Tagged articles

980 articles

Page 6 of 10

May 3, 2022 · Information Security

Can Your Wi‑Fi Spy on WeChat? Understanding Chat App Security and Encryption

This article explains how chat applications like WeChat protect messages with asymmetric and symmetric encryption, why network administrators generally cannot read chat content, and what alternative monitoring methods (such as installed surveillance software, system vulnerabilities, or compromised private keys) could expose your conversations.

MITM attackNetwork MonitoringWeChat security

0 likes · 9 min read

Can Your Wi‑Fi Spy on WeChat? Understanding Chat App Security and Encryption

Java Captain

Apr 30, 2022 · Information Security

Understanding Chat Application Security: Encryption, Network Monitoring, and Potential Vulnerabilities

The article explains how modern chat applications protect communication with asymmetric and symmetric encryption, why network eavesdropping alone cannot reveal messages, and how installed monitoring software or system vulnerabilities can still expose chat records, emphasizing the need for regular updates and careful device usage.

Network Monitoringchat securityencryption

0 likes · 9 min read

Understanding Chat Application Security: Encryption, Network Monitoring, and Potential Vulnerabilities

58 Tech

Apr 26, 2022 · Information Security

Design and Architecture of a Full‑Chain Data Warehouse for Information Security

The article presents a comprehensive design of an end‑to‑end data warehouse for information‑security governance, detailing background motivations, multi‑layer data architecture, dimension modeling, bus‑matrix mapping, real‑time (lambda/kappa) processing, data‑dictionary integration, and future directions toward unified streaming‑batch solutions.

Real-time Processingdata-warehousedimension modeling

0 likes · 16 min read

Design and Architecture of a Full‑Chain Data Warehouse for Information Security

IT Services Circle

Apr 24, 2022 · Information Security

Inno Stealer Malware Disguised as Windows 11 Installer Targets Users

A new Inno Stealer malware campaign masquerades as a legitimate Windows 11 upgrade installer, using a spoofed Microsoft site to distribute an infected ISO that creates hidden scripts, disables security, and steals browser data and cryptocurrency wallets, posing a serious information‑security threat.

Inno StealerWindows 11information security

0 likes · 4 min read

Inno Stealer Malware Disguised as Windows 11 Installer Targets Users

Programmer DD

Apr 24, 2022 · Information Security

Mullvad Privacy Companion Goes Open Source: Free Firefox Extension for Enhanced Anonymity

Mullvad Privacy Companion, a free open‑source Firefox extension, centralizes privacy tools, disables WebRTC IP leaks, supports SOCKS5, and is being adapted for Chromium browsers, while still in testing and inviting user feedback via email.

FirefoxMullvadbrowser extension

0 likes · 4 min read

Mullvad Privacy Companion Goes Open Source: Free Firefox Extension for Enhanced Anonymity

21CTO

Apr 22, 2022 · Operations

China’s Tech Pulse: CNKI Shutdown, Loongson Framework, and Global Chip Updates

Recent developments in China’s tech sector include the Academy of Sciences ending CNKI access, Loongson’s upcoming programming framework, Huawei’s $15 million telecom equipment delivery to Russia, ASML’s chip‑recycling revelation, TSMC founder’s critique of US chip expansion, Alibaba Cloud’s new VMware service, SAP’s Russian loss, and Oracle’s Java crypto fix.

China TechSemiconductorscloud computing

0 likes · 6 min read

China’s Tech Pulse: CNKI Shutdown, Loongson Framework, and Global Chip Updates

Continuous Delivery 2.0

Apr 21, 2022 · Information Security

Implementing Dependency Management Guidelines: Tools and Approaches for Software Composition Analysis

The article reviews the fifteen dependency‑management guidelines, discusses how to apply them in practice, and lists both open‑source and commercial tools—including Google’s Open Source Insights, Snyk, WhiteSource, Fossas, Anchore, OpenSCA, and MurphySec—while also highlighting differing analysis strategies and related research reports.

SCA toolsSoftware Composition Analysisdependency management

0 likes · 4 min read

Implementing Dependency Management Guidelines: Tools and Approaches for Software Composition Analysis

IT Architects Alliance

Apr 19, 2022 · Information Security

How Zero Trust Redefines Enterprise Security: Architecture, Implementation, and Real‑World Practices

This article provides a comprehensive analysis of Zero Trust security, explaining its core principles, SDP‑based architecture, various implementation models—including user‑to‑resource and service‑to‑service schemes—deployment options, practical use cases, and guidance for successful enterprise adoption.

SDPZero Trustaccess control

0 likes · 16 min read

How Zero Trust Redefines Enterprise Security: Architecture, Implementation, and Real‑World Practices

ELab Team

Apr 1, 2022 · Information Security

Why Your DNS Queries Are Exposed: Hidden Threats and Modern Defenses

This article explains how everyday network protocols such as DNS, HTTP, and IP routing expose your traffic to eavesdropping, hijacking, and spoofing, and it reviews practical mitigations like DNSSEC, DoH, ODoH, TLS 1.3, HSTS, and user‑focused security hygiene.

DNS securityDNSSECDoH

0 likes · 30 min read

Why Your DNS Queries Are Exposed: Hidden Threats and Modern Defenses

MaGe Linux Operations

Mar 31, 2022 · Information Security

Essential Penetration Testing Dictionaries for Efficient Brute-Force Attacks

This article introduces concise penetration testing dictionaries and shares a high‑efficiency brute‑force wordlist, providing free resources for security engineers seeking effective attack payloads and encouraging community access to valuable cybersecurity tools.

brute forcecybersecurity resourcesdictionary

0 likes · 1 min read

Essential Penetration Testing Dictionaries for Efficient Brute-Force Attacks

IT Services Circle

Mar 31, 2022 · Information Security

Overview of Common Information Security Techniques: Network, System, and Cryptography

This article provides a comprehensive overview of essential information security technologies, covering network attacks such as SQL injection, XSS, CSRF, DDoS, DNS and TCP hijacking, system vulnerabilities like stack overflow and privilege escalation, and core cryptographic concepts including symmetric/asymmetric encryption, key exchange, hashing, encoding, and multi‑factor authentication.

DDoSDNS hijackingSQL injection

0 likes · 23 min read

Overview of Common Information Security Techniques: Network, System, and Cryptography

IT Services Circle

Mar 31, 2022 · Information Security

Mobile Browsers Read Clipboard Data and Expose Plaintext Passwords, CCTV Report Shows

A CCTV investigation revealed that some mobile browsers and integrated third‑party SDKs silently read users’ clipboard, capturing bank account numbers, passwords and other personal data in plaintext even when running in the background, highlighting serious privacy risks under China’s Personal Information Protection Law.

CCTVMobile Securityclipboard

0 likes · 3 min read

Mobile Browsers Read Clipboard Data and Expose Plaintext Passwords, CCTV Report Shows

Java Backend Technology

Mar 31, 2022 · Information Security

Spring’s Dangerous RCE 0‑Day: Why Java 8 Is Safe and How to Stay Protected

This article reveals a newly disclosed Spring framework RCE 0‑day vulnerability caused by unsafe Java serialization, rates it as dangerous, explains why Java 8 remains unaffected, and warns developers against indiscriminate JDK upgrades while comparing it to the Log4j2 incident.

JavaRCEinformation security

0 likes · 3 min read

Spring’s Dangerous RCE 0‑Day: Why Java 8 Is Safe and How to Stay Protected

DataFunTalk

Mar 30, 2022 · Information Security

A Brief History of Cryptography and the Rise of Privacy Computing

This article surveys the evolution of cryptography from ancient Mesopotamian cipher sticks through classical ciphers, the Enigma machine, modern public‑key systems, and multi‑party computation, then explains the concept, current challenges, and future directions of privacy‑preserving computation technologies.

MPCcryptographyinformation security

0 likes · 19 min read

A Brief History of Cryptography and the Rise of Privacy Computing

IT Architects Alliance

Mar 21, 2022 · Information Security

OAuth2 and JWT Based Security Authentication Design and Implementation Overview

This article provides a comprehensive overview of a token‑based security authentication system, covering terminology, development background, objectives, functional points, technology selection, OAuth2 grant types, JWT fundamentals, authentication flow, credential renewal, and interface design for unified access control across microservices.

JWTOAuth2access_token

0 likes · 10 min read

OAuth2 and JWT Based Security Authentication Design and Implementation Overview

DataFunSummit

Mar 20, 2022 · Information Security

Black and Gray Market Intelligence and Countermeasures in the Residential Service Industry (Beike)

This presentation outlines the landscape of black and gray market activities in China's residential real‑estate platform, describes the various fraud scenarios, details intelligence collection, tracing architecture, and anti‑fraud measures, and shares typical cases such as fake C‑side registrations and crawler attacks.

IntelligenceReal Estateblack market

0 likes · 11 min read

Black and Gray Market Intelligence and Countermeasures in the Residential Service Industry (Beike)

Top Architect

Mar 15, 2022 · Information Security

Comparing JWT and OAuth2: Concepts, Implementation Details, and Use Cases

This article explains the fundamental differences between JSON Web Token (JWT) and OAuth2, describes how each works, provides code examples of JWT structure, outlines OAuth2 roles and flows, and discusses practical scenarios, advantages, and drawbacks for securing APIs.

API SecurityAuthenticationAuthorization

0 likes · 12 min read

Comparing JWT and OAuth2: Concepts, Implementation Details, and Use Cases

Architecture Digest

Mar 14, 2022 · Information Security

Standardized Token‑Based Authentication Architecture Using OAuth2 and JWT for Enterprise Platforms

The article outlines the need for a unified account management system in enterprise platforms and details a token‑based authentication solution using OAuth2 password grant and JWT, describing its advantages, workflow, technical selection, and interface design for secure cross‑service integration.

JWTOAuth2enterprise architecture

0 likes · 9 min read

Standardized Token‑Based Authentication Architecture Using OAuth2 and JWT for Enterprise Platforms

IT Services Circle

Mar 13, 2022 · Information Security

Enabling Microsoft MAPS Advanced Protection in Windows Defender

This article explains why Windows Defender is generally sufficient, how security professionals can unlock the hidden Microsoft Advanced Protection Service (MAPS) via Group Policy or PowerShell, and provides additional configuration tips for ransomware protection, signature updates, and cloud‑based blocking.

Malware ProtectionPowerShellWindows Defender

0 likes · 6 min read

Enabling Microsoft MAPS Advanced Protection in Windows Defender

High Availability Architecture

Mar 11, 2022 · Information Security

Technical Analysis of Y‑BotManager Anti‑Spam Mechanism and SensorData Reverse Engineering

This article presents a detailed technical analysis of the Y‑BotManager anti‑spam system, describing its architecture, the reverse‑engineering process of its SensorData generation, the device and user‑interaction features used for bot detection, and the practical attempts to bypass the protection.

BotnetFingerprintingSensor Data

0 likes · 12 min read

Technical Analysis of Y‑BotManager Anti‑Spam Mechanism and SensorData Reverse Engineering

21CTO

Mar 10, 2022 · Information Security

What Is the ‘Dirty Pipe’ Linux Vulnerability (CVE‑2022‑0847) and How to Protect Your Systems?

The newly disclosed Linux kernel vulnerability CVE‑2022‑0847, dubbed “Dirty Pipe,” affects kernels 5.8 and later (including many Android 12 devices), allowing unprivileged users to overwrite read‑only files and gain root privileges, with existing PoC/EXP and patches already released.

CVE-2022-0847Dirty Pipeinformation security

0 likes · 3 min read

What Is the ‘Dirty Pipe’ Linux Vulnerability (CVE‑2022‑0847) and How to Protect Your Systems?

Top Architect

Mar 8, 2022 · Information Security

Critical Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation

This article explains two high‑severity Spring Cloud Gateway vulnerabilities (CVE‑2022‑22946 and CVE‑2022‑22947), outlines the affected versions, describes how attackers can exploit exposed Actuator endpoints, and provides concrete mitigation steps such as upgrading to safe releases or disabling the gateway actuator.

ActuatorCVE-2022-22946CVE-2022-22947

0 likes · 6 min read

Critical Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation

Java Architecture Diary

Mar 4, 2022 · Information Security

How to Prevent the Spring Cloud Gateway RCE Vulnerability (CVE‑2022‑22947)

This article explains the remote code execution flaw in Spring Cloud Gateway's Actuator endpoint (CVE‑2022‑22947), lists the affected versions, and provides mitigation steps such as restricting endpoint exposure, upgrading to patched releases, and applying operational hardening best practices.

ActuatorCVE-2022-22947Spring Cloud Gateway

0 likes · 3 min read

How to Prevent the Spring Cloud Gateway RCE Vulnerability (CVE‑2022‑22947)

Zhongtong Tech

Mar 3, 2022 · Information Security

How ZTO’s “Box” Platform Merges Security and Collaboration in a Zero‑Trust Era

This article examines the origins, strategic importance, architecture, and key features of ZTO’s internally‑developed “Box” platform, illustrating how it unifies seamless user experience with deep security through zero‑trust principles, cross‑platform development, and integrated collaboration tools for a large logistics enterprise.

Cross‑platform developmentEnterprise SoftwareZero Trust

0 likes · 26 min read

How ZTO’s “Box” Platform Merges Security and Collaboration in a Zero‑Trust Era

IT Services Circle

Mar 2, 2022 · Information Security

Understanding Spectre: Speculative Execution, Side‑Channel Attacks, and Browser Mitigations

This article explains the Spectre hardware vulnerability, how it leverages speculative execution and side‑channel attacks to read arbitrary memory, and reviews the browser‑level defenses such as cache policies, timer reduction, rel="noopener", COOP, COEP and CORB that aim to mitigate its impact.

Browser SecurityCOEPCOOP

0 likes · 15 min read

Understanding Spectre: Speculative Execution, Side‑Channel Attacks, and Browser Mitigations

Java High-Performance Architecture

Mar 1, 2022 · Information Security

Why Do Critical Systems Still Use 'admin/123456'? Lessons from Ukraine’s Military Breach

An investigation reveals how weak credentials like "admin" and "123456" persisted in Ukraine’s military control systems, exposing massive data to low‑skill attackers and highlighting the urgent need for stronger password policies across critical infrastructure.

Ukraineadmin123456cybersecurity

0 likes · 5 min read

Why Do Critical Systems Still Use 'admin/123456'? Lessons from Ukraine’s Military Breach

HaoDF Tech Team

Feb 28, 2022 · Information Security

Partner Data Security Closed‑Loop Management at Haodf Online

This article outlines how Haodf Online implements a closed‑loop partner data security framework—covering background regulations, SDL‑based lifecycle stages, partner information handling, security assessment, API testing, monitoring, and continuous improvement—to protect sensitive medical data across its ecosystem.

API SecuritySDLcompliance

0 likes · 14 min read

Partner Data Security Closed‑Loop Management at Haodf Online

Programmer DD

Feb 26, 2022 · Information Security

Why Even Military Systems Use "admin/123456" and How to Strengthen Your Passwords

The article reveals how millions still use weak passwords like "123456", highlights a Ukrainian military system compromised by default credentials, and offers practical guidelines for creating stronger passwords to protect personal and organizational data.

cybersecuritydata breachesinformation security

0 likes · 5 min read

Why Even Military Systems Use "admin/123456" and How to Strengthen Your Passwords

DevOps

Feb 25, 2022 · Information Security

Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines

This article explains why Docker, the dominant container runtime, introduces significant security risks, outlines eight key container‑security challenges, provides 26 practical Docker hardening recommendations, adds seven Kubernetes protection best practices, and lists eleven essential questions for assessing a secure cloud‑native environment.

DevSecOpsbest practicesinformation security

0 likes · 14 min read

Docker and Kubernetes Security: Challenges, 26 Docker Best Practices, and 7 Kubernetes Hardening Guidelines

Java High-Performance Architecture

Feb 18, 2022 · Information Security

When Web Crawlers Cross the Line: A Legal Case Study on Unauthorized Data Scraping

This article recounts how a Chinese fintech company's automated web‑crawler, built to query a municipal residence‑permit system, overloaded the server, triggered police action, led to criminal charges for the CTO and programmer, and offers lessons on the legal risks of large‑scale data scraping.

Web Crawlingcloud computingcomputer crime

0 likes · 9 min read

When Web Crawlers Cross the Line: A Legal Case Study on Unauthorized Data Scraping

Selected Java Interview Questions

Feb 6, 2022 · Information Security

Symmetric, Asymmetric, and Hybrid Encryption: Principles, Advantages, and Key Distribution Issues

This article explains the fundamentals of symmetric, asymmetric, and hybrid encryption, compares their strengths and weaknesses, discusses key distribution challenges, and illustrates how combining both methods can address security gaps while highlighting potential man‑in‑the‑middle attacks.

Hybrid Encryptionasymmetric encryptioninformation security

0 likes · 7 min read

Symmetric, Asymmetric, and Hybrid Encryption: Principles, Advantages, and Key Distribution Issues

DataFunTalk

Feb 6, 2022 · Information Security

Black and Gray Market Threats and Countermeasures in the Residential Services Industry (Beike)

This presentation details the current landscape of black and gray market activities in the residential services sector, describes typical fraud scenarios such as fake user registrations and crawler attacks, and outlines Beike's intelligence collection, tracing capabilities, and multi‑stage anti‑fraud operations to detect, investigate, and mitigate these threats.

IntelligenceReal Estateanti‑fraud

0 likes · 12 min read

Black and Gray Market Threats and Countermeasures in the Residential Services Industry (Beike)

DataFunTalk

Jan 29, 2022 · Information Security

Data Security and Privacy-Enhancing Computing Solutions by Alibaba Cloud

This article outlines the current data security challenges and trends in digital transformation, presents Alibaba Cloud's privacy-enhancing computing approach with the DataTrust product, and details the DSMM framework, lifecycle protection, and practical solutions for secure data sharing and usage.

Alibaba CloudDataTrustcloud security

0 likes · 14 min read

Data Security and Privacy-Enhancing Computing Solutions by Alibaba Cloud

ITPUB

Jan 29, 2022 · Information Security

Linus Torvalds’ GitHub Prank Exposes a Fake‑Commit Vulnerability

On January 25 Linus Torvalds posted a joking README in the Linux GitHub repository that claimed to delete Linux, which turned out to be a demonstration of a “fake‑commit” vulnerability that lets attackers host arbitrary files via special URLs without appearing in the commit history.

GitHubLinus TorvaldsSecurity Vulnerability

0 likes · 5 min read

Linus Torvalds’ GitHub Prank Exposes a Fake‑Commit Vulnerability

Java Captain

Jan 27, 2022 · Information Security

A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok

This article introduces several widely used internal network penetration and tunneling tools—including NPS, FRP, EW, and Ngrok—explains their core principles, features, and provides step‑by‑step installation and configuration commands for exposing services such as HTTP, SSH, RDP, and file sharing to the public internet.

NPSewfrp

0 likes · 14 min read

A Practical Guide to Internal Network Penetration Tools: NPS, FRP, EW, and Ngrok

21CTO

Jan 26, 2022 · Information Security

Is Vue.js a Security Risk? Analyzing Recent Alerts and Real Code

Recent Chinese security alerts claim hackers exploited Vue.js and SonarQube to launch XSS attacks and steal source code, but the Vue creator clarifies that the vulnerabilities stem from backend API authentication, not the framework itself, while still acknowledging potential XSS risks in Vue applications.

Backend APIVue.jsXSS

0 likes · 5 min read

Is Vue.js a Security Risk? Analyzing Recent Alerts and Real Code

DataFunTalk

Jan 26, 2022 · Information Security

Digital Watermarking for Data Leakage Tracing: Techniques, Applications, and Challenges

This article examines the rapid growth of China’s digital economy, the escalating risk of data leaks, and how digital watermarking—across images, text, and databases—can be applied to trace leaks, protect privacy, and address practical challenges in e‑commerce environments.

data leakagedatabase watermarkdigital watermarking

0 likes · 15 min read

Digital Watermarking for Data Leakage Tracing: Techniques, Applications, and Challenges

21CTO

Jan 24, 2022 · Information Security

Why Google Analytics Is Declared Illegal in Europe: GDPR Implications

A recent Austrian court ruling deems the use of Google Analytics on European websites illegal under GDPR, highlighting data transfer concerns, the role of NOYB, and the broader impact on U.S. tech services operating in the EU.

EU LawGDPRGoogle Analytics

0 likes · 8 min read

Why Google Analytics Is Declared Illegal in Europe: GDPR Implications

21CTO

Jan 22, 2022 · Information Security

What’s Driving the Surge of Linux‑Based IoT Malware in 2021?

The article examines how the proliferation of Linux‑powered IoT devices has made them prime targets for malware families like XorDDoS, Mirai and Mozi, highlighting their rapid growth, attack techniques, and recommended defensive measures for operators.

BotnetDDoSIoT security

0 likes · 8 min read

What’s Driving the Surge of Linux‑Based IoT Malware in 2021?

21CTO

Jan 19, 2022 · Information Security

Why Is the U.S. Targeting Alibaba Cloud Over National Security Concerns?

The Biden administration is scrutinizing Alibaba's cloud services for potential national security risks, focusing on data storage practices, possible Chinese government access, and the broader impact on U.S.-China tech relations, while Alibaba's shares dip amid regulatory pressure.

AlibabaUS-China Relationscloud computing

0 likes · 6 min read

Why Is the U.S. Targeting Alibaba Cloud Over National Security Concerns?

Cloud Native Technology Community

Jan 19, 2022 · Information Security

Securing Cloud‑Native Platforms in Banking: A Multi‑Layer Container Security Guide

This article examines how banks can adopt cloud‑native container technologies while addressing security challenges through a four‑layer architecture covering infrastructure, platform, container, and full‑lifecycle risk mitigation, offering practical recommendations for robust, compliant cloud operations.

BankingContainer Securitycloud-native

0 likes · 8 min read

Securing Cloud‑Native Platforms in Banking: A Multi‑Layer Container Security Guide

Tencent Cloud Developer

Jan 19, 2022 · Information Security

Unveiling MD5: How It Works, Its Fixed Length, and Why It’s Vulnerable

This article explores the MD5 hashing algorithm in depth, detailing its fixed 128‑bit output, the padding and block processing steps defined in RFC 1321, the internal round functions, and the reasons it is considered irreversible yet vulnerable to collisions and various cracking techniques such as brute‑force, rainbow tables, and differential attacks.

MD5collision attackcryptography

0 likes · 15 min read

Unveiling MD5: How It Works, Its Fixed Length, and Why It’s Vulnerable

DataFunSummit

Jan 18, 2022 · Information Security

Digital Watermarking for Data Leakage Traceability: Techniques, Applications, and Challenges

The article explores the rapid growth of China's digital economy, the escalating risk of data leaks, and how digital watermarking—across images, text, and databases—can be employed to trace leakage sources, protect e‑commerce data, and address practical challenges in security implementations.

data leakagedatabase watermarkdigital watermarking

0 likes · 15 min read

Digital Watermarking for Data Leakage Traceability: Techniques, Applications, and Challenges

Open Source Linux

Jan 17, 2022 · Information Security

Understanding Firewalls: Concepts, Types, and Linux iptables Explained

This article introduces firewall fundamentals, traces their evolution, compares network, application, and database firewalls, explores Linux firewall implementations with iptables and Netfilter, and discusses performance metrics, limitations, and practical use cases for securing enterprise networks.

information securityiptableslinux

0 likes · 10 min read

Understanding Firewalls: Concepts, Types, and Linux iptables Explained

DataFunSummit

Jan 15, 2022 · Information Security

Data Security Governance: Concepts, Goals, Tools, and Practices

This article explains data security fundamentals, the full data lifecycle, the 4A/5A security model, trust‑level goals, and a comprehensive tool framework covering identity authentication, permission control, asset protection, and governance strategies to protect data throughout its lifecycle.

access controlinformation securityprivacy

0 likes · 14 min read

Data Security Governance: Concepts, Goals, Tools, and Practices

ByteDance Terminal Technology

Jan 11, 2022 · Information Security

Graph-Based Detection of Malicious Webpages: Methods, Experiments, and Future Work

This article presents a comprehensive study on detecting malicious webpages using heterogeneous graph structures and Graph Convolutional Networks, detailing background challenges, technical approaches, model iterations, optimization techniques for large‑scale deployment, experimental results, and directions for future research.

DetectionGCNgraph neural networks

0 likes · 9 min read

Graph-Based Detection of Malicious Webpages: Methods, Experiments, and Future Work

Code Ape Tech Column

Jan 11, 2022 · Information Security

Data Masking (Desensitization) Techniques: Static and Dynamic Approaches

This article explains data masking, its importance for protecting sensitive information, and details both static and dynamic masking methods—including nullification, randomization, substitution, symmetric encryption, mean value, and offset rounding—along with practical examples and implementation considerations.

Dynamic Maskinginformation securityprivacy

0 likes · 8 min read

Data Masking (Desensitization) Techniques: Static and Dynamic Approaches

IT Xianyu

Jan 10, 2022 · Information Security

Understanding Mobile Number One‑Click Login and Verification Across Chinese Carriers

This article explains the principles, features, and implementation details of carrier‑based one‑click login and mobile number verification services offered by China Mobile, China Telecom, and China Unicom, highlighting SDK usage, network requirements, caching, and security considerations.

Mobile AuthenticationSDKcarrier verification

0 likes · 9 min read

Understanding Mobile Number One‑Click Login and Verification Across Chinese Carriers

Programmer DD

Jan 10, 2022 · Information Security

Why the FTC Demands Immediate Log4j2 Fixes and How to Protect Your Data

The FTC urges companies to urgently patch Log4j2 (CVE‑2021‑44228) after a month of attacks by state‑backed hackers, warning of massive data leaks, financial loss, and potential lawsuits, while highlighting past cases like Equifax’s $700 million settlement.

CVE-2021-44228FTCinformation security

0 likes · 4 min read

Why the FTC Demands Immediate Log4j2 Fixes and How to Protect Your Data

Top Architect

Jan 9, 2022 · Information Security

Technical Analysis and Recent Updates of Xi'an “One Code Pass” System

The article reviews the Xi'an “One Code Pass” health‑code platform, covering its award recognition, recent service outages, capacity‑planning calculations, security‑platform procurement, Ministry engineer inspection, and the identified technical bottlenecks such as lack of CDN for static assets and insufficient outbound bandwidth.

Big DataOne Code PassSystem Architecture

0 likes · 7 min read

Technical Analysis and Recent Updates of Xi'an “One Code Pass” System

ByteDance Terminal Technology

Jan 7, 2022 · Information Security

Graph-Based Detection of Malicious Webpages: Methods, Experiments, and Future Directions

This article presents a comprehensive study on detecting malicious webpages by constructing heterogeneous graphs from URL redirection and textual features, applying Graph Convolutional Networks and Cluster‑Text‑GCN models, detailing optimization techniques for large‑scale deployment, and outlining future research directions.

GCNgraph neural networksheterogeneous graph

0 likes · 11 min read

Graph-Based Detection of Malicious Webpages: Methods, Experiments, and Future Directions

JD Tech Talk

Dec 31, 2021 · Information Security

Design and Implementation of JD Tech Mobile App Privacy Compliance Detection System

This article presents the background, industry challenges, design principles, architecture, core capabilities, and implementation details of JD Tech's privacy compliance detection system for mobile applications, highlighting both static and dynamic analysis techniques to identify and remediate personal data risks.

Dynamic analysisJD Techcompliance

0 likes · 14 min read

Design and Implementation of JD Tech Mobile App Privacy Compliance Detection System

Python Programming Learning Circle

Dec 31, 2021 · Information Security

Photon: High‑Efficiency Multithreaded Web Crawler – Features, Compatibility, and Usage Guide

Photon is a fast, multithreaded Python web crawler that extracts URLs, files, and various intelligence from targets, offering flexible options, Ninja mode, and extensive command‑line parameters while supporting Linux, Windows, macOS, and Termux environments.

Web Crawlercommand-lineinformation security

0 likes · 10 min read

Photon: High‑Efficiency Multithreaded Web Crawler – Features, Compatibility, and Usage Guide

Java Architect Essentials

Dec 30, 2021 · Information Security

Log4j2 Vulnerability and Logback Security: Remediation Recommendations

This article outlines the Log4j2 security vulnerability, notes that Logback shares the same flaw, and provides comprehensive remediation advice—including upgrading to Log4j2 2.17, coordinating development and security teams, testing environments, JDK updates, and consulting professional security services.

Patch UpgradeSecurity VulnerabilitySoftware Remediation

0 likes · 5 min read

Log4j2 Vulnerability and Logback Security: Remediation Recommendations

Python Programming Learning Circle

Dec 30, 2021 · Information Security

A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools

The author recounts a step‑by‑step penetration test against a fraudulent reseller, detailing OSINT gathering, port scanning, FTP brute‑forcing, JavaScript injection, location tracking, domain hijacking, and the deployment of custom Python scripts for each stage.

ftp brute forceinformation securitypenetration testing

0 likes · 7 min read

A Personal Penetration Test Narrative: Hacking a Fraudulent Reseller with Python Tools

政采云技术

Dec 30, 2021 · Information Security

Introduction to Web Security Testing and Common Vulnerabilities

This article introduces web security testing, explains why it is essential, describes common vulnerabilities such as weak passwords, XSS, CSRF, SQL injection, authorization bypass, and file upload issues, and offers practical prevention measures and testing guidelines for developers and testers.

SQL injectionVulnerabilityWeb Security

0 likes · 14 min read

Introduction to Web Security Testing and Common Vulnerabilities

Laravel Tech Community

Dec 28, 2021 · Information Security

Investigation Reveals XiaoHongShu Platform’s Exposure of Minors’ Privacy and Inadequate Content Moderation

A recent investigation uncovers how the XiaoHongShu app repeatedly pushes videos that expose minors’ personal privacy, featuring inadequate content review, legal concerns, and platform apologies, while highlighting new network protection regulations and the company's pledged actions to curb such violations.

Legal ComplianceXiaohongshucontent moderation

0 likes · 6 min read

Investigation Reveals XiaoHongShu Platform’s Exposure of Minors’ Privacy and Inadequate Content Moderation

HomeTech

Dec 28, 2021 · Information Security

SQL Injection Vulnerability Analysis and Defense Strategies

This article provides a comprehensive analysis of SQL injection vulnerabilities, covering their principles, testing tools, repair methods, and defense strategies, with practical implementation guidance for secure web application development.

Database SecurityOWASPParameterized Queries

0 likes · 15 min read

SQL Injection Vulnerability Analysis and Defense Strategies

AntTech

Dec 27, 2021 · Information Security

Overview of the Data Security Composite Governance and Practice Whitepaper

The jointly authored whitepaper by China Software Testing Center, National Information Center, and Ant Group introduces a data security composite governance model, detailing strategic, managerial, and technical dimensions, multi‑view security measurement, and practical implementation guidance for enterprises under the new data security law.

composite modeldata securitygovernance

0 likes · 8 min read

Overview of the Data Security Composite Governance and Practice Whitepaper

Efficient Ops

Dec 27, 2021 · Information Security

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity – Insights from the CAICT Assessment

Zhengzhou Bank’s electronic banking system passed the Level 2 security‑operation assessment of the DevSecOps standard, showcasing how standardization, tool empowerment, and a culture of shared security responsibility can elevate a financial institution’s DevOps practices to an advanced domestic level.

BankingDevOpsDevSecOps

0 likes · 14 min read

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity – Insights from the CAICT Assessment

Efficient Ops

Dec 26, 2021 · Operations

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity: Insights and Lessons

The article reports on Zhengzhou Bank's successful DevSecOps assessment at the 2021 GOLF+ IT New Governance Forum, detailing the bank's interview on implementation practices, cultural, process and technical measures, and the broader significance of the national DevOps maturity model for digital governance.

DevSecOpsDigital GovernanceMaturity Assessment

0 likes · 12 min read

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity: Insights and Lessons

JD Tech

Dec 24, 2021 · Artificial Intelligence

JD.com Announces 2021 Technology Achievements: AI Breakthroughs, Cloud Innovations, and Industry Applications

In its 2021 technology report, JD.com highlights over 220 published papers, 60 competition awards, 260 breakthroughs—including advances in trustworthy AI, quantum computing, multimodal AI, and supply‑chain automation—while showcasing cloud‑native infrastructure, information‑security innovations, and numerous industry‑focused applications across logistics, retail, and smart cities.

Quantum ComputingSupply Chainartificial intelligence

0 likes · 11 min read

JD.com Announces 2021 Technology Achievements: AI Breakthroughs, Cloud Innovations, and Industry Applications

Top Architect

Dec 23, 2021 · Information Security

Understanding the Critical Log4j2 Vulnerability and Emergency Mitigation Measures

The article explains the Log4j2 remote code execution flaw caused by unsafe JNDI lookups, outlines its widespread impact on Java applications and major Chinese tech firms, and provides concrete emergency mitigation steps such as JVM parameter changes, firewall rules, and upgrading to version 2.17.0.

JNDIJavaRemediation

0 likes · 7 min read

Understanding the Critical Log4j2 Vulnerability and Emergency Mitigation Measures

MaGe Linux Operations

Dec 19, 2021 · Information Security

How I Cracked a Password‑Protected Cain & Abel Zip in 5 Hours with John the Ripper

A network‑security enthusiast shows step‑by‑step how to use Kali's zip2john and John the Ripper to break a password‑protected Cain & Abel zip file, revealing the password "darknet123" after five hours of brute‑force cracking.

John the RipperKali Linuxinformation security

0 likes · 3 min read

How I Cracked a Password‑Protected Cain & Abel Zip in 5 Hours with John the Ripper

政采云技术

Dec 17, 2021 · Information Security

Analyzing and Reproducing the Log4j2 Critical Vulnerability in Spring Boot Applications

This article examines the Log4j2 critical vulnerability, explains why merely having log4j‑api does not guarantee exposure, demonstrates step‑by‑step reproduction in a Spring Boot project, analyzes the JNDI injection mechanism, and outlines temporary mitigations and official fixes.

JNDIJavaSpring Boot

0 likes · 13 min read

Analyzing and Reproducing the Log4j2 Critical Vulnerability in Spring Boot Applications

21CTO

Dec 15, 2021 · Information Security

Why Log4Shell Is the Most Critical Vulnerability Since Heartbleed

The Log4Shell (CVE-2021-44228) vulnerability in Apache Log4j, first reported on November 24, has triggered a global security crisis, affecting thousands of organizations, enabling rapid exploitation for crypto mining and data theft, and prompting massive attack volumes that rival historic flaws like Heartbleed and EternalBlue.

CVE-2021-44228Log4ShellRemote Code Execution

0 likes · 6 min read

Why Log4Shell Is the Most Critical Vulnerability Since Heartbleed

Programmer DD

Dec 13, 2021 · Information Security

Can Meta’s New Hash‑Based Tool Really Stop Revenge Porn?

Meta’s latest privacy tool lets users pre‑upload intimate images to generate a unique digital fingerprint that platforms match and delete if re‑uploaded, but its reliance on exact‑match hashing, similar to PhotoDNA, raises questions about effectiveness, privacy, and the broader challenges of end‑to‑end encryption delays at the company.

Metadigital fingerprintimage hashing

0 likes · 8 min read

Can Meta’s New Hash‑Based Tool Really Stop Revenge Porn?

Senior Brother's Insights

Dec 12, 2021 · Information Security

Unveiling JNDI: From Basics to Real‑World Log4j2 Exploit with RMI

This article explains the fundamentals of Java Naming and Directory Interface (JNDI), its architecture and typical usage, then walks through a step‑by‑step RMI implementation and demonstrates how JNDI can be abused to craft a Log4j2 remote code execution attack, complete with full code samples and mitigation advice.

ExploitJNDIJava

0 likes · 20 min read

Unveiling JNDI: From Basics to Real‑World Log4j2 Exploit with RMI

Java Interview Crash Guide

Dec 8, 2021 · Information Security

How to Prevent Java Decompilation: Isolation, Encryption, Native Code, and Obfuscation Techniques

This article explains why Java bytecode is easy to decompile and presents four major protection methods—isolating the program, encrypting class files, converting to native code, and applying code obfuscation—detailing their implementations, advantages, and limitations.

JavaObfuscationcode protection

0 likes · 13 min read

How to Prevent Java Decompilation: Isolation, Encryption, Native Code, and Obfuscation Techniques

Programmer DD

Dec 2, 2021 · Information Security

How to Protect Java Applications from Decompilation: Techniques and Best Practices

This article explains why Java bytecode is easy to decompile and presents several practical protection methods—including isolation, class file encryption, native code conversion, and various obfuscation techniques—while discussing their advantages, limitations, and typical use cases.

class encryptioncode obfuscationdecompilation

0 likes · 13 min read

How to Protect Java Applications from Decompilation: Techniques and Best Practices

Open Source Linux

Dec 1, 2021 · Information Security

Mastering Intranet Penetration: A Practical Guide to nps, frp, EW, and ngrok

This comprehensive tutorial introduces several widely used intranet penetration and proxy tools—including nps, frp, EW, and ngrok—explaining their core principles, key features, installation steps, configuration details, and practical usage scenarios for secure remote access and service exposure.

NPSProxyfrp

0 likes · 17 min read

Mastering Intranet Penetration: A Practical Guide to nps, frp, EW, and ngrok

AntTech

Nov 26, 2021 · Information Security

Achieving “Computable but Not Identifiable”: Balancing Personal Data Protection and Industry Development with Trusted Computing

The article examines how the Personal Information Protection Law creates a new authorization framework and introduces the “computable but not identifiable” concept, arguing that trusted‑computing technologies and controlled environments can reconcile strict privacy safeguards with the data‑driven needs of AI and other industries.

Data Governanceartificial intelligencedata anonymization

0 likes · 10 min read

Achieving “Computable but Not Identifiable”: Balancing Personal Data Protection and Industry Development with Trusted Computing

21CTO

Nov 24, 2021 · Information Security

How Parents Built an Open‑Source School App to Beat a $117M Failure

Swedish parents, frustrated by the costly and unusable official Skolplattformen app, reverse‑engineered its API and released the open‑source Öppna Skolplattformen, sparking legal battles, privacy debates, and a community‑driven alternative that now serves thousands of families.

Swedeninformation securityprivacy

0 likes · 12 min read

How Parents Built an Open‑Source School App to Beat a $117M Failure

Programmer DD

Nov 20, 2021 · Information Security

Why Firefox Blocked the ‘Bypass’ Add‑Ons and How to Protect Your Browser

Mozilla’s security team has disabled the malicious ‘Bypass’ and ‘Bypass XM’ Firefox extensions that abused the proxy API, affecting hundreds of thousands of users, and provides steps to identify and remove them while highlighting recent Firefox updates and new security features.

Firefoxbrowser extensionsinformation security

0 likes · 5 min read

Why Firefox Blocked the ‘Bypass’ Add‑Ons and How to Protect Your Browser

Architects' Tech Alliance

Nov 13, 2021 · Information Security

Understanding Firewalls: Definition, Principles, Architecture, and Functions

This article explains firewalls by defining their purpose, describing how they monitor and filter network traffic, outlining their architecture—including screening routers and proxy servers—and listing their key security functions such as access control, traffic filtering, logging, and attack detection.

access controlfirewallinformation security

0 likes · 7 min read

Understanding Firewalls: Definition, Principles, Architecture, and Functions

MaGe Linux Operations

Nov 13, 2021 · Information Security

Hive Ransomware Targets Linux: Bugs, New Features, and Industry Shift

Security researchers at ESET reveal that the Hive ransomware group has expanded its attacks to Linux and FreeBSD systems, releasing a buggy yet feature‑rich Linux variant written in Go, while noting a broader industry trend of ransomware operators developing Linux encryptors to compromise virtualized server environments.

GoVirtualizationhive

0 likes · 4 min read

Hive Ransomware Targets Linux: Bugs, New Features, and Industry Shift

Ctrip Technology

Nov 11, 2021 · Information Security

Mobile App Security Hardening: Risks, Detection Techniques, and Protection Strategies

This article examines the security challenges faced by mobile applications, outlines static, dynamic, and business‑level attack vectors, and presents comprehensive hardening techniques—including environment detection, data collection, code and algorithm obfuscation, and virtual‑machine protection—illustrated with iOS‑specific examples and code snippets.

Mobile Securityapp hardeningcode obfuscation

0 likes · 13 min read

Mobile App Security Hardening: Risks, Detection Techniques, and Protection Strategies

Laravel Tech Community

Nov 8, 2021 · Information Security

Common Intranet Penetration Tools: nps, frp, EW, and ngrok – Features and Usage Guide

This article introduces several widely used intranet penetration tools—including nps, frp, EW, and ngrok—explaining their core principles, key features, and step‑by‑step configuration commands for establishing secure tunnels, proxy services, and remote access to internal resources.

NPSfrpinformation security

0 likes · 13 min read

Common Intranet Penetration Tools: nps, frp, EW, and ngrok – Features and Usage Guide

Full-Stack Internet Architecture

Nov 8, 2021 · Information Security

Why Private Browsing Isn’t Truly Private: How Browsers, Cookies, ISPs and Employers Track Your Activity

Even when you use a browser’s incognito or private mode, your search queries, visited sites, and personal data can still be captured by browsers, cookies, your employer, ISP, and even input methods, making true online anonymity virtually impossible.

browser trackingcookiesdata leakage

0 likes · 4 min read

Why Private Browsing Isn’t Truly Private: How Browsers, Cookies, ISPs and Employers Track Your Activity

Open Source Linux

Nov 3, 2021 · Information Security

Master Intranet Penetration: A Practical Guide to nps, frp, EW, and ngrok

This technical guide reviews several popular intranet penetration and proxy tools—including nps, frp, EW, and ngrok—explaining their core principles, key features, installation steps, configuration examples, and advanced options such as encryption, compression, dashboards, and multi‑level port mapping.

NPSfrpinformation security

0 likes · 13 min read

Master Intranet Penetration: A Practical Guide to nps, frp, EW, and ngrok

OPPO Amber Lab

Nov 1, 2021 · Information Security

AI-Enabled Security Insights from the 2021 Pan-Terminal Workshop

The 2021 Pan‑Terminal Security Workshop, jointly organized by the China Computer Federation and OPPO at Xi'an Jiaotong University, gathered leading academics and industry experts to discuss AI‑driven security, kernel protection, and blockchain finance, offering livestream access and video recordings for the research community.

AI securityBlockchainKernel Security

0 likes · 3 min read

AI-Enabled Security Insights from the 2021 Pan-Terminal Workshop

MaGe Linux Operations

Oct 24, 2021 · Information Security

Top 10 Web Log Security Analysis Tools You Should Try

Discover ten easy‑to‑use web log security analysis tools that help you trace attackers, identify vulnerabilities, and visualize malicious activity, ranging from open‑source visualizers to enterprise‑grade SIEM platforms.

Log MonitoringSIEMinformation security

0 likes · 4 min read

Top 10 Web Log Security Analysis Tools You Should Try

Full-Stack Internet Architecture

Oct 18, 2021 · Information Security

Case Study: “Da Niu Assistant” Location‑Spoofing App, Its Business Model, and Legal Consequences

The article recounts how a developer created the “Da Niu Assistant” app to spoof DingTalk check‑ins, generated several hundred thousand yuan in revenue, was analyzed by Alibaba security engineers, and ultimately led to a five‑year‑six‑month prison sentence, highlighting the risks of security‑related startups.

DingTalkLocation SpoofingSoftware Piracy

0 likes · 5 min read

Case Study: “Da Niu Assistant” Location‑Spoofing App, Its Business Model, and Legal Consequences

21CTO

Oct 15, 2021 · Information Security

How a WeChat Payment System Was Hijacked: A Code‑Injection Theft Case Study

This article details how a former technical director inserted malicious code into a company's WeChat payment platform, diverting millions of yuan to his own account, the subsequent investigation, witness testimonies, and the court's judgment sentencing him for large‑scale theft.

Code InjectionWeChatinformation security

0 likes · 7 min read

How a WeChat Payment System Was Hijacked: A Code‑Injection Theft Case Study

21CTO

Oct 13, 2021 · Information Security

Why Foreign Privacy Apps Are Triggering Continuous Location Tracking on Your Phone

Recent reports reveal that foreign privacy‑tracking apps can cause major Chinese services like Meituan, major layoffs at Beike's Shanghai R&D team, and an FSF warning that Windows 11 undermines user freedom, highlighting growing concerns over data privacy, corporate restructuring, and open‑source advocacy.

FSFWindows 11information security

0 likes · 6 min read

Why Foreign Privacy Apps Are Triggering Continuous Location Tracking on Your Phone

Open Source Linux

Oct 12, 2021 · Information Security

Build a Python Wi‑Fi Password Cracker with CLI and GUI

This article walks through creating a Python script that uses the pywifi library to brute‑force Wi‑Fi passwords, shows how to improve flexibility with command‑line arguments, and demonstrates two graphical interfaces built with Tkinter for a more user‑friendly cracking tool.

PythonTkinterbrute force

0 likes · 16 min read

Build a Python Wi‑Fi Password Cracker with CLI and GUI

DataFunSummit

Oct 4, 2021 · Artificial Intelligence

Intelligent Risk Control Practices and Architecture by Shumei Technology

This article presents Shumei Technology's comprehensive approach to fraud prevention, detailing the scale of black‑market losses, typical abuse scenarios, challenges of traditional defenses, and the design of a full‑stack, AI‑driven risk control system that combines device, behavior, and content detection with real‑time, multi‑cluster deployment and case studies from banking and live‑stream platforms.

artificial intelligencefraud detectioninformation security

0 likes · 24 min read

Intelligent Risk Control Practices and Architecture by Shumei Technology

Top Architect

Sep 20, 2021 · Information Security

Case Study: Violation of Computer Information System Laws by Yang Mou – Court Judgment and Legal Analysis

The article details how Yang Mou, a former ticketing system programmer, remotely accessed and sabotaged a bus company's ticketing platform in October 2020, leading to a court conviction for destroying computer information systems under Chinese criminal law, with a nine‑month prison sentence and references to relevant statutes.

Chinese lawcomputer crimeinformation security

0 likes · 6 min read

Case Study: Violation of Computer Information System Laws by Yang Mou – Court Judgment and Legal Analysis

Ops Development Stories

Sep 18, 2021 · Information Security

Secure Message Delivery: Symmetric & Asymmetric Encryption, Hashes, Signatures

Learn the fundamentals of information security through a myth-inspired scenario, covering how symmetric and asymmetric encryption, message digests, and digital signatures ensure confidentiality, integrity, and authenticity when transmitting a simple invitation, and explore a practical secure email system design.

Symmetric Cryptographydigital signaturesencryption

0 likes · 7 min read

Secure Message Delivery: Symmetric & Asymmetric Encryption, Hashes, Signatures

iQIYI Technical Product Team

Sep 10, 2021 · Information Security

Introduction and Business Practice of Cloud KMS for Data Security at iQIYI

iQIYI’s security team created a Cloud KMS platform that, in line with China’s Data Security Law, provides HSM‑backed key lifecycle management, API‑driven encryption, high‑availability deployment and fine‑grained access control, enabling its membership services to meet compliance, cut development effort by ~80 %, halve operational workload and lower costs, while laying groundwork for future features such as traffic splitting and zero‑intrusion integration.

Business PracticeCloud KMScloud computing

0 likes · 7 min read

Introduction and Business Practice of Cloud KMS for Data Security at iQIYI

21CTO

Sep 9, 2021 · Information Security

Critical IE Zero-Day (CVE‑2021‑40444) Exploited via Malicious Office Docs – What You Need to Know

Microsoft warned on September 8 that a critical IE zero‑day (CVE‑2021‑40444) is being actively exploited through specially crafted Office documents, allowing remote code execution via ActiveX, and urged users to disable IE ActiveX controls until a patch is released.

ActiveXCVE-2021-40444IE

0 likes · 3 min read

Critical IE Zero-Day (CVE‑2021‑40444) Exploited via Malicious Office Docs – What You Need to Know

Java Architect Essentials

Sep 5, 2021 · Industry Insights

When AI Code Assistants Leak Fake IDs: GitHub Copilot’s Privacy Risks Explained

GitHub Copilot once auto‑completed a seemingly real Chinese ID number for a public figure, sparking concerns that large language models can unintentionally expose personal data learned from public web sources, highlighting privacy and security challenges in AI‑driven code assistants.

AI privacyGitHub Copilotcode completion

0 likes · 8 min read

When AI Code Assistants Leak Fake IDs: GitHub Copilot’s Privacy Risks Explained

Liangxu Linux

Aug 30, 2021 · Information Security

Understanding TCP/IP Layers and Common Network Attacks: ARP, DoS, DNS

This article explains how the four-layer TCP/IP model underpins various network attacks such as ARP spoofing, DoS (including SYN flood), and DNS hijacking, and provides practical security recommendations for detecting and mitigating these threats.

ARPDNSDoS

0 likes · 11 min read

Understanding TCP/IP Layers and Common Network Attacks: ARP, DoS, DNS

Qingyun Technology Community

Aug 25, 2021 · Information Security

How QingCloud’s Security Resource Pool Leverages SDN for Scalable Cloud Protection

This article explains how QingCloud’s security resource pool, built on a trusted cloud platform and SDN orchestration, provides self‑service, high‑performance, and open‑architecture security services for tenants, addressing control‑plane and data‑flow challenges while enabling flexible north‑south and east‑west traffic protection.

QingCloudSDN orchestrationcloud security

0 likes · 10 min read

How QingCloud’s Security Resource Pool Leverages SDN for Scalable Cloud Protection

MaGe Linux Operations

Aug 22, 2021 · Information Security

What Happens When an Elasticsearch Database Exposes 2 Million Sensitive Records?

In July, security researcher Bob Diachenko uncovered an exposed Elasticsearch cluster leaking nearly two million personal records—including passport details and no‑fly indicators—highlighting the severe impact of unsecured Elasticsearch deployments and offering recommendations to prevent future breaches.

Elasticsearchdata breachinformation security

0 likes · 5 min read

What Happens When an Elasticsearch Database Exposes 2 Million Sensitive Records?

DataFunSummit

Aug 20, 2021 · Artificial Intelligence

Data Privacy and Differential Privacy Techniques in Machine Learning

This article reviews recent data privacy challenges in machine learning, explains the distinction between privacy and security, presents classic attacks and anonymization methods such as K‑anonymity, L‑diversity and T‑closeness, and details differential privacy techniques and their impact on model performance.

anonymizationdifferential privacyinformation security

0 likes · 17 min read

Data Privacy and Differential Privacy Techniques in Machine Learning

OPPO Amber Lab

Aug 10, 2021 · Information Security

AI, IoT, and Zero Trust: Key Takeaways from the 2021 ACM China Turing Conference

At the 2021 ACM China Turing Conference in Hefei, leading academics and industry experts presented cutting‑edge research on AI‑driven security, mobile OS vulnerability detection, IoT sensor risks, ARM confidential computing, and zero‑trust frameworks, highlighting how emerging technologies reshape secure mobile and industrial ecosystems.

AIARMIoT

0 likes · 7 min read

AI, IoT, and Zero Trust: Key Takeaways from the 2021 ACM China Turing Conference

DevOps

Aug 9, 2021 · Operations

Microsoft Digital: Internal IT Transformation and Operational Excellence

Microsoft Digital describes how Microsoft’s internal IT organization, renamed from CSEO to Microsoft Digital, drove a comprehensive digital transformation by migrating operations to Azure, adopting cloud‑centric architecture, implementing DevOps, enhancing security, data, and AI capabilities, and aligning vision‑driven priorities to boost productivity, customer focus, and business outcomes.

Data AnalyticsDigital TransformationOperations

0 likes · 20 min read

Microsoft Digital: Internal IT Transformation and Operational Excellence

Liangxu Linux

Aug 7, 2021 · Information Security

Master Packet Crafting with Scapy: ARP Scanning and TCP SYN Port Scanning in Python

This tutorial shows how to use Python's Scapy library to craft and send ARP requests for network discovery, perform ARP spoofing attacks, and implement TCP SYN port scanning by interpreting packet flags, providing complete code examples and practical security insights.

ARPNetwork programmingScapy

0 likes · 7 min read

Master Packet Crafting with Scapy: ARP Scanning and TCP SYN Port Scanning in Python

58 Tech

Aug 5, 2021 · Artificial Intelligence

Exploration and Practice of Text Representation Algorithms in the 58 Security Scenario

This article presents a comprehensive study of text representation techniques—from weighted word‑vector methods to supervised SimBert and unsupervised contrastive learning models—applied to large‑scale unstructured data in 58's information‑security workflows, evaluating their effectiveness for classification and content‑recall tasks.

BERTSimCSEcontrastive learning

0 likes · 11 min read

Exploration and Practice of Text Representation Algorithms in the 58 Security Scenario