Tagged articles

information security

1019 articles · Page 11 of 11
21CTO
21CTO
Dec 7, 2015 · Information Security

How Tencent Combats Fraudsters with Big Data and AI‑Powered Risk Engines

This article explains how Tencent uses big‑data collection, user profiling, and AI‑driven risk learning engines to detect and block malicious accounts, proxy IPs, and fraudulent activities across e‑commerce and other platforms, detailing the architecture, algorithms, and practical defenses employed.

Big Dataanti-fraudfraud detection
0 likes · 14 min read
How Tencent Combats Fraudsters with Big Data and AI‑Powered Risk Engines
Efficient Ops
Efficient Ops
Dec 5, 2015 · Information Security

Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning

This article shares insights from a security‑focused discussion on nurturing security‑oriented developers, balancing leadership and analyst needs in security visualization, and evaluating whether machine‑learning techniques truly add value to internal security data processing.

DevSecOpsinformation securitymachine learning
0 likes · 7 min read
Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning
Architect
Architect
Nov 26, 2015 · Information Security

Analysis of Password Structures and Patterns in Web Penetration Testing

This article examines how manually assigned passwords in web services exhibit predictable structures—prefixes, keywords, separators, and suffixes—by analyzing millions of leaked Gmail passwords and other data, and categorizes the patterns to aid security assessments.

information securitykeyword extractionpassword analysis
0 likes · 9 min read
Analysis of Password Structures and Patterns in Web Penetration Testing
ITPUB
ITPUB
Nov 18, 2015 · Information Security

Prevent Remote Code Execution: Securing Java Serialization with a Simple Class Whitelist

The article explains how a widespread Java serialization vulnerability lets attackers execute remote commands by deserializing malicious objects, and describes a practical mitigation that overrides ObjectInputStream’s resolveClass method to enforce a whitelist, preventing unauthorized class instantiation without rewriting application code.

JavaVulnerabilityWhitelist
0 likes · 6 min read
Prevent Remote Code Execution: Securing Java Serialization with a Simple Class Whitelist
ITPUB
ITPUB
Nov 6, 2015 · Information Security

How I Decompiled a Malicious Android App and Uncovered Its Hidden Email Spy

A user received a suspicious SMS with a malicious app link, prompting an analyst to download, decompile, and dissect the Android malware, revealing hidden Device Admin permissions, obfuscated code, DES-encrypted credentials, and the attacker’s email address, ultimately exposing how the trojan steals personal data.

AndroidDES EncryptionMalware
0 likes · 4 min read
How I Decompiled a Malicious Android App and Uncovered Its Hidden Email Spy
Efficient Ops
Efficient Ops
Oct 7, 2015 · Information Security

Why Information Security Mirrors Protecting Your Money: 4 Core Principles Explained

The article explores the essence of information security by comparing it to safeguarding personal money, detailing the four fundamental attributes—confidentiality, integrity, availability, and controllability—and illustrating how different conditions shape security needs, from personal to enterprise contexts.

Data ProtectionRisk Managementavailability
0 likes · 13 min read
Why Information Security Mirrors Protecting Your Money: 4 Core Principles Explained
Tencent TDS Service
Tencent TDS Service
Sep 19, 2015 · Information Security

Understanding XcodeGhost: How It Operates and How to Detect It

This article explains the XcodeGhost malware that infected iOS developers, detailing its data‑reporting and command‑issuing capabilities, the potential threats it poses on older iOS versions, and practical steps to detect and remove an infected Xcode installation.

Malware AnalysisMobile DevelopmentXcodeGhost
0 likes · 6 min read
Understanding XcodeGhost: How It Operates and How to Detect It
Efficient Ops
Efficient Ops
Sep 4, 2015 · Information Security

Is the Cloud ‘Babysitter’ Model Stalling Security Innovation?

The article examines Alibaba Cloud’s recent security incident, compares the “babysitter” model with AWS’s shared‑responsibility approach, and discusses how overly‑protective cloud security can affect user awareness, third‑party vendors, and the overall health of China’s cloud security ecosystem.

Alibaba Cloudinformation securitysecurity ecosystem
0 likes · 7 min read
Is the Cloud ‘Babysitter’ Model Stalling Security Innovation?
21CTO
21CTO
Aug 19, 2015 · Information Security

How Shor’s Algorithm Threatens RSA: Quantum Steps to Break Encryption

Shor’s algorithm leverages quantum parallelism to efficiently find integer factors, exposing the vulnerability of RSA encryption by locating periodicity in modular exponentiation, and the article outlines a five-step hybrid quantum‑classical procedure—including quantum Fourier transform—to break RSA keys.

RSAShor's algorithmcryptography
0 likes · 8 min read
How Shor’s Algorithm Threatens RSA: Quantum Steps to Break Encryption
Efficient Ops
Efficient Ops
Jul 30, 2015 · Information Security

Designing a Multi‑Layer Ops Security Tower: Network, System & Permission Strategies

This article summarizes a comprehensive ops security talk that breaks down network segmentation, system hardening, and permission management into layered defenses, offering practical guidance on VLANs, ACLs, least‑privilege principles, and account auditing for robust enterprise protection.

Access ControlSystem Hardeninginformation security
0 likes · 11 min read
Designing a Multi‑Layer Ops Security Tower: Network, System & Permission Strategies
MaGe Linux Operations
MaGe Linux Operations
May 26, 2015 · Information Security

Mastering Encryption: From Basics to OpenSSL PKI Implementation

This article explains the fundamentals of encryption, symmetric and asymmetric cryptography, digital certificates, PKI, and provides step‑by‑step guidance on using OpenSSL to generate keys, create a private CA, issue and revoke certificates for secure data transmission.

OpenSSLPKIdigital certificates
0 likes · 16 min read
Mastering Encryption: From Basics to OpenSSL PKI Implementation
Practical DevOps Architecture
Practical DevOps Architecture
May 12, 2015 · Information Security

Configuring Email Filtering Policies on USG Firewall

This guide details how to set up USG firewall email filtering to block specific attachment types, limit attachment size, and prevent messages containing prohibited keywords by creating pattern groups, defining a mail‑filter policy, applying it to the outbound interzone firewall view, and verifying the configuration.

USGattachment controlemail filtering
0 likes · 5 min read
Configuring Email Filtering Policies on USG Firewall
Baidu Tech Salon
Baidu Tech Salon
Oct 28, 2014 · Information Security

Baidu International Antivirus Cloud Defense Strategy and User Interaction Design

At the 55th Baidu Technology Salon, Baidu International Antivirus unveiled a cloud‑defense system that replaces traditional local pop‑ups with controllable, operable alerts and cloud‑based monitoring, analysis, and response policies, enabling targeted strikes, richer actions, and smarter handling of unknown threats such as zero‑day exploits.

AntivirusCloud Defenseinformation security
0 likes · 9 min read
Baidu International Antivirus Cloud Defense Strategy and User Interaction Design
Baidu Tech Salon
Baidu Tech Salon
Sep 26, 2014 · Information Security

Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations

The article outlines front‑end web security tactics—blocking all user‑supplied external links, sanitizing rich‑text to prevent XSS and iframe abuse, nullifying window.opener to stop phishing redirects—while recommending CSP, whitelist CSS, sandboxed iframes, and click‑through confirmations as mitigations.

CSRFFront-endXSS
0 likes · 13 min read
Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations
MaGe Linux Operations
MaGe Linux Operations
Jul 4, 2014 · Information Security

How Digital Signatures Secure Data: Principles, Algorithms, and Implementation

This article explains the concept of digital signatures, their role in verifying data integrity and origin, outlines common algorithms such as RSA, DSS, and hash‑based signatures, and details the full PKI‑based workflow—including authentication, signing, and verification—while also describing how to combine encryption with signatures for confidential transmission.

PKIRSAcryptography
0 likes · 8 min read
How Digital Signatures Secure Data: Principles, Algorithms, and Implementation
Baidu Tech Salon
Baidu Tech Salon
Apr 15, 2014 · Information Security

Web Traffic Hijacking: Risks, Techniques, and Defenses

Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.

HTTPSTraffic HijackingXSS
0 likes · 27 min read
Web Traffic Hijacking: Risks, Techniques, and Defenses