing redirects—while recommending CSP, whitelist CSS, sandboxed iframes, and click‑through confirmations as mitigations.

CSRFFront-endWeb Security

0 likes · 13 min read

Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations

MaGe Linux Operations

Jul 4, 2014 · Information Security

How Digital Signatures Secure Data: Principles, Algorithms, and Implementation

This article explains the concept of digital signatures, their role in verifying data integrity and origin, outlines common algorithms such as RSA, DSS, and hash‑based signatures, and details the full PKI‑based workflow—including authentication, signing, and verification—while also describing how to combine encryption with signatures for confidential transmission.

PKIRSAcryptography

0 likes · 8 min read

How Digital Signatures Secure Data: Principles, Algorithms, and Implementation

Baidu Tech Salon

Apr 15, 2014 · Information Security

Web Traffic Hijacking: Risks, Techniques, and Defenses

Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.

HTTPSTraffic HijackingWeb Security

0 likes · 27 min read

Web Traffic Hijacking: Risks, Techniques, and Defenses