Tagged articles

980 articles

Page 3 of 10

Nov 26, 2024 · Information Security

New “Silver Fox” Trojan Variant Targets Chinese Users – Spread, Impact, and Prevention

The National Computer Virus Emergency Response Center reports a new “Silver Fox” Trojan variant distributed via phishing links in WeChat groups, disguised as tax‑related installers, which can hijack systems for remote control and fraud, and provides concrete steps for users and enterprises to defend against it.

PreventionViruscybersecurity

0 likes · 6 min read

New “Silver Fox” Trojan Variant Targets Chinese Users – Spread, Impact, and Prevention

Liangxu Linux

Nov 24, 2024 · Information Security

How to Implement Unified Authentication for Enterprise Applications with Open‑Source SSO

This article explains the pain points of multiple logins in enterprises, introduces Single Sign‑On concepts and protocols, outlines its benefits, and provides a step‑by‑step guide to deploy an open‑source Golang‑Vue SSO solution using Docker Compose.

AuthenticationDockerGolang

0 likes · 7 min read

How to Implement Unified Authentication for Enterprise Applications with Open‑Source SSO

MaGe Linux Operations

Nov 21, 2024 · Information Security

Secure Enterprise Account Management: From Pain Points to a Deployable Solution

This article outlines the challenges of traditional credential handling in modern enterprises, presents a professional password‑management platform with advanced encryption, sharing, and audit features, and provides step‑by‑step Docker‑based deployment instructions to secure and streamline account administration.

Account ManagementDocker deploymentEnterprise

0 likes · 8 min read

Secure Enterprise Account Management: From Pain Points to a Deployable Solution

Mike Chen's Internet Architecture

Nov 20, 2024 · Information Security

Understanding Single Sign-On (SSO): Principles, Process, and Application Scenarios

This article explains the fundamentals, architecture, workflow, and practical scenarios of Single Sign-On (SSO), illustrating how a centralized authentication server enables users to log in once and seamlessly access multiple trusted applications, while also offering resources for deeper study.

AuthenticationSSOSingle Sign-On

0 likes · 5 min read

Understanding Single Sign-On (SSO): Principles, Process, and Application Scenarios

IT Services Circle

Nov 19, 2024 · Information Security

QQ and TIM Crash Caused by QQ NT Kernel Vulnerability and Recommended Mitigation Steps

A widespread crash affecting QQ and TIM on Windows, iOS, and Android was caused by a vulnerability in the QQ NT kernel that allowed malicious code in group file previews to trigger the failure, and users are advised to clean chat records or await server-side fixes.

QQQQ NT kernelSecurity Vulnerability

0 likes · 5 min read

QQ and TIM Crash Caused by QQ NT Kernel Vulnerability and Recommended Mitigation Steps

Huolala Tech

Nov 19, 2024 · Information Security

Understanding JWT Security Risks and How to Test Them

This article explains the structure of JSON Web Tokens, outlines common attack vectors such as algorithm confusion, weak keys, replay, and header injection, and provides practical mitigation strategies and a testing checklist with recommended security tools.

JWTReplay attackalgorithm confusion

0 likes · 13 min read

Understanding JWT Security Risks and How to Test Them

Efficient Ops

Nov 13, 2024 · Information Security

How Leading Companies Stop Insider Data Theft: Real Ops & Security Practices

This article compiles practical insights from Zhihu discussions and real‑world experience on preventing insider spying and tampering with databases, covering least‑privilege policies, mutual supervision, strict access controls, audit mechanisms, and cultural factors that shape effective information security operations.

Database Securityaccess controlaudit

0 likes · 11 min read

How Leading Companies Stop Insider Data Theft: Real Ops & Security Practices

Rare Earth Juejin Tech Community

Nov 12, 2024 · Information Security

How to Compute an MD5 Hash of a String in Java Using MessageDigest

This article explains how to generate an MD5 hash for a string in Java with the java.security.MessageDigest class, provides a complete example program, details each step of the MD5 algorithm, and describes the core methods and internal workings of MessageDigest for cryptographic hashing.

HashingJavaMD5

0 likes · 12 min read

How to Compute an MD5 Hash of a String in Java Using MessageDigest

Liangxu Linux

Nov 10, 2024 · Information Security

Essential Linux Penetration Testing Commands Cheat Sheet

A comprehensive cheat sheet of high‑frequency Linux penetration‑testing commands covering system information, package management, user handling, compression, file operations, Samba access, shell bypass techniques, miscellaneous utilities, bash history clearing, filesystem permissions, and privilege‑escalation tips.

Command Cheat SheetEnumerationinformation security

0 likes · 7 min read

Essential Linux Penetration Testing Commands Cheat Sheet

Java Tech Enthusiast

Nov 9, 2024 · Information Security

How Companies Monitor Employee WeChat Chats and Ways to Protect Your Privacy

Companies can monitor employee WeChat chats on corporate‑issued, rooted computers through network sniffing, OS‑level screen capture, and file‑watching tools, allowing them to view personal messages, infer app usage, and thus personal privacy on work devices is vulnerable, so users should avoid personal WeChat on such devices or use separate accounts and enterprise archiving features.

Mobile Securityemployee monitoringinformation security

0 likes · 5 min read

How Companies Monitor Employee WeChat Chats and Ways to Protect Your Privacy

Liangxu Linux

Nov 3, 2024 · Information Security

50 Critical Linux Ports You Must Close to Secure Your System

This guide lists the most dangerous Linux ports, explains their typical uses, the security risks they pose, and provides concrete recommendations—such as changing default ports, disabling services, and applying firewall rules—to harden your system against attacks.

Port SecuritySystem Hardeningfirewall

0 likes · 13 min read

50 Critical Linux Ports You Must Close to Secure Your System

NetEase LeiHuo Testing Center

Nov 1, 2024 · Information Security

Traditional Game Cheating Techniques, Anti‑Cheat Countermeasures, and the Rise of AI‑Based Cheats

The article surveys classic FPS cheating methods—memory editing, packet manipulation, and macro simulation—explains their technical implementations and anti‑cheat defenses, then examines how AI and machine‑learning are reshaping both cheat creation and detection, concluding with recommendations for staying ahead of cheat developers.

AI cheatGame Securityanti‑cheat

0 likes · 17 min read

Traditional Game Cheating Techniques, Anti‑Cheat Countermeasures, and the Rise of AI‑Based Cheats

Liangxu Linux

Oct 31, 2024 · Information Security

Why Does a TCP Connection Reset? Understanding RST Packets Across All Stages

This article explains the purpose of TCP RST packets, how they appear during connection establishment, data transfer, firewall enforcement, and teardown, and provides practical techniques for distinguishing legitimate resets from spoofed or policy‑driven resets to improve network troubleshooting and security.

RSTTCPinformation security

0 likes · 10 min read

Why Does a TCP Connection Reset? Understanding RST Packets Across All Stages

21CTO

Oct 16, 2024 · Information Security

Will Safe C++ Extensions Make C++ Memory‑Safe? Insights from Rust and NSA

Amid rising memory‑safety concerns highlighted by Chrome’s vulnerabilities and high‑profile attacks, the C++ community proposes a Safe C++ Extension to add memory‑safety features, while experts compare it to Rust and discuss challenges, adoption pressures, and DARPA’s AI‑driven code‑conversion efforts.

C++Memory SafetyRust

0 likes · 6 min read

Will Safe C++ Extensions Make C++ Memory‑Safe? Insights from Rust and NSA

ITPUB

Oct 16, 2024 · Information Security

Why Intel CPUs Pose Growing Security Threats to China – Four Critical Risks

The Chinese Cyberspace Security Association warns that Intel processors suffer frequent high‑severity vulnerabilities, reliability problems, covert remote‑management features, and built‑in backdoors, urging a systematic cybersecurity review of Intel products sold in China to protect national security and consumer rights.

CPU vulnerabilitiesChina cybersecurityIntel

0 likes · 10 min read

Why Intel CPUs Pose Growing Security Threats to China – Four Critical Risks

System Architect Go

Oct 11, 2024 · Information Security

How Kubernetes Secures Pods with Seccomp, AppArmor, and SELinux

This article explains how Kubernetes leverages the Linux kernel security mechanisms Seccomp, AppArmor, and SELinux together with Pod Security Standards and the built‑in admission controller to enforce fine‑grained security policies for container workloads in cloud‑native environments.

AppArmorCloud NativeKubernetes

0 likes · 8 min read

How Kubernetes Secures Pods with Seccomp, AppArmor, and SELinux

Java Architect Essentials

Oct 7, 2024 · Information Security

Insider Ransomware Attack by a Former Engineer: Case Study and Security Lessons

A disgruntled former infrastructure engineer at a U.S. industrial firm deleted backups, locked administrators, and demanded $750,000 in Bitcoin, leading to his arrest and highlighting the severe risks, legal consequences, and mitigation strategies associated with insider ransomware threats.

IT Governanceincident responseinformation security

0 likes · 10 min read

Insider Ransomware Attack by a Former Engineer: Case Study and Security Lessons

php Courses

Sep 30, 2024 · Information Security

Using PHP password_hash for Secure Password Hashing

This article explains how to securely hash passwords in PHP using the password_hash function, demonstrates code examples, describes verification with password_verify, and highlights automatic salting and best practices for protecting user credentials.

BackendHashingPHP

0 likes · 4 min read

Using PHP password_hash for Secure Password Hashing

IT Services Circle

Sep 28, 2024 · Information Security

From Paper Notes to Cryptographic Locks: An Analogy of Symmetric and Asymmetric Encryption

The article uses a classroom love‑note scenario to illustrate how single‑key (symmetric) and double‑key (asymmetric) locks model modern cryptographic techniques, explaining key exchange, signatures, man‑in‑the‑middle attacks, and how HTTPS secures communication.

HTTPSasymmetric encryptioninformation security

0 likes · 12 min read

From Paper Notes to Cryptographic Locks: An Analogy of Symmetric and Asymmetric Encryption

Software Development Quality

Sep 25, 2024 · Information Security

Understanding Security Vulnerability Grading: Levels, Upgrade Rules, and Common Types

This article explains a security vulnerability grading standard that defines five severity levels (S0‑S4), outlines handling timeframes, describes conditions for automatic level upgrades, and lists typical vulnerability types for each level to guide effective risk management.

Vulnerabilitygradingincident response

0 likes · 8 min read

Understanding Security Vulnerability Grading: Levels, Upgrade Rules, and Common Types

Software Development Quality

Sep 21, 2024 · Information Security

How to Classify Security Incidents: A Comprehensive Grading Policy

This document outlines a security incident grading policy that defines purpose, scope, detailed classification across application, network, host, and data layers, and provides remarks on applicability, data‑related events, and the definition of critical (S0) vulnerabilities, helping organizations assess and prioritize security faults.

incident classificationinformation securitypolicy

0 likes · 3 min read

How to Classify Security Incidents: A Comprehensive Grading Policy

MaGe Linux Operations

Sep 15, 2024 · Information Security

Understanding TLS Handshakes: RSA vs ECDHE and TLS 1.3 Explained

This article provides a comprehensive overview of TLS handshakes, detailing the RSA and ECDHE key exchange mechanisms, their step-by-step processes, security properties, and the differences between TLS 1.2 and TLS 1.3, including cipher suite structures and certificate validation.

ECDHERSATLS

0 likes · 21 min read

Understanding TLS Handshakes: RSA vs ECDHE and TLS 1.3 Explained

Data Thinking Notes

Sep 12, 2024 · Information Security

How to Overcome the Top 3 Data Flow Challenges and Secure Your Data Assets

This article outlines the framework for data element circulation, identifies three major security and compliance challenges in data flow, and presents five practical measures plus a six‑step method for incorporating data assets into financial statements to enhance transparency and value.

Big DataData AssetData Flow

0 likes · 10 min read

How to Overcome the Top 3 Data Flow Challenges and Secure Your Data Assets

Alibaba Cloud Native

Sep 11, 2024 · Information Security

Securing Serverless Containers with Cloud Security Center: Architecture & Challenges

The article explains how Cloud Security Center protects Serverless container workloads through vulnerability scanning, intrusion detection, baseline checks, and isolation, outlines the integration architecture and workflow, examines key challenges such as multi‑tenant isolation, resource consumption and blast‑radius control, and presents test results and future security roadmap.

Container SecurityServerlesscloud security

0 likes · 10 min read

Securing Serverless Containers with Cloud Security Center: Architecture & Challenges

AntTech

Sep 5, 2024 · Artificial Intelligence

Ant InTech Technology Award Announces First Ten Young Scholars and Their Research Areas

On September 5 at the 2024 Inclusion·Bund Conference, Ant InTech announced its first ten award-winning young scholars from top Chinese universities, highlighting their research in artificial intelligence, data processing, cloud computing, security, and related fields, each receiving a 200,000‑RMB grant.

Ant GroupInTech AwardYoung Scholars

0 likes · 4 min read

Ant InTech Technology Award Announces First Ten Young Scholars and Their Research Areas

vivo Internet Technology

Sep 4, 2024 · Information Security

Analysis of Loop Login Issues in Single Sign-On (SSO) and Their Solutions

The article examines a single sign‑on loop‑login problem caused by Secure‑flagged cookies being set over HTTP, explains how missing tokens trigger endless redirects, and recommends enforcing HTTPS or using a non‑Secure auxiliary token to break the redirect cycle.

CookieLoop LoginSSO

0 likes · 12 min read

Analysis of Loop Login Issues in Single Sign-On (SSO) and Their Solutions

Top Architect

Sep 1, 2024 · Information Security

Understanding JWT Token Security: Threats and Protection Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical measures—including HTTPS, encryption, proper storage, expiration policies, and two-factor authentication—to safeguard token integrity.

AuthenticationJWTWeb Development

0 likes · 13 min read

Understanding JWT Token Security: Threats and Protection Strategies

21CTO

Aug 28, 2024 · Information Security

Why Pavel Durov’s Telegram Remains a Hotspot for Privacy and Controversy

The article chronicles Pavel Durov’s rise from a programming prodigy to the founder of VKontakte and Telegram, highlighting the platforms' rapid growth, privacy‑focused features, global usage, and the legal and ethical controversies surrounding his personal life and recent arrest.

Pavel DurovTelegramVKontakte

0 likes · 9 min read

Why Pavel Durov’s Telegram Remains a Hotspot for Privacy and Controversy

Data Thinking Notes

Aug 27, 2024 · Information Security

Understanding Data Security Regulations and Classification Standards

This article presents an overview of data security related regulations, outlines the standards for data classification and grading, and showcases industry-specific classification schemes through illustrative diagrams, providing a concise visual guide for implementing data security measures.

Data GovernanceRegulationsdata classification

0 likes · 2 min read

Understanding Data Security Regulations and Classification Standards

Architect

Aug 26, 2024 · Information Security

Understanding JWT Token Security: Threats and Mitigation Strategies

This article explains the fundamentals of JSON Web Tokens (JWT), compares token-based authentication with traditional session methods, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, encryption, secure storage, short lifetimes, two‑factor authentication, and safe token refresh strategies.

AuthenticationJWTWeb Security

0 likes · 12 min read

Understanding JWT Token Security: Threats and Mitigation Strategies

21CTO

Aug 23, 2024 · Information Security

Why Do Companies Fail at Data Security? Common Pitfalls and Solutions

This article examines why many enterprises repeatedly suffer data breaches, highlighting common security flaws such as manual permission management, account sharing, lack of least‑privilege, insufficient environment isolation, weak audit logging, and offers practical recommendations to strengthen information security.

Audit loggingZero Trustaccess control

0 likes · 14 min read

Why Do Companies Fail at Data Security? Common Pitfalls and Solutions

Open Source Linux

Aug 16, 2024 · Information Security

Critical Windows IPv6 RCE Vulnerability (CVE‑2024‑38063): Risks & Fixes

A high‑severity Windows TCP/IP IPv6 vulnerability (CVE‑2024‑38063) allows unauthenticated remote attackers to trigger denial‑of‑service or execute arbitrary code on millions of systems, and Microsoft recommends immediate patching or temporary IPv6 disabling as mitigation.

CVE-2024-38063IPv6Remote Code Execution

0 likes · 9 min read

Critical Windows IPv6 RCE Vulnerability (CVE‑2024‑38063): Risks & Fixes

Data Thinking Notes

Aug 12, 2024 · Information Security

Understanding Data Governance vs Data Security Governance: Key Frameworks Explained

This article explains how data has become a strategic resource, outlines the economic and industrial value of data, differentiates data governance from data security governance, and reviews major data security frameworks and a data‑centric security architecture to guide organizations in protecting their data assets.

Data GovernanceData Lifecycledata security

0 likes · 12 min read

Understanding Data Governance vs Data Security Governance: Key Frameworks Explained

Top Architect

Aug 11, 2024 · Information Security

Deep Dive into Spring Security Architecture and Implementation Principles

This article provides an in‑depth analysis of Spring Security 6.x architecture, explaining its filter‑chain design, authentication and authorization mechanisms, key components such as DelegatingFilterProxy, FilterChainProxy, SecurityFilterChain, and offers code examples and practical guidance for developers.

AuthenticationAuthorizationJava

0 likes · 31 min read

Deep Dive into Spring Security Architecture and Implementation Principles

Selected Java Interview Questions

Aug 10, 2024 · Information Security

Understanding HTTP, MITM Attacks, and How HTTPS Secures Communication

This article explains the fundamentals of the HTTP protocol, demonstrates how man‑in‑the‑middle attacks exploit its plaintext nature, discusses symmetric and asymmetric encryption attempts to mitigate these risks, and describes how HTTPS (TLS) and the CA trust model provide robust protection against such attacks.

HTTPHTTPSMITM

0 likes · 9 min read

Understanding HTTP, MITM Attacks, and How HTTPS Secures Communication

ITPUB

Aug 9, 2024 · Information Security

How the “Downdate” Attack Rolls Back Windows Updates to Exploit Old Vulnerabilities

At Black Hat 2024, SafeBreach researcher Alon Leviev revealed a “Downdate” technique that manipulates the Windows update mechanism to roll back the operating system and critical components to vulnerable older versions, exposing numerous historic flaws and enabling potential full system compromise.

Black HatVirtualization-Based SecurityWindows

0 likes · 6 min read

How the “Downdate” Attack Rolls Back Windows Updates to Exploit Old Vulnerabilities

Architecture Digest

Aug 6, 2024 · Information Security

How to Perform Fuzzy Queries on Encrypted Data: Approaches and Trade‑offs

This article examines why encrypted data is unfriendly to fuzzy search, categorises three implementation strategies—naïve, conventional, and advanced—analyses their advantages and disadvantages, and provides practical guidance and reference links for securely enabling fuzzy queries on encrypted fields.

Database Queryalgorithm designencrypted data

0 likes · 11 min read

How to Perform Fuzzy Queries on Encrypted Data: Approaches and Trade‑offs

php Courses

Aug 6, 2024 · Information Security

How to Secure Data Transmission with PHP: HTTPS, Symmetric and Asymmetric Encryption

This article explains how to secure data transmission in PHP by using HTTPS, symmetric encryption algorithms like AES, and asymmetric encryption with OpenSSL, including code examples and key management recommendations for web applications.

HTTPSasymmetric encryptionencryption

0 likes · 4 min read

How to Secure Data Transmission with PHP: HTTPS, Symmetric and Asymmetric Encryption

IT Architects Alliance

Aug 4, 2024 · Information Security

How to Perform Fuzzy Search on Encrypted Data

This article examines the challenges of fuzzy searching encrypted data and compares three implementation approaches—naïve, conventional, and advanced—detailing their principles, performance implications, storage costs, and security trade‑offs, ultimately recommending the conventional token‑based method for most practical applications.

algorithmdatabaseencryption

0 likes · 13 min read

How to Perform Fuzzy Search on Encrypted Data

Java High-Performance Architecture

Jul 31, 2024 · Information Security

How a Disgruntled Engineer Deleted 180 Virtual Servers and Cost $670K

A former NCS employee in Singapore, disgruntled after being fired, repeatedly accessed the company's QA system without authorization, wrote scripts, and in March 2023 deleted 180 virtual servers, causing losses of over $670,000 and leading to his conviction for illegal computer access.

Singaporecybercrimeinformation security

0 likes · 5 min read

How a Disgruntled Engineer Deleted 180 Virtual Servers and Cost $670K

Data Thinking Notes

Jul 30, 2024 · Information Security

Mastering Data Classification: A Practical Guide to Secure Data Grading

This article outlines the evolution of data security in China, explains why data classification and grading are central to governance, and provides a step‑by‑step framework, principles, implementation details, adjustment triggers, and practical reflections for building effective data protection strategies.

Data Governancecompliancedata classification

0 likes · 11 min read

Mastering Data Classification: A Practical Guide to Secure Data Grading

Java Captain

Jul 29, 2024 · Information Security

How to Perform Fuzzy Queries on Encrypted Data

This article examines the challenges of fuzzy searching encrypted data and compares three categories of solutions—naïve, conventional, and advanced—detailing their implementation ideas, performance trade‑offs, storage costs, and security implications for real‑world applications.

algorithmencryptionfuzzy-search

0 likes · 10 min read

How to Perform Fuzzy Queries on Encrypted Data

DataFunTalk

Jul 27, 2024 · Information Security

Classification of Risk Control and Full-Scenario Anti-Cheat Strategies in the Internet

The article outlines how internet and financial risk control are categorized into anti‑cheat, anti‑fraud, and content security, describes full‑scenario cheating types, and presents a three‑step joint defense framework using perception, identification, and mitigation with feature‑based analysis.

anti-cheatfeature engineeringfraud detection

0 likes · 7 min read

Classification of Risk Control and Full-Scenario Anti-Cheat Strategies in the Internet

Open Source Tech Hub

Jul 25, 2024 · Information Security

Secure PHP Password Storage: From MD5+Salt to Bcrypt and Argon2

This guide explains why MD5 with salt is insecure, introduces stronger hashing algorithms like bcrypt and Argon2, and provides practical PHP examples using password_hash and password_verify to safely store and verify user passwords with built‑in salts and configurable cost factors.

PHPargon2bcrypt

0 likes · 8 min read

Secure PHP Password Storage: From MD5+Salt to Bcrypt and Argon2

Architecture Digest

Jul 25, 2024 · Information Security

Investigation of Phone and Electricity Recharge Money‑Laundering Schemes in Illicit Apps

The article analyzes how shady mobile applications exploit phone‑credit and electricity‑bill recharge interfaces to funnel user payments through complex, hidden channels, describing the laundering chain, various payment methods, server tracing details, and the broader security implications for the black‑gray market.

black marketcybercrimeinformation security

0 likes · 8 min read

Investigation of Phone and Electricity Recharge Money‑Laundering Schemes in Illicit Apps

Data Thinking Notes

Jul 22, 2024 · Fundamentals

Why Data Architecture Governance Is the Key to Successful Digital Transformation

Data architecture governance, encompassing standards, security, modeling, quality, and lifecycle management, is essential for digital transformation in fast‑growing industries like express delivery, and this article outlines current challenges, traditional approaches, and a practical, phased methodology with platform support to implement effective governance.

Data ArchitectureData GovernanceDigital Transformation

0 likes · 12 min read

Why Data Architecture Governance Is the Key to Successful Digital Transformation

MaGe Linux Operations

Jul 19, 2024 · Information Security

Why CrowdStrike’s Falcon Update Crashed Windows for Millions – The Blue‑Screen Storm Explained

A recent CrowdStrike Falcon update triggered widespread Windows blue screen (BSOD) crashes across multiple countries, prompting IT departments worldwide to raise alarms while forcing the security firm to issue urgent fixes and grapple with damage to its reputation and user trust.

BSODCrowdStrikeEndpoint Protection

0 likes · 3 min read

Why CrowdStrike’s Falcon Update Crashed Windows for Millions – The Blue‑Screen Storm Explained

Data Thinking Notes

Jul 16, 2024 · Information Security

How to Build an Effective Data Security Operations Metrics System

Data security, centered on the full data lifecycle, demands deep defense against dynamic, continuous risks; by adopting a new operational mindset and a comprehensive metrics system, organizations can achieve greater visibility, control, sustainability, and trustworthiness in protecting their data assets.

Data Lifecycledata securityinformation security

0 likes · 3 min read

How to Build an Effective Data Security Operations Metrics System

Ops Development & AI Practice

Jul 13, 2024 · Information Security

Discover Every Encryption, MAC, and Key‑Exchange Algorithm Supported by OpenSSH

This guide explains how to use the ssh -Q command to list all OpenSSH-supported ciphers, cipher‑auth methods, key‑exchange algorithms, public‑key types, certificate keys, MACs, protocol versions, and signature algorithms, providing concrete command output and common examples for each category.

OpenSSHcryptographyencryption

0 likes · 8 min read

Discover Every Encryption, MAC, and Key‑Exchange Algorithm Supported by OpenSSH

Ops Development & AI Practice

Jul 12, 2024 · Information Security

Understanding MAC, HMAC, and CMAC: How to Secure Data with Python

This article explains the principles of Message Authentication Codes (MAC), details the operation and characteristics of HMAC and CMAC, compares common algorithms, and provides Python code examples for generating and verifying these codes to ensure data integrity and authenticity.

CMACHMACMac

0 likes · 6 min read

Understanding MAC, HMAC, and CMAC: How to Secure Data with Python

360 Smart Cloud

Jul 11, 2024 · Information Security

Web Security Fundamentals: Secure Coding, SQL Injection, XSS, and File Management

This article provides a comprehensive overview of web security, covering authentication, input validation, secure coding practices, SQL injection and XSS attack mechanisms, detection methods, defensive techniques, and best practices for secure file upload and download.

SQL injectionSecure CodingWeb Security

0 likes · 15 min read

Web Security Fundamentals: Secure Coding, SQL Injection, XSS, and File Management

Python Crawling & Data Mining

Jul 11, 2024 · Information Security

Understanding China’s Algorithm Filing Requirements: A Practical Guide

This guide explains what China’s algorithm filing regulation entails, which services must comply, the types of algorithms covered, why filing is essential, the step‑by‑step process, and the documents needed to complete the mandatory filing within the stipulated timeframe.

China regulationalgorithm filingcompliance

0 likes · 4 min read

Understanding China’s Algorithm Filing Requirements: A Practical Guide

21CTO

Jul 10, 2024 · Information Security

Did a Hacker Breach OpenAI’s Internal AI Discussions? Implications for Security

A New York Times report reveals that a hacker accessed OpenAI's internal messaging system, exposing employee discussions on AI advancements and sparking concerns about foreign espionage, internal security practices, and the broader national‑security implications of AI technology.

AI researchAI securityOpenAI

0 likes · 4 min read

Did a Hacker Breach OpenAI’s Internal AI Discussions? Implications for Security

Code Mala Tang

Jun 28, 2024 · Information Security

What Happened When a Polyfill CDN Was Hijacked? Lessons for Secure Web Development

A June 2024 security breach compromised a popular JavaScript polyfill CDN, injecting malicious code that redirected over 100,000 sites, prompting warnings from Google and GitHub and highlighting best practices for protecting web applications from CDN‑based supply‑chain attacks.

CDNinformation securitysupply chain attack

0 likes · 6 min read

What Happened When a Polyfill CDN Was Hijacked? Lessons for Secure Web Development

Java Architect Essentials

Jun 27, 2024 · Information Security

Understanding HTTP, Its Vulnerabilities, and How HTTPS Secures Communication

This article explains the fundamentals of the HTTP protocol, illustrates its susceptibility to man‑in‑the‑middle attacks, discusses symmetric and asymmetric encryption attempts, and then details how HTTPS (TLS) and the CA trust model protect data transmission from interception and tampering.

CAHTTPHTTPS

0 likes · 9 min read

Understanding HTTP, Its Vulnerabilities, and How HTTPS Secures Communication

FunTester

Jun 26, 2024 · Information Security

Mastering Web Application Penetration Testing: Methods, Types, and Best Practices

Web application penetration testing is a systematic security assessment that identifies vulnerabilities such as SQL injection, XSS, CSRF, insecure authentication, and file‑upload flaws, using methods ranging from black‑box to manual testing, and follows best practices like OWASP guidelines to protect data, privacy, and system integrity.

OWASPWeb Securityinformation security

0 likes · 11 min read

Mastering Web Application Penetration Testing: Methods, Types, and Best Practices

Liangxu Linux

Jun 18, 2024 · Information Security

Critical XZ Utils Backdoor (CVE‑2024‑3094) Threatens Millions of Linux Systems

A severe backdoor discovered in XZ Utils versions 5.6.0 and 5.6.1 (CVE‑2024‑3094) allows unauthorized remote code execution via SSH, affecting major Linux distributions such as Debian testing, Fedora Rawhide, Arch, and openSUSE, and users are urged to upgrade immediately.

CVE-2024-3094Linux securitybackdoor

0 likes · 9 min read

Critical XZ Utils Backdoor (CVE‑2024‑3094) Threatens Millions of Linux Systems

Efficient Ops

Jun 16, 2024 · Information Security

How a Former NCS Engineer’s Revenge Hack Caused $670K Loss and Prison

A Singapore court sentenced former NCS employee Kandula Nagaraju to over two years in prison after he illegally accessed his ex‑employer’s QA system, deleted 180 virtual servers, and caused more than $670,000 in damages, highlighting serious cybersecurity and legal repercussions.

Data losscybercrimeinformation security

0 likes · 6 min read

How a Former NCS Engineer’s Revenge Hack Caused $670K Loss and Prison

IT Services Circle

Jun 15, 2024 · Information Security

How Researchers Built a Malicious VSCode Extension in 30 Minutes and Exposed Marketplace Security Flaws

A security research team created a counterfeit VSCode extension in half an hour, demonstrated how easily malicious code can be injected and distributed through the VSCode Marketplace, and revealed that dozens of high‑value companies, security firms and even a national court were compromised, highlighting critical gaps in extension vetting and supply‑chain protection.

VSCodeinformation securitymalicious extension

0 likes · 10 min read

How Researchers Built a Malicious VSCode Extension in 30 Minutes and Exposed Marketplace Security Flaws

Data Thinking Notes

Jun 12, 2024 · Information Security

How to Implement Data Classification and Grading for Robust Security

This article outlines the national‑standard‑based methodology for classifying and grading data, detailing industry‑specific processes, core and important data identification criteria, general data handling, and a privacy‑focused governance framework that enables organizations to protect sensitive information effectively.

Data ProtectionSecurity Governancedata classification

0 likes · 13 min read

How to Implement Data Classification and Grading for Robust Security

DevOps Operations Practice

Jun 11, 2024 · Information Security

Common Weak Passwords and Best Practices for Secure Password Creation

The article presents NordPass's annual most‑used password list, highlights the top ten weak passwords in China that can be cracked in seconds, explains why users choose them, and offers four practical recommendations for creating stronger, more secure passwords.

NordPassbest practicesinformation security

0 likes · 3 min read

Common Weak Passwords and Best Practices for Secure Password Creation

IT Services Circle

Jun 4, 2024 · Information Security

Malware Campaign Using Fake MS Office Crack Tool Spreads RAT, XMRig Miner, and 3Proxy Proxy

A recent ASEC report reveals that a malicious program disguised as the popular Office 2013‑2024 C2R Install crack tool distributes a .NET‑based malware suite that installs Orcus RAT, the XMRig cryptocurrency miner, and the 3Proxy proxy tool, primarily targeting Korean users and persisting via scheduled tasks and PowerShell updates.

3ProxyKorean usersOffice crack

0 likes · 5 min read

Malware Campaign Using Fake MS Office Crack Tool Spreads RAT, XMRig Miner, and 3Proxy Proxy

Liangxu Linux

May 29, 2024 · Information Security

Running Windows XP on a 486 & the Risks of Connecting Legacy Windows to the Internet

The article reports that Microsoft’s upcoming Windows 11 24H2 will require CPUs with the POPCNT instruction, notes that only pre‑2008 processors lack it, highlights a community‑modified Windows XP ISO that runs on an Intel i486, and details experiments showing how quickly legacy Windows systems become infected when exposed to the internet, underscoring modern security improvements.

POPCNTWindows 11Windows XP

0 likes · 7 min read

Running Windows XP on a 486 & the Risks of Connecting Legacy Windows to the Internet

IT Services Circle

May 29, 2024 · Information Security

Running Windows XP on an Intel i486 and the Security Risks of Connecting Legacy Windows Systems to the Internet

The article reports that Microsoft’s upcoming Windows 11 24H2 will require CPUs with POPCNT support, highlights a successful run of Windows XP on a 1990s Intel i486, and details a YouTuber’s experiment exposing legacy Windows XP and 2000 systems to the internet, revealing rapid virus infections and security risks.

Windows XPi486information security

0 likes · 6 min read

Running Windows XP on an Intel i486 and the Security Risks of Connecting Legacy Windows Systems to the Internet

DevOps

May 23, 2024 · Information Security

Guidelines for Evaluating Large Language Models in Cybersecurity Tasks

The article examines the opportunities and risks of applying large language models (LLMs) to cybersecurity, outlines fourteen practical recommendations for assessing their real‑world capabilities, and concludes with an invitation to the upcoming R&D Efficiency Conference covering AI, product management, and related topics.

AI SafetyLLMcybersecurity

0 likes · 11 min read

Guidelines for Evaluating Large Language Models in Cybersecurity Tasks

Open Source Tech Hub

May 22, 2024 · Information Security

How php-encryption Simplifies Secure Data Protection in PHP

php-encryption, an open‑source library by security expert Defuse, offers developers a straightforward way to implement strong AES‑256‑GCM, AES‑256‑CBC, and XChaCha20‑Poly1305 encryption in PHP, handling key derivation, random number generation, and error reporting without requiring deep cryptographic expertise.

Libraryinformation security

0 likes · 4 min read

How php-encryption Simplifies Secure Data Protection in PHP

Huolala Tech

May 21, 2024 · Information Security

How Huolala Built a Comprehensive Security Asset Map for Cloud‑Native Environments

Huolala’s Information Security team built a comprehensive security asset library and visualization framework, detailing asset pain points, mapping methodology, detection and drawing modules, and measurable outcomes, to enhance asset visibility, risk assessment, and continuous security operations in a cloud‑native environment.

Cloud NativeSecurity Operationsasset mapping

0 likes · 12 min read

How Huolala Built a Comprehensive Security Asset Map for Cloud‑Native Environments

ITPUB

May 20, 2024 · Information Security

How a Hidden Backdoor in XZ Compression Threatens Global Open‑Source Infrastructure

A recent backdoor implanted in the widely used open‑source compression tool XZ exposes the fragile reliance on volunteer‑maintained software infrastructure, highlighting the massive economic value of open‑source, the sophisticated attack methods employed, and the urgent need for better security and maintenance practices.

Software Securitybackdoorinformation security

0 likes · 6 min read

How a Hidden Backdoor in XZ Compression Threatens Global Open‑Source Infrastructure

AntTech

May 17, 2024 · Information Security

Exploring and Practicing Cybersecurity Insurance for Small and Medium Enterprises

Amid rapid digital transformation, this article examines the growing importance of cybersecurity insurance for Chinese SMEs, presenting market data, challenges, a three‑layer protection model, and details of a recent industry salon that discussed practical solutions and future pilots.

InsuranceSMEscybersecurity

0 likes · 7 min read

Exploring and Practicing Cybersecurity Insurance for Small and Medium Enterprises

Java Backend Technology

May 16, 2024 · Information Security

Why Did Some Tender Files Show 127.0.0.1? Uncovering a Hidden Bug in Electronic Bidding Tools

A Chinese procurement announcement listed the localhost IP 127.0.0.1 in five bidders' documents, sparking online debate and technical analysis that traced the issue to a bug in the official electronic tender software, which can be reproduced by disabling IPv4.

C# reverse engineeringIP addressNetwork Configuration

0 likes · 8 min read

Why Did Some Tender Files Show 127.0.0.1? Uncovering a Hidden Bug in Electronic Bidding Tools

Architects Research Society

May 12, 2024 · Information Security

CISSP‑ISSAP Certification Overview, Exam Details, and Preparation Resources

The article outlines the CISSP‑ISSAP certification for security architects, detailing exam format, passing score, target audience, prerequisites, and a range of preparation resources including official guides, online courses, books, community forums, and practice tests to help candidates succeed.

CISSP-ISSAPExam PreparationSecurity Architecture

0 likes · 7 min read

CISSP‑ISSAP Certification Overview, Exam Details, and Preparation Resources

Data Thinking Notes

May 7, 2024 · Information Security

What the New GB/T 43697‑2024 Standard Means for Data Classification and Security

The Chinese national standard GB/T 43697‑2024 on Data Security Technology – Data Classification and Grading Rules has been officially released, providing universal classification guidelines and set to take effect on October 1 2024, offering essential direction for implementing data classification and grading management.

GB/T 43697-2024data classificationdata security

0 likes · 1 min read

What the New GB/T 43697‑2024 Standard Means for Data Classification and Security

21CTO

May 6, 2024 · Information Security

What Makes Chinese Government Websites Vulnerable? Study Highlights Key Risks

Researchers from Harbin Institute of Technology analyzed nearly 14,000 Chinese government websites, uncovering widespread security flaws such as missing DNS records, over‑reliance on a few DNS and ISP providers, vulnerable jQuery versions, and inadequate server redundancy, all of which could enable large‑scale attacks.

DNS vulnerabilitiesgovernment websitesinformation security

0 likes · 3 min read

What Makes Chinese Government Websites Vulnerable? Study Highlights Key Risks

Java Backend Technology

May 5, 2024 · Information Security

How a Hacker Hid a Backdoor in the xz Compression Tool for Over Two Years

A security researcher uncovered a sophisticated supply‑chain attack where a malicious contributor infiltrated the open‑source xz project, inserted a hidden backdoor into versions 5.6.0 and 5.6.1, and leveraged it to compromise systems that rely on xz via OpenSSH.

Supply Chainbackdoorinformation security

0 likes · 8 min read

How a Hacker Hid a Backdoor in the xz Compression Tool for Over Two Years

DevOps Operations Practice

May 3, 2024 · Information Security

Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications

The article explains how Python's simplicity, extensive ecosystem, versatility, and strong automation capabilities make it a preferred language for cybersecurity professionals, outlining five key reasons and showcasing typical use cases such as network scanning, penetration testing, malware analysis, security auditing, and tool development.

Network Scanningcybersecurityinformation security

0 likes · 6 min read

Why Python Is Ideal for the Cybersecurity Industry and Its Common Applications

DevOps Engineer

Apr 29, 2024 · Information Security

Understanding Code Signing: Importance, Process, and Tool Comparison

This article explains what code signing is, why it is essential for software integrity and trust, outlines the signing process, compares traditional code signing certificates with the GaraSign cloud service, and offers guidance on choosing the right solution based on cost, scalability, and compliance needs.

Code SigningSoftware Securitydigital certificates

0 likes · 7 min read

Understanding Code Signing: Importance, Process, and Tool Comparison

php Courses

Apr 26, 2024 · Information Security

Best Practices for Securing PHP Sessions

This article outlines essential strategies—including secure HttpOnly cookies, session ID regeneration, timeout handling, encrypted storage, user‑attribute verification, and permission checks—to harden PHP session management against hijacking, fixation, and unauthorized access.

Backendinformation securitysession-security

0 likes · 6 min read

Best Practices for Securing PHP Sessions

Selected Java Interview Questions

Apr 25, 2024 · Information Security

Techniques for Fuzzy Search on Encrypted Data: Approaches, Trade‑offs, and Practical Implementations

The article examines why encrypted sensitive fields such as passwords, phone numbers, and bank details need special handling, categorises three families of fuzzy‑search solutions for encrypted data, evaluates their security, performance and storage costs, and recommends a balanced conventional method for production use.

Data Protectionalgorithmdatabase

0 likes · 10 min read

Techniques for Fuzzy Search on Encrypted Data: Approaches, Trade‑offs, and Practical Implementations

DevOps Operations Practice

Apr 21, 2024 · Information Security

Overview of Kali Linux: Features, Tools, and Use Cases

Kali Linux, a Debian‑based distribution maintained by Offensive Security, bundles over 600 penetration‑testing and digital‑forensics tools such as Metasploit, Nmap, Wireshark, Aircrack‑ng and John the Ripper, making it a preferred platform for security professionals in testing, forensics, and network defense.

Kali Linuxdigital forensicsinformation security

0 likes · 4 min read

Overview of Kali Linux: Features, Tools, and Use Cases

Architecture and Beyond

Apr 20, 2024 · Information Security

How to Secure User Assets in SaaS: Strategies, Policies, and Pitfalls

The article defines user assets, explains why protecting them is vital for SaaS companies, and outlines organizational, procedural, technical, and emergency-response measures—plus common challenges—to help enterprises build comprehensive user asset security programs.

Data ProtectionSaaSinformation security

0 likes · 17 min read

How to Secure User Assets in SaaS: Strategies, Policies, and Pitfalls

Data Thinking Notes

Apr 18, 2024 · Information Security

How to Implement Effective Data Classification and Grading for Secure Data Management

Data classification and grading, essential components of data security governance, involve defining data categories, assigning sensitivity levels, adhering to national standards, and establishing organizational processes to ensure compliant, secure, and value‑driven data handling across enterprises.

Data GovernanceData Managementdata classification

0 likes · 20 min read

How to Implement Effective Data Classification and Grading for Secure Data Management

21CTO

Apr 18, 2024 · Information Security

Why 90% of Java Services Harbor Critical Vulnerabilities – Datadog 2024 Report

Datadog’s 2024 DevSecOps report reveals that 90% of Java services contain at least one severe vulnerability—far higher than other languages—largely due to indirect dependencies, and stresses the need for comprehensive dependency scanning, prioritized remediation, and robust alert triage to manage the flood of low‑impact automated attacks.

Dependency ScanningDevSecOpsJava

0 likes · 5 min read

Why 90% of Java Services Harbor Critical Vulnerabilities – Datadog 2024 Report

Sohu Tech Products

Apr 17, 2024 · Information Security

Understanding HTTPS and SSL/TLS: A Comprehensive Guide to Web Security

HTTPS secures web traffic by combining symmetric and asymmetric encryption, digital signatures, and certificate authorities within the TLS protocol to ensure confidentiality, integrity, authentication, and non‑repudiation, replacing insecure HTTP and becoming mandatory for modern browsers, servers, and platforms despite earlier concerns about cost and complexity.

CAHTTPSSSL/TLS

0 likes · 17 min read

Understanding HTTPS and SSL/TLS: A Comprehensive Guide to Web Security

21CTO

Apr 15, 2024 · Artificial Intelligence

What Software Development Trends Will Dominate 2024? AI, Blockchain, Cloud & More

The 2024 software development landscape will be shaped by rapid advances in artificial intelligence and machine learning, deeper integration of blockchain beyond cryptocurrency, the rise of multi‑runtime microservices and cloud‑native architectures, heightened focus on information security, expanding AR/VR applications, sustainable coding practices, quantum and edge computing, as well as evolving programming language preferences toward Python and Rust.

2024 trendsBlockchaininformation security

0 likes · 19 min read

What Software Development Trends Will Dominate 2024? AI, Blockchain, Cloud & More

macrozheng

Apr 11, 2024 · Information Security

Why MD5 Is Unsafe for Passwords and How to Choose Secure Hashing Algorithms

The article explains why MD5 and simple salted hashes are insecure for password storage, distinguishes between cryptographic and non‑cryptographic hash functions, introduces slow key‑derivation algorithms such as Bcrypt, Scrypt and Argon2, and recommends using strong KDFs with unique salts in modern applications.

KDFMD5bcrypt

0 likes · 7 min read

Why MD5 Is Unsafe for Passwords and How to Choose Secure Hashing Algorithms

DataFunSummit

Apr 6, 2024 · Information Security

Comprehensive Guide to Malicious Website Anti‑Fraud: Detection, Operation, and Modeling

This article provides a detailed overview of malicious website anti‑fraud, covering classification, development, operational tactics, revenue models, multi‑dimensional anomaly detection, and advanced counter‑measure models such as fingerprint, text, image, complex network, and multimodal approaches.

Graph Neural Networkanomaly detectionanti-fraud

0 likes · 16 min read

Comprehensive Guide to Malicious Website Anti‑Fraud: Detection, Operation, and Modeling

Su San Talks Tech

Apr 5, 2024 · Information Security

How Data Masking Protects Sensitive Information: Techniques & Best Practices

This article explains why personal data leaks happen, defines data masking (desensitization), compares static and dynamic masking, and details six common masking techniques—invalidating, randomization, replacement, symmetric encryption, averaging, and offsetting—to help developers safeguard privacy.

Dynamic Maskingdata anonymizationdata masking

0 likes · 8 min read

How Data Masking Protects Sensitive Information: Techniques & Best Practices

IT Services Circle

Apr 4, 2024 · Information Security

Understanding HTTPS: Security Principles, SSL/TLS, and Encryption Mechanisms

HTTPS secures web communication by adding SSL/TLS encryption to HTTP, providing confidentiality, integrity, authentication, and non-repudiation through a combination of symmetric and asymmetric cryptography, hash functions, digital signatures, and certificate authorities, while addressing migration concerns and performance considerations.

HTTPSSSL/TLSTLS

0 likes · 18 min read

Understanding HTTPS: Security Principles, SSL/TLS, and Encryption Mechanisms

Wukong Talks Architecture

Apr 1, 2024 · Information Security

Investigation of the xz Backdoor Vulnerability and Its Attack Chain

A recent security analysis reveals how a malicious contributor infiltrated the open‑source xz compression tool over two and a half years, inserted a backdoor using IFUNC hooks to compromise OpenSSH, and was eventually uncovered due to a CPU‑spike bug, highlighting severe risks for Linux and macOS systems.

OpenSSHbackdoorinformation security

0 likes · 8 min read

Investigation of the xz Backdoor Vulnerability and Its Attack Chain

MaGe Linux Operations

Apr 1, 2024 · Information Security

Understanding SSL Mutual Authentication vs. One‑Way Authentication

This article explains the fundamentals of SSL/TLS certificates, compares one‑way server authentication with mutual (two‑way) authentication using client certificates, and outlines the handshake processes, required components, and typical enterprise use cases.

SSLTLSclient certificate

0 likes · 8 min read

Understanding SSL Mutual Authentication vs. One‑Way Authentication

Software Development Quality

Mar 28, 2024 · Information Security

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

This article provides a detailed, step‑by‑step tutorial for installing and activating Burp Suite Professional, covering file extraction, PowerShell script execution, license entry, manual activation, and final verification, complemented by screenshots for each major step.

Burp SuitePowerShellWeb Security

0 likes · 4 min read

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

Aikesheng Open Source Community

Mar 19, 2024 · Information Security

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

The article explains how granting ordinary MySQL users full access to authentication tables can lead to severe privilege‑escalation risks, demonstrates the issue with concrete scenarios, and provides mitigation strategies including the use of MySQL 8.0 partial revokes and the principle of least privilege.

Partial Revokesaccess controlinformation security

0 likes · 9 min read

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

Huolala Tech

Mar 19, 2024 · Information Security

How AI and Big Data Transform Information Security Risk Management

This article examines the evolution of information security risk management—from classic standards like GB/T20984 and ISO27001 to modern AI‑driven, big‑data approaches—detailing risk definitions, quantitative models, international guidelines, and future research directions.

BayesianStandardsinformation security

0 likes · 14 min read

How AI and Big Data Transform Information Security Risk Management

DataFunSummit

Mar 16, 2024 · Information Security

Building a Fraud Advertising Flow Risk‑Control System: Eight Key Elements and Practical Practices

This article shares practical experience from Shumei on constructing a fraud‑advertising flow risk‑control system, detailing eight essential elements, scenario analysis, black‑industry pathways, event design, strategy formulation, implementation methods, value demonstration, and a Q&A session for developers and product teams.

Business strategyadvertising securityfraud detection

0 likes · 17 min read

Building a Fraud Advertising Flow Risk‑Control System: Eight Key Elements and Practical Practices

Practical DevOps Architecture

Mar 14, 2024 · Information Security

Comprehensive Penetration Testing Course Outline

This article provides a detailed curriculum for a penetration testing training program, covering operating system basics, web services, database setup, Kali Linux installation, various hacking tools, common web vulnerabilities, SQL injection techniques, command execution, file upload and inclusion flaws, XSS, CSRF, SSRF, privilege escalation, and internal network exploitation.

ethical hackinginformation securitynetwork security

0 likes · 10 min read

Comprehensive Penetration Testing Course Outline

Top Architect

Mar 12, 2024 · Information Security

Why Permission Management Is Needed and How to Design RBAC Models

The article explains the necessity of strict permission management in enterprises, introduces various permission models such as basic RBAC, role‑inheritance RBAC and constrained RBAC, and provides detailed table designs and best‑practice recommendations for implementing scalable and secure access control systems.

RBACRole-Based Access Controlaccess control

0 likes · 22 min read

Why Permission Management Is Needed and How to Design RBAC Models

Liangxu Linux

Mar 10, 2024 · Information Security

How to Secure Your Login API Against Brute‑Force, MITM, and Other Attacks

This article explains common login security risks such as brute‑force cracking, CAPTCHA bypass, IP‑based blocking, man‑in‑the‑middle attacks, and shows practical countermeasures like captcha enforcement, login throttling, phone verification, HTTPS adoption, and data encryption.

CaptchaHTTPSMITM

0 likes · 10 min read

How to Secure Your Login API Against Brute‑Force, MITM, and Other Attacks

21CTO

Mar 7, 2024 · Information Security

What the LINE Data Breach Reveals About Tech‑Stack Security and Governance

In December 2023 a massive data breach exposed over 510,000 LINE users, prompting the Japanese government to order LINE and its parent NAVER to overhaul their shared technology stack, tighten authentication, and separate their cloud infrastructures to prevent future security failures.

Technology Stackcloud securitydata breach

0 likes · 6 min read

What the LINE Data Breach Reveals About Tech‑Stack Security and Governance

Java Architect Essentials

Mar 3, 2024 · Information Security

How to Secure Login APIs: Defending Against Brute Force, MITM, and More

This article examines common login vulnerabilities such as brute‑force attacks, CAPTCHA bypass, IP‑based lockouts, and man‑in‑the‑middle threats, and provides practical mitigation techniques—including password‑retry limits, CAPTCHA, SMS verification, HTTPS enforcement, and logging—to harden web authentication systems.

CaptchaHTTPSIP blocking

0 likes · 11 min read

How to Secure Login APIs: Defending Against Brute Force, MITM, and More