Tagged articles

information security

1019 articles · Page 8 of 11
Programmer DD
Programmer DD
Jan 24, 2021 · Information Security

Why the Weird Password “ji32k7au4a83” Reveals Hidden Risks in Common Passwords

The article explains how a seemingly random password "ji32k7au4a83" appeared in millions of data breaches because it encodes the Chinese phrase "my password" in Zhuyin, highlights the prevalence of weak passwords like "123456", and offers practical advice for creating stronger, more secure passwords.

Have I Been PwnedZhuyincommon passwords
0 likes · 4 min read
Why the Weird Password “ji32k7au4a83” Reveals Hidden Risks in Common Passwords
Liangxu Linux
Liangxu Linux
Jan 12, 2021 · Information Security

What Is a Bastion Host and How Does It Secure Operations?

This article explains the concept, purpose, design principles, functional modules, authentication methods, deployment options, and open‑source implementations of bastion hosts, highlighting how they centralize control, audit, and protect privileged access to servers and network devices.

OperationsSecurity Auditingauthentication
0 likes · 9 min read
What Is a Bastion Host and How Does It Secure Operations?
Programmer DD
Programmer DD
Jan 8, 2021 · Information Security

When Deleting Data Becomes a Crime: DBA Sentenced to 7 Years

A former database administrator at Lianjia was convicted of deliberately deleting 9 TB of financial data, leading to a seven‑year prison sentence after forensic evidence linked his root‑access actions to the breach, highlighting the severe legal consequences of insider data sabotage.

computer crimedata deletiondatabase admin
0 likes · 7 min read
When Deleting Data Becomes a Crime: DBA Sentenced to 7 Years
dbaplus Community
dbaplus Community
Jan 7, 2021 · Information Security

Understanding CC Attacks and Slow DDoS: Mechanisms, Tools, and Defenses

This article explains how CC (Challenge Collapsar) attacks and their slow‑request variants overwhelm web services, describes the underlying botnet concepts, shows practical attack commands with tools like slowhttptest, and outlines multiple mitigation strategies such as rate limiting, IP hiding, high‑protection IP services, and static page optimization.

DDoSSlow Attackbotnet
0 likes · 18 min read
Understanding CC Attacks and Slow DDoS: Mechanisms, Tools, and Defenses
21CTO
21CTO
Jan 4, 2021 · Information Security

How to Secure Passwords with Salt in Java: MD5 Salting Explained

This article explains the concept of password salting, its security benefits, and provides a complete Java implementation using MD5, including salt generation, hashing with and without salt, storing salt within the hash, and verification procedures for registration and login.

HashingJavaMD5
0 likes · 12 min read
How to Secure Passwords with Salt in Java: MD5 Salting Explained
21CTO
21CTO
Jan 1, 2021 · Information Security

Did Hackers Peek into Microsoft’s Source Code? Insights from the SolarWinds Attack

A recent SolarWinds breach gave hackers read‑only access to Microsoft’s internal source‑code repositories, prompting the company to stress that no production systems or user data were compromised while highlighting broader security implications for the software industry.

MicrosoftSolarWindscybersecurity
0 likes · 5 min read
Did Hackers Peek into Microsoft’s Source Code? Insights from the SolarWinds Attack
Programmer DD
Programmer DD
Dec 30, 2020 · Information Security

When a Bonus Dispute Triggers a Massive Cloud Outage: The Real Cost of Deleting Code

A disgruntled programmer, denied a promised bonus, altered Huawei Cloud's OBS service code, causing a platform-wide crash, a court conviction for destroying a computer information system, and prompting a broader discussion on why developers repeatedly risk severe legal and professional consequences despite low penalties and harsh work conditions.

cloud outagecode deletioninformation security
0 likes · 10 min read
When a Bonus Dispute Triggers a Massive Cloud Outage: The Real Cost of Deleting Code
iQIYI Technical Product Team
iQIYI Technical Product Team
Dec 25, 2020 · Information Security

iQiyi Security Incident Response Center Vulnerability Handling Policy (Version 3.0)

iQiyi Security Incident Response Center Vulnerability Handling Policy version 3.0 outlines scope, principles, reporting process, severity scoring, reward system, user levels, dispute resolution, and prohibitions, emphasizing dedicated handling, point-based rewards, and strict rules for disclosures and malicious activity.

Bug BountyVulnerability Managementinformation security
0 likes · 13 min read
iQiyi Security Incident Response Center Vulnerability Handling Policy (Version 3.0)
DataFunSummit
DataFunSummit
Dec 24, 2020 · Information Security

Evolution and Architecture of Risk Control at 58.com

This article outlines the development stages, architectural evolution, and practical challenges of 58.com’s risk‑control platform, describing how the system progressed from manual review to configurable automation, multi‑scene governance, and intelligent expert‑driven auditing to protect billions of daily transactions.

fraud detectioninformation securityplatform architecture
0 likes · 10 min read
Evolution and Architecture of Risk Control at 58.com
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Dec 23, 2020 · Information Security

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

This article provides a comprehensive overview of Cross‑Site Scripting (XSS), covering its definition, impact, underlying mechanisms, classification, common injection vectors, defensive strategies, practical Q&A, and a curated list of reference resources for developers and security professionals.

Cross-site scriptingXSSfrontend security
0 likes · 16 min read
Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses
macrozheng
macrozheng
Dec 17, 2020 · Information Security

How Data Masking Protects Your Users: Techniques & Best Practices

Data masking, also known as data desensitization, transforms sensitive information such as phone numbers and ID numbers using static and dynamic methods—including truncation, randomization, replacement, encryption, and averaging—to prevent privacy breaches while preserving data utility for testing, analysis, and production environments.

Data MaskingDynamic Maskingdata anonymization
0 likes · 9 min read
How Data Masking Protects Your Users: Techniques & Best Practices
DataFunSummit
DataFunSummit
Dec 16, 2020 · Artificial Intelligence

Federated Learning vs Secure Multi‑Party Computation: Concepts, Challenges, and Alibaba’s Solutions

This article explains the fundamentals of federated learning and secure multi‑party computation, compares their security and performance trade‑offs, discusses the differences between Google’s cross‑device FL and China’s cross‑silo FL, and presents Alibaba’s recent advances and practical solutions for privacy‑preserving collaborative modeling.

Differential PrivacyPrivacycross-silo
0 likes · 18 min read
Federated Learning vs Secure Multi‑Party Computation: Concepts, Challenges, and Alibaba’s Solutions
ITPUB
ITPUB
Dec 15, 2020 · Information Security

How Dark‑Web Ransomware Hijacks MySQL Databases and Sells Them for $550

The article explains how ransomware gangs steal MySQL databases, automate ransom‑payment portals on the dark web, auction unsold data, and accept Bitcoin, revealing the scale of over 85,000 databases for sale at roughly $500‑$550 each.

dark webdata breachinformation security
0 likes · 4 min read
How Dark‑Web Ransomware Hijacks MySQL Databases and Sells Them for $550
FunTester
FunTester
Dec 12, 2020 · Operations

Why Redundancy Is the Key to Effective Disaster Recovery in IT Systems

The article explains that disaster recovery for information systems relies on redundancy across hardware, energy, and data, classifies natural, human, and technical disasters, defines critical metrics such as RTO and RPO, and outlines the technologies, architectures, and maturity levels needed to ensure business continuity.

Disaster RecoveryRPORTO
0 likes · 29 min read
Why Redundancy Is the Key to Effective Disaster Recovery in IT Systems
JD Tech Talk
JD Tech Talk
Dec 9, 2020 · Information Security

Understanding “Wool Party” Attacks: Interface and Business Layer Threats in Marketing Scenarios

This article explains how the so‑called “wool party” (羊毛党) operates in marketing environments, detailing common interface‑layer attacks, business‑layer (UI) attacks, the tools they use such as card‑issuing and SMS‑receiving platforms, and the defensive measures employed by intelligent risk‑control systems.

business layer attackinformation securityinterface attack
0 likes · 7 min read
Understanding “Wool Party” Attacks: Interface and Business Layer Threats in Marketing Scenarios
Programmer DD
Programmer DD
Dec 6, 2020 · Information Security

How Fraudsters Exploit Online Promotions: Real Cases and Lessons

This article explains the concept of "薅羊毛" (exploiting online promotions), presents several real police‑investigated cases—including massive membership recharges, coupon abuse, and game‑reward scams—and warns readers about the legal risks of using illegal methods to obtain freebies.

Case Studycybercrimeinformation security
0 likes · 7 min read
How Fraudsters Exploit Online Promotions: Real Cases and Lessons
Architect's Tech Stack
Architect's Tech Stack
Dec 5, 2020 · Information Security

Case Study: Micro-Alliance Database Deletion Incident and Its Legal Consequences

In February 2020, a core operations engineer at Micro-Alliance maliciously deleted the company's production databases, causing over ten billion yuan in market loss, massive user disruption, and a six‑year prison sentence, while highlighting broader industry risks and the need for stronger security controls.

Risk Managementcybercrimedata breach
0 likes · 8 min read
Case Study: Micro-Alliance Database Deletion Incident and Its Legal Consequences
FunTester
FunTester
Dec 4, 2020 · Information Security

Introduction to Cryptography: History, Significance, and Future Directions

This introductory text explores the evolution of cryptography from ancient symbols to modern quantum and DNA‑based codes, highlighting its pivotal role in politics, warfare, and society while emphasizing the need for universal understanding of encryption and decryption across all fields.

Quantum Cryptographycodebreakingcryptography
0 likes · 14 min read
Introduction to Cryptography: History, Significance, and Future Directions
JD Cloud Developers
JD Cloud Developers
Dec 3, 2020 · Information Security

Why Weak Passwords Still Prevail and How Modern Cryptography Secures Your Data

This article explores the prevalence of weak passwords, introduces fundamental concepts of cryptography, explains symmetric encryption algorithms and their key distribution challenges, and demonstrates the Diffie‑Hellman key‑exchange process with a concrete example and a Python implementation of primitive‑root calculation.

Diffie-Hellmancryptographyinformation security
0 likes · 9 min read
Why Weak Passwords Still Prevail and How Modern Cryptography Secures Your Data
Programmer DD
Programmer DD
Nov 26, 2020 · Information Security

What the 2020 Most Common Passwords Reveal About Your Online Security

A recent NordPass analysis of the 200 most common passwords in 2020 shows why simple strings like "123456" dominate, how millions of accounts are exposed, and offers practical advice on creating stronger, unique passwords to protect against breaches and phishing attacks.

NordPassPassword Managementcommon passwords
0 likes · 6 min read
What the 2020 Most Common Passwords Reveal About Your Online Security
Efficient Ops
Efficient Ops
Nov 23, 2020 · Information Security

When Revenge Becomes a Crime: A Programmer’s OBS Sabotage Case

A Chinese programmer, angry over an unpaid bonus, altered Huawei Cloud OBS storage code, crippling a consumer platform for hours, leading to a conviction for destroying a computer information system and sparking a broader discussion on developer respect and security safeguards.

cloud storagecode sabotagedeveloper misconduct
0 likes · 7 min read
When Revenge Becomes a Crime: A Programmer’s OBS Sabotage Case
Open Source Linux
Open Source Linux
Nov 23, 2020 · Information Security

2020’s Most Common Passwords Revealed and How to Build Uncrackable Ones

A NordPass analysis of 275 million passwords uncovered the 2020 top‑200 most used passwords, highlighting why simple strings like “123456” are easily cracked and offering practical advice—including length, complexity, and unique generation techniques—to help users create far stronger, unbreakable passwords.

common passwordsinformation securitypassword best practices
0 likes · 5 min read
2020’s Most Common Passwords Revealed and How to Build Uncrackable Ones
Programmer DD
Programmer DD
Nov 17, 2020 · Information Security

Why Every Enterprise Needs a Bastion Host for Secure Access and Auditing

An in‑depth guide explains what a bastion host is, its 4A design (authentication, authorization, account, audit), core functions, common deployment models, authentication methods, and both commercial and open‑source options, highlighting how it centralizes control, enhances security, and streamlines operational compliance.

Access Controlauditbastion host
0 likes · 9 min read
Why Every Enterprise Needs a Bastion Host for Secure Access and Auditing
Laravel Tech Community
Laravel Tech Community
Nov 11, 2020 · Information Security

Bitcoin Ransomware Cases and Police Crackdown in China

The article describes how Bitcoin‑based ransomware such as WannaRen encrypts victims' files, the large‑scale attacks on Chinese enterprises and institutions, the police investigations that led to the arrest of the mastermind Ju Mou and his accomplices, and practical advice for preventing such threats.

BitcoinData Recoverycybersecurity
0 likes · 7 min read
Bitcoin Ransomware Cases and Police Crackdown in China
Top Architect
Top Architect
Nov 6, 2020 · Information Security

Security Analysis of the “Le Bao” Fake WeChat App Used for Pornographic Promotion

The report investigates the malicious “Le Bao” application that mimics WeChat, detailing its hidden QR‑code group‑joining mechanism, server‑side communication, payment and gambling integration, and the broader illicit promotion and profit model, while providing forensic traces, source‑code decoding, and mitigation recommendations.

Malware Analysisapp spoofinginformation security
0 likes · 13 min read
Security Analysis of the “Le Bao” Fake WeChat App Used for Pornographic Promotion
Zhengtong Technical Team
Zhengtong Technical Team
Oct 30, 2020 · Information Security

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

This article explains how to employ Burp Suite to conduct comprehensive penetration testing on the ZhiXin mobile app, covering setup, proxy configuration, detection of sensitive data leaks, privilege escalation, XSS, and SQL injection vulnerabilities, and provides remediation recommendations.

Burp Suiteapp testinginformation security
0 likes · 12 min read
Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application
Efficient Ops
Efficient Ops
Oct 27, 2020 · Information Security

How to Detect Account Security Threats Using Log Analysis and Alerts

This article explains practical methods for detecting account security threats—such as blacklisted, expired, or abnormal login behaviors—by analyzing Linux and Windows login logs, defining detection rules, and leveraging automated tools to generate timely alerts and reduce security risks.

Threat Detectionaccount securityincident response
0 likes · 27 min read
How to Detect Account Security Threats Using Log Analysis and Alerts
Programmer DD
Programmer DD
Oct 27, 2020 · Information Security

How a Fake WeChat App ‘LeBao’ Fuels Hidden Porn Networks – A Deep Dive

This report analyzes the malicious “LeBao” application that masquerades as a WeChat‑like chat tool, detailing its covert QR‑code group entry, custom decoding, member‑paid porn livestreams, payment fraud, server tracing, and recommended mitigation measures to curb its illicit operations.

Malware Analysisapp investigationcybercrime
0 likes · 11 min read
How a Fake WeChat App ‘LeBao’ Fuels Hidden Porn Networks – A Deep Dive
Java Backend Technology
Java Backend Technology
Oct 22, 2020 · Information Security

What Caused the Massive P1 Outage? A Real‑World Security Scanning Bug Uncovered

A sudden P1 incident reset all user passwords, and after a thorough investigation the team discovered that a security‑scanning tool’s weak‑password check repeatedly hit login attempts, triggering a bug that caused the outage, highlighting the critical need for proper incident response and security engineering.

OperationsP1 incidentdatabase
0 likes · 7 min read
What Caused the Massive P1 Outage? A Real‑World Security Scanning Bug Uncovered
Architecture Digest
Architecture Digest
Oct 17, 2020 · Information Security

Understanding HTTPS: Principles, Encryption, and Security

This article explains why HTTPS has become essential for web security, compares it with HTTP, describes the weaknesses of plain HTTP and hashing algorithms, and details how symmetric and asymmetric encryption together with TLS/SSL certificates secure data transmission over the Internet.

EncryptionHTTPSTLS/SSL
0 likes · 11 min read
Understanding HTTPS: Principles, Encryption, and Security
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Oct 12, 2020 · Information Security

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

This article provides a comprehensive overview of Cross‑Site Scripting (XSS), explaining its definition, dangers, underlying mechanisms, classification into stored, reflected, and DOM‑based types, common injection vectors, and practical defense strategies, while also addressing common questions and resources for further learning.

Cross-site scriptingDefenseXSS
0 likes · 11 min read
Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses
Liangxu Linux
Liangxu Linux
Oct 8, 2020 · Information Security

How Offline Payment Codes Enable Alipay & WeChat Payments Without Network

This article explains the technical principles behind offline payment codes used by Alipay and WeChat, covering common payment modes, online and offline code schemes, OTP generation, cryptographic algorithms, their advantages, drawbacks, and practical implementation details.

AlipayOTPWeChat
0 likes · 13 min read
How Offline Payment Codes Enable Alipay & WeChat Payments Without Network
Liangxu Linux
Liangxu Linux
Oct 6, 2020 · Information Security

How I Uncovered a Phishing Mooncake Email Using Wireshark, Shodan, and OSINT

During the Mid‑Autumn Festival I received a seemingly harmless mooncake email, suspected it was a phishing test, and then used a virtual machine, network‑capture tools, Shodan, and open‑source intelligence to trace the malicious link back to its source and exposed the underlying infrastructure.

Network reconnaissanceOSINTPhishing
0 likes · 4 min read
How I Uncovered a Phishing Mooncake Email Using Wireshark, Shodan, and OSINT
Programmer DD
Programmer DD
Sep 28, 2020 · Information Security

Was Windows XP Source Code Leaked? Implications for Modern Security

In 2020, when Windows 7 support ended, a massive leak of Windows XP and Server 2003 source code surfaced online, sparking concerns about potential vulnerabilities and offering a rare research resource for security professionals.

EternalBlueWindows XPinformation security
0 likes · 4 min read
Was Windows XP Source Code Leaked? Implications for Modern Security
Programmer DD
Programmer DD
Sep 25, 2020 · Information Security

Misconfigured ElasticSearch Server Exposes Millions of Bing Mobile Users' Data

A misconfigured ElasticSearch server owned by Microsoft leaked millions of Bing mobile app search queries, location data, device IDs and other details, exposing users worldwide to phishing, ransomware and even robbery risks, while Microsoft claims the breach affected only a small amount of non‑identifiable data.

Privacybing mobiledata breach
0 likes · 6 min read
Misconfigured ElasticSearch Server Exposes Millions of Bing Mobile Users' Data
ITPUB
ITPUB
Sep 24, 2020 · Information Security

What Happens When Bing’s Mobile Apps Leak Over 6.5 TB of User Data?

A recent investigation revealed that an unsecured server containing more than 6.5 TB of user data from Bing’s iOS, iPadOS, and Android apps was exposed, allowing attackers to harvest nearly 100 million records and launch destructive “Meow” attacks that nearly wiped the Elasticsearch database.

BingElasticsearchMeow Attack
0 likes · 6 min read
What Happens When Bing’s Mobile Apps Leak Over 6.5 TB of User Data?
ITPUB
ITPUB
Sep 23, 2020 · Information Security

What the Bing Mobile Data Leak Means for Your Privacy

A massive breach exposed over 6.5 TB of Bing mobile app data—including search queries, location coordinates, device identifiers, and URLs—on an unsecured Elasticsearch server, putting iOS and Android users at risk of fraud, phishing, and physical threats, while highlighting common causes of such leaks.

BingElasticsearchUser Privacy
0 likes · 6 min read
What the Bing Mobile Data Leak Means for Your Privacy
OPPO Amber Lab
OPPO Amber Lab
Sep 22, 2020 · Information Security

Understanding Cryptography: From Basics to Symmetric & Asymmetric Ciphers

This article introduces the fundamentals of cryptography, explaining what passwords are, the difference between encryption and decryption, classifications of cryptographic algorithms such as symmetric, asymmetric, hash functions, and message authentication, and illustrates concepts with examples like RC4 and block cipher modes.

Encryptionasymmetric cipherhash function
0 likes · 5 min read
Understanding Cryptography: From Basics to Symmetric & Asymmetric Ciphers
21CTO
21CTO
Sep 21, 2020 · Information Security

Why a Programmer Deleted 300M Users' Data – Lessons on Cloud Security

The article recounts the 2020 “delete‑and‑run” incident where a disgruntled employee erased all data from the SaaS platform Weimeng, causing over 300 million users to lose access, a market‑value plunge of over HK$1 billion, and a six‑year prison sentence, while exposing critical flaws in data‑security practices and the risks of insufficient cloud adoption.

Cloud ComputingData SecuritySaaS
0 likes · 8 min read
Why a Programmer Deleted 300M Users' Data – Lessons on Cloud Security
Architects Research Society
Architects Research Society
Sep 20, 2020 · Information Security

Introduction to Technical Risk Management

This guide explains what technical risk is, why it matters, and provides a step‑by‑step methodology for assessing, mitigating, and managing technology‑related risks—including lifecycle, compliance, and complexity considerations—to improve cost efficiency, agility, and security across the enterprise.

Enterprise ArchitectureIT lifecyclecompliance
0 likes · 17 min read
Introduction to Technical Risk Management
21CTO
21CTO
Sep 11, 2020 · Information Security

How State‑Backed Hackers Targeted the 2020 US Election: Microsoft’s Findings

Microsoft’s report reveals that Russian and Iranian state‑backed hacker groups have targeted candidates, campaign staff, and consulting firms involved in the 2020 U.S. presidential election, employing phishing and other tactics, but strong defenses have limited successful intrusions.

Cyber EspionageUS politicselection security
0 likes · 4 min read
How State‑Backed Hackers Targeted the 2020 US Election: Microsoft’s Findings
MaGe Linux Operations
MaGe Linux Operations
Sep 10, 2020 · Information Security

Why HTTP Is Insecure and How HTTPS Protects Against Man-in-the-Middle Attacks

This article explains the fundamentals of the HTTP protocol, illustrates its vulnerability to man‑in‑the‑middle attacks, and details how HTTPS—through SSL/TLS, asymmetric key exchange, and a trusted CA certificate hierarchy—secures communications by encrypting data and preventing interception and tampering.

HTTPHTTPSMan-in-the-Middle
0 likes · 9 min read
Why HTTP Is Insecure and How HTTPS Protects Against Man-in-the-Middle Attacks
macrozheng
macrozheng
Sep 8, 2020 · Information Security

How Do Offline Payment Codes Work? Inside the Tech Behind WeChat & Alipay

Even without network connectivity, mobile payment apps like WeChat and Alipay can complete transactions using offline payment codes; this article explains the two common QR payment methods, the online and offline code schemes, the underlying OTP and HMAC‑SHA1 algorithms, and their security trade‑offs.

HMAC-SHA1OTPinformation security
0 likes · 13 min read
How Do Offline Payment Codes Work? Inside the Tech Behind WeChat & Alipay
Architect's Tech Stack
Architect's Tech Stack
Sep 4, 2020 · Information Security

Are Open‑Source Projects on GitHub Subject to U.S. Export Controls?

The article explains that GitHub’s user agreement and the Apache Software Foundation’s policies include U.S. export‑control clauses, but legal experts clarify that publicly available open‑source code without encryption is generally exempt from EAR restrictions, while enterprises may still need licenses for certain uses.

EARGitHubexport control
0 likes · 5 min read
Are Open‑Source Projects on GitHub Subject to U.S. Export Controls?
Programmer DD
Programmer DD
Aug 30, 2020 · Information Security

Why Plaintext Passwords Are Dangerous and How to Secure Them Properly

Storing passwords in plaintext is insecure; instead, use cryptographic hash functions with proper salting, avoid simple encryption like AES, understand rainbow table attacks, and adopt modern password‑hash algorithms such as Argon2, Bcrypt or Scrypt to protect user credentials against modern threats.

Hashingcryptographic hashinformation security
0 likes · 13 min read
Why Plaintext Passwords Are Dangerous and How to Secure Them Properly
Programmer DD
Programmer DD
Aug 29, 2020 · Information Security

Can the US Really Shut Down Your .cn Domain? Inside DNS Root Server Secrets

After the US announced its “Clean Network” initiative, concerns arose about whether America could block national top‑level domains by controlling the 13 DNS root servers; this article explains DNS fundamentals, the role of root mirrors, historical shutdowns, and how China mitigates such risks.

AnycastChinaDNS
0 likes · 24 min read
Can the US Really Shut Down Your .cn Domain? Inside DNS Root Server Secrets
Java Backend Technology
Java Backend Technology
Aug 16, 2020 · Information Security

How Chinese Police Dismantled a $20M Game Cheat Syndicate

In 2020, Chinese authorities uncovered and busted a nationwide network selling illegal League of Legends cheat software, arresting 21 suspects across 14 provinces, exposing the developers, sales tactics, massive profits, and the legal ramifications under criminal law.

League of Legendscybercrimegame cheating
0 likes · 8 min read
How Chinese Police Dismantled a $20M Game Cheat Syndicate
IT Architects Alliance
IT Architects Alliance
Aug 13, 2020 · Information Security

Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them

After gathering reconnaissance data in a penetration test, this article reviews seven popular web vulnerability scanners, outlining their core capabilities, typical usage scenarios, and visual screenshots to help security professionals choose the right tool for detecting SQL injection, XSS, file inclusion, and other common web flaws.

awvsinformation securitynessus
0 likes · 7 min read
Top 7 Web Vulnerability Scanners: Features, Pros, and How to Use Them
Architects Research Society
Architects Research Society
Aug 12, 2020 · Information Security

12 Best Cybersecurity Practices for 2019

This article outlines twelve essential cybersecurity best practices for 2019, covering biometric security, tiered policies, risk‑based approaches, data backup, IoT protection, multi‑factor authentication, password management, least‑privilege principles, privileged‑user monitoring, third‑party access control, phishing defense, and employee awareness to safeguard sensitive data.

Data ProtectionMulti-Factor Authenticationbest practices
0 likes · 22 min read
12 Best Cybersecurity Practices for 2019
Architects Research Society
Architects Research Society
Aug 9, 2020 · Information Security

Understanding Open Source Software Dependency Security Risks and Available Tools

The article explains how the widespread use of third‑party open‑source components creates a large, often overlooked attack surface, describes the fragmented nature of vulnerability information, and reviews a variety of tools that help organizations detect and manage security risks in their software dependencies.

dependency managementinformation securityopen-source
0 likes · 12 min read
Understanding Open Source Software Dependency Security Risks and Available Tools
Programmer DD
Programmer DD
Aug 9, 2020 · Information Security

Inside the GPG‑Agentd Malware: How a CentOS Server Was Hijacked and Spread via Redis

A compromised CentOS server was frozen by Alibaba Cloud after malicious outbound traffic; the investigation uncovered a disguised gpg‑agentd process, malicious cron jobs downloading remote scripts, a Redis exploit that injected SSH keys, and mass‑scan tools, illustrating a sophisticated multi‑stage malware infection.

Malware Analysiscrongpg-agentd
0 likes · 12 min read
Inside the GPG‑Agentd Malware: How a CentOS Server Was Hijacked and Spread via Redis
Laravel Tech Community
Laravel Tech Community
Aug 8, 2020 · Information Security

Understanding RBAC Permission Models and Authorization Processes

This article explains the core RBAC0 model and its extensions (RBAC1, RBAC2, RBAC3), discusses user groups, organizations and positions, and outlines manual and approval-based authorization workflows along with a sample database schema for implementing role‑based access control in complex systems.

Access ControlAuthorizationRBAC
0 likes · 10 min read
Understanding RBAC Permission Models and Authorization Processes
21CTO
21CTO
Aug 8, 2020 · Information Security

What Intel’s 20 GB Source Code Leak Reveals About Firmware Security

On August 6, a Swiss engineer uploaded roughly 20 GB of Intel’s internal firmware source code and confidential documents to a public file‑sharing site, prompting Intel to investigate the breach, deny a backdoor, and attribute the leak to a privileged user of its Resource and Design Center.

FirmwareIntelhardware security
0 likes · 6 min read
What Intel’s 20 GB Source Code Leak Reveals About Firmware Security
JD Tech Talk
JD Tech Talk
Aug 7, 2020 · Information Security

Fraudar: Graph-Based Fraud Detection in Bipartite Transaction Networks

The article explains how e‑commerce fraud such as fake order brushing can be modeled as a bipartite transaction network and tackled with the Fraudar algorithm, which iteratively removes low‑suspicion nodes using a global suspiciousness metric and priority‑tree structures to uncover dense suspicious sub‑graphs.

bipartite graphe-commercefraud detection
0 likes · 14 min read
Fraudar: Graph-Based Fraud Detection in Bipartite Transaction Networks
Liangxu Linux
Liangxu Linux
Aug 5, 2020 · Information Security

How to Check If Your Accounts Were Sold on the Dark Web and Secure Them

The article lists major 2020 data‑breach incidents worldwide, explains how to use HaveIBeenPwned to discover whether your credentials have been exposed, and offers practical advice on password hygiene and reliable password‑manager tools to protect your online accounts.

cybersecuritydata breachhaveibeenpwned
0 likes · 5 min read
How to Check If Your Accounts Were Sold on the Dark Web and Secure Them
IT Architects Alliance
IT Architects Alliance
Jul 27, 2020 · Industry Insights

Why Cloud Security Is Booming: Market Trends, Key Players, and Future Outlook

This report examines the rise of cloud security, defining its scope, tracing its evolution from traditional information security, analyzing market dynamics, investment and M&A activity, and evaluating the strategies of cloud providers, specialist vendors, traditional security firms, and large IT companies in the rapidly growing sector.

Cloud ComputingIndustry AnalysisMarket Trends
0 likes · 39 min read
Why Cloud Security Is Booming: Market Trends, Key Players, and Future Outlook
Architects Research Society
Architects Research Society
Jul 27, 2020 · Information Security

What Are Application Security Principles?

Application security principles are language‑agnostic design and implementation guidelines that help reduce the likelihood and impact of threats, providing a systematic way to make secure decisions, derive requirements, and identify potential defects in software systems.

Application Securityinformation securitysecure software design
0 likes · 5 min read
What Are Application Security Principles?
Architects' Tech Alliance
Architects' Tech Alliance
Jul 26, 2020 · Information Security

The Rise of Cloud Security: Market Trends, Challenges, and Competitive Landscape

Cloud security is emerging as a critical field, driven by rapid cloud adoption, evolving infrastructure, and increasing threats, with major vendors, startups, and traditional security firms competing through innovative SaaS solutions, partnerships, and acquisitions, while market forecasts predict substantial growth in the coming years.

Cloud ComputingIndustry TrendsSaaS
0 likes · 37 min read
The Rise of Cloud Security: Market Trends, Challenges, and Competitive Landscape
Alibaba Cloud Developer
Alibaba Cloud Developer
Jul 22, 2020 · Frontend Development

How Alibaba’s Data Experience Team Redefines SQL Editing and BI Visualization

This article explores Alibaba's Data Experience Technology team's comprehensive architecture for SQL editors, BI platforms, data visualization, low‑code solutions, heterogeneous rendering, and data security, highlighting design principles, performance optimizations, and future directions across the data lifecycle.

BI platformData VisualizationSQL editor
0 likes · 24 min read
How Alibaba’s Data Experience Team Redefines SQL Editing and BI Visualization
Open Source Linux
Open Source Linux
Jul 13, 2020 · Information Security

Demystifying HTTPS: How Encryption and Certificates Secure the Web

This article explains in plain language what HTTPS is, how it encrypts data using symmetric and asymmetric techniques, how it verifies server identity with digital signatures and certificates, and why these mechanisms keep web communications safe from eavesdropping and tampering.

EncryptionHTTPSdigital certificates
0 likes · 7 min read
Demystifying HTTPS: How Encryption and Certificates Secure the Web
21CTO
21CTO
Jul 10, 2020 · Information Security

Why Are ‘Black Hat’ and ‘White Hat’ Terms Under Fire in Cybersecurity?

The article examines the controversy sparked by Google’s VP withdrawing from Black Hat USA 2020 and the push for neutral terminology in cybersecurity, exploring historical origins, community reactions, and recent industry changes toward inclusive language.

Black HatTerminologyWhite Hat
0 likes · 7 min read
Why Are ‘Black Hat’ and ‘White Hat’ Terms Under Fire in Cybersecurity?
Top Architect
Top Architect
Jul 8, 2020 · Information Security

kk-anti-reptile: Spring Boot Anti‑Crawler Component and Integration Guide

The article introduces kk-anti-reptile, a Spring Boot‑based anti‑crawler component that uses servlet filters, Redis, and configurable rule chains (IP and User‑Agent), explains its workflow, shows Maven and property configurations, and provides front‑end Axios interception code for handling 509 responses.

Backend DevelopmentRedisSpring Boot
0 likes · 6 min read
kk-anti-reptile: Spring Boot Anti‑Crawler Component and Integration Guide
Architects Research Society
Architects Research Society
Jul 7, 2020 · Information Security

Understanding Cloud Access Security Brokers (CASB): Functions, Benefits, and Deployment Models

A Cloud Access Security Broker (CASB) sits between cloud service consumers and providers to enforce security, compliance, and governance policies, offering visibility, data protection, threat detection, and control over shadow IT, with various deployment modes and integration options for modern cloud environments.

CASBData ProtectionThreat Detection
0 likes · 15 min read
Understanding Cloud Access Security Brokers (CASB): Functions, Benefits, and Deployment Models
Programmer DD
Programmer DD
Jul 3, 2020 · Information Security

Why HTTPS Matters: Understanding Symmetric & Asymmetric Encryption

This article explains why HTTPS is essential, compares symmetric and asymmetric encryption, illustrates how encryption keys are securely exchanged, and outlines the three core reasons HTTPS reliably protects data from eavesdropping and man‑in‑the‑middle attacks.

EncryptionHTTPSinformation security
0 likes · 5 min read
Why HTTPS Matters: Understanding Symmetric & Asymmetric Encryption
Architecture Digest
Architecture Digest
Jun 27, 2020 · Information Security

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation

The article details the high‑severity CVE‑2020‑1948 remote code execution flaw in Apache Dubbo, describing its background, risk rating, affected versions, remediation steps, asset‑mapping data, and a timeline of disclosures to help users protect their Java RPC services.

Apache DubboCVE-2020-1948Java
0 likes · 4 min read
Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation
MaGe Linux Operations
MaGe Linux Operations
Jun 24, 2020 · Information Security

How to Secure Zabbix Data Transfer with PSK and TLS Encryption

This guide explains why Zabbix data transmission in mixed‑cloud environments requires encryption, describes the TLS/PSK and certificate‑based security options supported since Zabbix 3.0, outlines their limitations, lists compatible encryption libraries, and provides step‑by‑step configuration commands for both GnuTLS and OpenSSL.

EncryptionPSKZabbix
0 likes · 13 min read
How to Secure Zabbix Data Transfer with PSK and TLS Encryption
Sohu Tech Products
Sohu Tech Products
Jun 17, 2020 · Information Security

Analyzing and Removing Dead Code and Flower‑Instruction Obfuscation from JavaScript

This tutorial explains how to recognize and eliminate dead code and flower‑instruction obfuscation techniques in JavaScript, walks through using Obfuscator.io to generate heavily mixed code, and demonstrates step‑by‑step static analysis to strip away useless statements, ultimately restoring the original concise logic.

Dead CodeObfuscationinformation security
0 likes · 12 min read
Analyzing and Removing Dead Code and Flower‑Instruction Obfuscation from JavaScript
Architects Research Society
Architects Research Society
Jun 16, 2020 · Information Security

Information Governance: Roles, Responsibilities, and Key Processes

Information governance is a program that ensures enterprise data accuracy, completeness, consistency, accessibility, and security by establishing business‑driven roles such as a data governance committee, data stewards, and data custodians, and by defining key responsibilities, processes, and metrics for data quality, privacy, and compliance.

Data GovernanceData QualityEnterprise Data Management
0 likes · 11 min read
Information Governance: Roles, Responsibilities, and Key Processes
Laravel Tech Community
Laravel Tech Community
Jun 15, 2020 · Fundamentals

100 Network Fundamentals: Key Concepts and Definitions

This article presents a comprehensive collection of 100 essential networking concepts, covering topics such as links, OSI model layers, backbone, LAN, routers, subnet masks, VPN, NAT, TCP/IP, security measures, cabling, topologies, protocols, and many other foundational terms that every network professional should know.

OSI modelTCP/IPinformation security
0 likes · 31 min read
100 Network Fundamentals: Key Concepts and Definitions
Efficient Ops
Efficient Ops
Jun 10, 2020 · Information Security

Mastering Log Standardization: Boost Security Analytics with Flexible Parsing

This article explains why standardized log parsing is crucial for security analytics, outlines key parsing concepts, compares pre‑ and post‑parsing approaches, discusses flexible custom parsing methods, and offers practical guidance to improve accuracy and efficiency in large‑scale security environments.

SoCcustom parsinginformation security
0 likes · 12 min read
Mastering Log Standardization: Boost Security Analytics with Flexible Parsing
Efficient Ops
Efficient Ops
Jun 4, 2020 · Operations

2020 Ops Insights: Salaries, Cloud Security Rankings, and Market Trends

The article compiles 2020 industry data, revealing programmer salary averages, Alibaba Cloud's second‑place global security rating, DB‑Engines database popularity, IDC's cloud services market growth, Baidu's accelerated cloud center construction, a dip in global Ethernet switch revenue, and China Mobile's massive data‑center investment.

Cloud ComputingMarket AnalysisOperations
0 likes · 8 min read
2020 Ops Insights: Salaries, Cloud Security Rankings, and Market Trends
TAL Education Technology
TAL Education Technology
Jun 4, 2020 · Information Security

Data Security Governance: Motivation, Technical Objectives, Classification, and Management Practices

The article explains why data security governance is essential for rapidly growing businesses, outlines technical goals across the data lifecycle, describes data classification and labeling methods, and details approval processes, network security zones, and management controls to protect data throughout its lifecycle.

Data SecurityGovernanceclassification
0 likes · 10 min read
Data Security Governance: Motivation, Technical Objectives, Classification, and Management Practices
Python Programming Learning Circle
Python Programming Learning Circle
Jun 3, 2020 · Information Security

Anti‑Crawling Techniques: Server‑Side and Client‑Side Detection Strategies

The article examines why web content needs protection, explains common server‑side header checks, describes client‑side JavaScript fingerprinting and headless‑browser detection methods, and outlines practical anti‑crawling measures such as CAPTCHAs and robots.txt, highlighting the ongoing cat‑and‑mouse game between crawlers and defenders.

HTTP header inspectionanti‑crawlingcaptcha
0 likes · 12 min read
Anti‑Crawling Techniques: Server‑Side and Client‑Side Detection Strategies
Liangxu Linux
Liangxu Linux
Jun 2, 2020 · Information Security

Step-by-Step Guide to Harden CentOS 7.7 Server Security

This article provides a comprehensive, step‑by‑step tutorial for hardening a CentOS 7.7 server, covering complex password creation, password‑policy configuration, PAM strength settings, login‑attempt limits, disabling root SSH access, changing the SSH port, tightening security‑group rules, command‑history limits, log monitoring, and regular data backup procedures.

CentOSinformation securitypassword policy
0 likes · 6 min read
Step-by-Step Guide to Harden CentOS 7.7 Server Security
DevOps
DevOps
Jun 2, 2020 · Information Security

How to Enhance the Security of JumpServer: Best Practices and Recommendations

This article outlines ten essential steps to strengthen JumpServer security, including upgrading the operating system and JumpServer software, updating dependencies, avoiding weak passwords, enabling OS security components, minimizing open ports, securing public access, configuring SSL, enforcing strong passwords, and enabling multi‑factor authentication.

JumpServerSystem Hardeningbastion host
0 likes · 5 min read
How to Enhance the Security of JumpServer: Best Practices and Recommendations
Java Captain
Java Captain
May 31, 2020 · Information Security

Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java

This article explains practical API security techniques for protecting data exchange with third‑party systems, covering token generation and storage, timestamp validation to mitigate DoS attacks, MD5‑based request signing with nonce, preventing duplicate submissions using Redis, and illustrates the concepts with comprehensive Java code examples.

API SecurityBackend DevelopmentJava
0 likes · 23 min read
Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java
Architects' Tech Alliance
Architects' Tech Alliance
May 16, 2020 · Information Security

Understanding Secure Boot, Trusted Boot, Intel SGX, and ARM TrustZone

This article explains the concepts of secure boot and trusted boot, discusses their limitations on general-purpose devices, and compares the application workflows and security properties of Intel SGX and ARM TrustZone, highlighting practical usage scenarios such as DRM-protected media.

Intel SGXSecure Bootarm trustzone
0 likes · 10 min read
Understanding Secure Boot, Trusted Boot, Intel SGX, and ARM TrustZone
Meituan Technology Team
Meituan Technology Team
May 14, 2020 · Information Security

How Meituan Built Zeus: Inside a Scalable Security Rule Engine

This article examines Meituan's custom rule engine Zeus, detailing the security challenges of a massive multi‑service platform, the architectural decisions made to decouple risk logic, the implementation of reusable factors and rule groups, and the ongoing push toward automated, intelligent risk mitigation.

MeituanRisk ManagementRule Engine
0 likes · 21 min read
How Meituan Built Zeus: Inside a Scalable Security Rule Engine
Huawei Cloud Developer Alliance
Huawei Cloud Developer Alliance
Apr 30, 2020 · Information Security

How to Combine Proxies and Scanners to Cut Web Vulnerability False Positives

This article explores the limitations of traditional web vulnerability scanners and manual testing, proposes a proxy‑based architecture that captures real user requests for centralized analysis, demonstrates a demo implementation using Burp and custom scanners, and reflects on the design's strengths and remaining challenges.

false positivesinformation securityproxy
0 likes · 7 min read
How to Combine Proxies and Scanners to Cut Web Vulnerability False Positives
DataFunTalk
DataFunTalk
Apr 17, 2020 · Artificial Intelligence

Data Privacy and Differential Privacy Techniques for Machine Learning

The article reviews the growing importance of data privacy in machine learning, explains privacy concepts and attack vectors, and details anonymization methods such as k‑anonymity, l‑diversity, t‑closeness, as well as differential privacy techniques and their practical applications.

Differential Privacydata privacyinformation security
0 likes · 13 min read
Data Privacy and Differential Privacy Techniques for Machine Learning
ITPUB
ITPUB
Apr 16, 2020 · Information Security

Why the Pandownload Developer Was Arrested and What It Means for Baidu Cloud Users

The article explains the rise of Pandownload as a third‑party Baidu Cloud download tool, its technical basis on Aria2, massive user base and modest profits, the police raid that led to the developer's arrest, and the broader legal and security implications for similar software.

Baidu CloudDownload ToolsPandownload
0 likes · 7 min read
Why the Pandownload Developer Was Arrested and What It Means for Baidu Cloud Users
Efficient Ops
Efficient Ops
Mar 31, 2020 · Information Security

Can You Really Destroy Alipay’s Storage? Inside Financial Data Center Redundancy

This article explores the layered redundancy of financial data centers, explaining hot and cold backups, multi‑site architectures, power supply safeguards, fire‑suppression systems, and why simply attacking a single component is unlikely to cripple services like Alipay.

Backup StrategiesData Center Securityfinancial systems
0 likes · 9 min read
Can You Really Destroy Alipay’s Storage? Inside Financial Data Center Redundancy
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Mar 25, 2020 · Information Security

Understanding Weibo Data Breaches: Credential Stuffing, Database Dumping, and Data Laundering

The article explains the recent Weibo data breach, describing how attackers used credential‑stuffing (撞库), data leakage (漏水), database dumping (拖库) and data laundering (洗库) to obtain millions of user records, the technical steps involved, and the security implications for both users and platforms.

PrivacyWeibocredential stuffing
0 likes · 6 min read
Understanding Weibo Data Breaches: Credential Stuffing, Database Dumping, and Data Laundering
21CTO
21CTO
Mar 22, 2020 · Information Security

Fake WeChat App Exposes Security Flaws: From Reverse Engineering to Criminal Conviction

A Chinese court case reveals how a reverse‑engineered, unauthorized WeChat client for feature phones spread illegal ads, compromised encrypted communications, and led to criminal charges for providing tools to infiltrate computer systems, highlighting serious information‑security risks and the legal consequences of software piracy.

ChinaSoftware PiracyWeChat
0 likes · 8 min read
Fake WeChat App Exposes Security Flaws: From Reverse Engineering to Criminal Conviction