Tagged articles

information security

1019 articles · Page 9 of 11
Efficient Ops
Efficient Ops
Mar 21, 2020 · Information Security

Why Did Apple Devices Show Certificate Errors on March 20, 2020?

In March 2020, Apple devices displayed security warnings because the HTTPS certificate for appleimap.163.com had expired due to NetEase Mail’s failure to renew it, highlighting how overlooked certificate management can disrupt services and underscoring the need for automated monitoring tools in large organizations.

AppleCertificateNetEase
0 likes · 4 min read
Why Did Apple Devices Show Certificate Errors on March 20, 2020?
Liangxu Linux
Liangxu Linux
Mar 21, 2020 · Information Security

Why HTTPS Exists: From HTTP’s Flaws to TLS Encryption Explained

This article explains why HTTPS was created to address HTTP’s lack of encryption, authentication, and integrity, describes how TLS/SSL adds security, details the roles of symmetric and asymmetric encryption, hash algorithms, digital certificates, and the full handshake process that secures modern web communication.

EncryptionHTTPSSSL
0 likes · 19 min read
Why HTTPS Exists: From HTTP’s Flaws to TLS Encryption Explained
Open Source Linux
Open Source Linux
Mar 18, 2020 · Information Security

How a Baidu Ops Engineer Was Sentenced for Mining Crypto on 155 Servers

A former Baidu operations engineer illegally mined Bitcoin and Monero using 155 of the company's search servers, earning about 100,000 CNY before being caught, fined, and sentenced to three years in prison, highlighting severe risks of abusing corporate computing resources.

Baiducryptocurrencyinformation security
0 likes · 9 min read
How a Baidu Ops Engineer Was Sentenced for Mining Crypto on 155 Servers
21CTO
21CTO
Mar 17, 2020 · Information Security

When Ops Turn Rogue: Inside Baidu’s 2018 Crypto‑Mining Scandal

A Baidu operations engineer illegally mined cryptocurrency on more than 150 company servers in 2018, netting over 100,000 RMB, was caught, sentenced to three years in prison and a fine, and the case now serves as a stark reminder of insider threats and the need for strict access controls in IT operations.

Operations Riskcrypto mininginformation security
0 likes · 7 min read
When Ops Turn Rogue: Inside Baidu’s 2018 Crypto‑Mining Scandal
Top Architect
Top Architect
Mar 4, 2020 · Information Security

ISO 27001 Security Framework and Building an Enterprise Information Security System

This article explains why enterprises need information security, outlines the core security requirements such as data protection and business continuity, and presents a phased ISO 27001‑based roadmap—including short‑term, medium‑term goals, management policies, network segmentation, third‑party compliance, and budgeting—to establish a comprehensive security architecture.

ISO 27001complianceinformation security
0 likes · 6 min read
ISO 27001 Security Framework and Building an Enterprise Information Security System
Tencent Tech
Tencent Tech
Feb 28, 2020 · Information Security

How to Safeguard Enterprise Data in the Cloud: Practical Strategies

This article explains why data security is vital for businesses, outlines common technical, process and human threats, and provides actionable cloud‑based measures—including backup strategies, snapshot usage, permission management, data classification, and encryption—to protect enterprise data throughout its lifecycle.

Access ControlCloud ComputingCloud Services
0 likes · 13 min read
How to Safeguard Enterprise Data in the Cloud: Practical Strategies
Youzan Coder
Youzan Coder
Feb 27, 2020 · Information Security

System Stability and Security Measures in SaaS: Yazan's Approach

Yazan’s SaaS platform maintains 99.99% uptime through robust IaaS infrastructure, dedicated DBA and network teams, while defending against DDoS attacks and data breaches with ISO‑27001 and CSA C*STAR‑aligned security controls, employing multi‑cloud real‑time and cold backups and offering compensation for outage‑related business impacts.

Cloud ComputingDDoS protectionRisk Management
0 likes · 17 min read
System Stability and Security Measures in SaaS: Yazan's Approach
ITPUB
ITPUB
Feb 26, 2020 · Information Security

What We Learned from the Weimeng Data Deletion Disaster: Backup and Permission Strategies

The article analyzes the recent Weimeng database deletion incident, explains why recovery took 36 hours, and provides practical guidance on backup practices, minimal‑privilege management, and cloud‑based disaster recovery to prevent similar data loss in small and large organizations.

Database SecurityOperationsPermission Management
0 likes · 9 min read
What We Learned from the Weimeng Data Deletion Disaster: Backup and Permission Strategies
Programmer DD
Programmer DD
Feb 26, 2020 · Information Security

Inside the Weimob Data Deletion: Lessons on Permissions and Backup

A malicious insider deleted Weimob's primary and backup databases, prompting a slow recovery effort and highlighting the critical need for stricter permission controls and reliable backup mechanisms to prevent similar incidents.

Data lossPermission Managementbackup strategy
0 likes · 5 min read
Inside the Weimob Data Deletion: Lessons on Permissions and Backup
Ziru Technology
Ziru Technology
Feb 16, 2020 · Information Security

Mastering Drozer: Step‑by‑Step Android Security Testing Guide

This guide walks through installing Drozer, configuring port forwarding, connecting the console, and using a variety of commands to enumerate packages, activities, content providers, services, and broadcast receivers on Android devices, while also addressing common errors and demonstrating vulnerability scans such as SQL injection and directory traversal.

Drozerinformation securitymobile security
0 likes · 9 min read
Mastering Drozer: Step‑by‑Step Android Security Testing Guide
ITPUB
ITPUB
Feb 14, 2020 · Information Security

How a Former Tech Director Sabotaged a SaaS Database: A Real‑World InfoSec Case Study

In June 2018, a disgruntled former technical director of a Zhejiang company used retained Alibaba Cloud credentials to delete database indexes and tables, crippling a SaaS platform for over five hours, causing millions in losses, and was later convicted of destroying computer information systems with a suspended sentence.

Alibaba Cloudcloud securitycomputer crime
0 likes · 8 min read
How a Former Tech Director Sabotaged a SaaS Database: A Real‑World InfoSec Case Study
Python Crawling & Data Mining
Python Crawling & Data Mining
Feb 1, 2020 · Information Security

How to Detect Hidden Hotel Cameras with Python and Scapy

This guide shows how to use Python's scapy library to send ARP broadcast packets, collect MAC addresses of devices on a hotel Wi‑Fi network, query their manufacturers, and identify potential hidden cameras, providing a practical method for ensuring hotel security.

Network ScanningScapyarp
0 likes · 5 min read
How to Detect Hidden Hotel Cameras with Python and Scapy
Efficient Ops
Efficient Ops
Jan 16, 2020 · Information Security

What Are the Top 10 Cybersecurity Threats Predicted for 2020?

The article outlines ten major 2020 cybersecurity forecasts—including surging ransomware, sophisticated phishing, faster threat detection, expanding attack surfaces, emerging IoT security laws, stricter GDPR enforcement, OT security challenges, and the rise of managed security services—to help organizations prepare for the evolving threat landscape.

2020Phishingcybersecurity
0 likes · 13 min read
What Are the Top 10 Cybersecurity Threats Predicted for 2020?
ITPUB
ITPUB
Dec 13, 2019 · Information Security

Why ElasticSearch Data Breaches Keep Happening: 2.7 B Emails Exposed

A recent ElasticSearch breach exposed 2.7 billion email addresses, one‑billion plain‑text passwords and hundreds of thousands of birth‑certificate copies, highlighting persistent security gaps in cloud‑based search services despite growing corporate safeguards.

Elasticsearchcloud storagedata breach
0 likes · 4 min read
Why ElasticSearch Data Breaches Keep Happening: 2.7 B Emails Exposed
IT Architects Alliance
IT Architects Alliance
Dec 9, 2019 · Information Security

Why Antivirus Software Is Fading: Market Trends and Future Outlook

The article analyzes the sharp decline of the antivirus software market, citing reduced search interest, Microsoft’s free built‑in Defender, high development costs, shifting user habits toward mobile devices, and offers guidance on when third‑party protection may still be needed.

AntivirusIndustry AnalysisMicrosoft Defender
0 likes · 10 min read
Why Antivirus Software Is Fading: Market Trends and Future Outlook
21CTO
21CTO
Dec 3, 2019 · Information Security

When Is Web Scraping Legal? A Developer’s Guide to Chinese Cyber Laws

This article explains the legal boundaries of web crawling in China, covering recent cybersecurity regulations, what makes a crawler illegal or legal, common developer questions, and practical advice to avoid personal‑data violations and criminal liability.

Chinese lawWeb Scrapingcrawler ethics
0 likes · 10 min read
When Is Web Scraping Legal? A Developer’s Guide to Chinese Cyber Laws
Programmer DD
Programmer DD
Nov 16, 2019 · Information Security

Why HTTPS Needs Both Symmetric and Asymmetric Encryption: A Deep Dive

This article reconstructs the design of HTTPS step by step, explaining why both symmetric and asymmetric encryption are required, how key negotiation works, the role of digital certificates and certificate authorities, and the underlying security concepts that protect client‑server communication.

EncryptionHTTPSPublic Key Infrastructure
0 likes · 13 min read
Why HTTPS Needs Both Symmetric and Asymmetric Encryption: A Deep Dive
Architecture Digest
Architecture Digest
Nov 16, 2019 · Operations

What Happens If Alipay’s Data Centers Are Physically Destroyed? A Deep Dive into Redundancy and Disaster Recovery

The article examines how Alipay’s financial data would survive a physical destruction of its servers by explaining multi‑site data center architectures, hot and cold backups, power redundancy, fire‑suppression systems, and the role of partner banks in data recovery, highlighting the extensive resilience measures in modern financial infrastructures.

AlipayData CenterDisaster Recovery
0 likes · 8 min read
What Happens If Alipay’s Data Centers Are Physically Destroyed? A Deep Dive into Redundancy and Disaster Recovery
Senior Brother's Insights
Senior Brother's Insights
Nov 14, 2019 · Information Security

Why HTTPS Needs Both Symmetric and Asymmetric Encryption: A Step‑by‑Step Design Walkthrough

This article reconstructs the design of HTTPS by starting from a simple secure chat, explaining why symmetric encryption alone cannot secure web traffic, introducing asymmetric encryption for key exchange, detailing how digital certificates and certificate authorities solve public‑key distribution, and summarizing the TLS handshake process.

HTTPSdigital certificatesinformation security
0 likes · 12 min read
Why HTTPS Needs Both Symmetric and Asymmetric Encryption: A Step‑by‑Step Design Walkthrough
360 Tech Engineering
360 Tech Engineering
Nov 12, 2019 · Information Security

Improving Product Quality through Code Vulnerability Scanning and Deep Code Search

The article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques, outlines the system architecture and incremental indexing pipeline, and shows how these practices can substantially raise overall product quality.

Code ScanningCode searchProduct Quality
0 likes · 13 min read
Improving Product Quality through Code Vulnerability Scanning and Deep Code Search
DevOps
DevOps
Nov 11, 2019 · Operations

Capital One DevOps Transformation: Data‑Driven Innovation, Cloud Migration, and AI‑Enabled Services

This case study details Capital One’s evolution from a regional credit‑card unit to a data‑centric financial giant, highlighting its vision, data‑driven product strategy, big‑data analytics, AI‑powered customer service, cloud migration to AWS, and the DevOpsSec practices that enabled rapid, secure, and scalable innovation across banking, automotive finance, and digital services.

Big DataFinTechdevops
0 likes · 19 min read
Capital One DevOps Transformation: Data‑Driven Innovation, Cloud Migration, and AI‑Enabled Services
MaGe Linux Operations
MaGe Linux Operations
Nov 3, 2019 · Information Security

Essential Linux Security Hardening: From Account Safety to Rootkit Detection

This comprehensive guide walks operations engineers through Linux security hardening—covering account and login protection, service minimization, password and key authentication, proper use of su/sudo, banner trimming, remote access safeguards, file system security, rootkit detection tools, and step‑by‑step post‑attack response—to build resilient servers against modern threats.

Rootkit DetectionSystem Hardeninginformation security
0 likes · 24 min read
Essential Linux Security Hardening: From Account Safety to Rootkit Detection
Selected Java Interview Questions
Selected Java Interview Questions
Nov 2, 2019 · Information Security

Understanding Single Sign-On (SSO) Mechanisms: Shared Session, OpenID, Cookie, and Cross‑Domain Solutions

This article explains the principles of single sign‑on and compares several practical implementations—including shared session via Redis, OpenID‑based authentication, cookie‑based OpenID storage, and cross‑domain JSONP techniques—while also discussing their limitations and security considerations.

OpenIDSSOSingle Sign-On
0 likes · 8 min read
Understanding Single Sign-On (SSO) Mechanisms: Shared Session, OpenID, Cookie, and Cross‑Domain Solutions
Liangxu Linux
Liangxu Linux
Oct 21, 2019 · Information Security

How Everything’s HTTP Server Exposes Your Files and How to Secure It

The popular Windows file‑search tool Everything includes an HTTP server that, when left unsecured, lets anyone who knows your IP and port browse and download every file on your computer, exposing personal data that can even be indexed by search engines, but simple configuration changes can close the leak.

File SearchHTTP serverPrivacy
0 likes · 7 min read
How Everything’s HTTP Server Exposes Your Files and How to Secure It
ITPUB
ITPUB
Oct 21, 2019 · Information Security

Can Nearby Wi‑Fi Devices Exploit a Linux Realtek Driver Flaw?

A recently disclosed Linux kernel vulnerability (CVE‑2019‑17666) in the Realtek RTLWIFI driver allows remote code execution via specially crafted Wi‑Fi Direct frames, affecting devices with Realtek chips and requiring no user interaction, with a fix pending kernel integration.

CVE-2019-17666LinuxRealtek
0 likes · 4 min read
Can Nearby Wi‑Fi Devices Exploit a Linux Realtek Driver Flaw?
21CTO
21CTO
Oct 13, 2019 · Information Security

How Ken Thompson’s Vintage Unix Password Was Finally Cracked

Leah Neukirchen uncovered historic Unix passwords, cracked many using John the Ripper and hashcat, and after months of effort Nigel Williams finally revealed Ken Thompson’s long‑uncracked password, which turns out to be a clever chess‑notation hint.

Ken ThompsonPassword CrackingUnix
0 likes · 4 min read
How Ken Thompson’s Vintage Unix Password Was Finally Cracked
Architects Research Society
Architects Research Society
Sep 21, 2019 · Information Security

12 Best Cybersecurity Practices for 2019

This article outlines twelve essential cybersecurity practices for 2019, covering biometric authentication, tiered security policies, risk‑based approaches, regular backups, IoT security, multi‑factor authentication, password management, least‑privilege principles, privileged‑user monitoring, third‑party access control, phishing awareness, and employee training.

Data ProtectionMFAbest practices
0 likes · 18 min read
12 Best Cybersecurity Practices for 2019
360 Smart Cloud
360 Smart Cloud
Aug 29, 2019 · Artificial Intelligence

360 Selected to Build a National New‑Generation AI Open Innovation Platform for a Security Brain

At the 2019 World Artificial Intelligence Conference, the Ministry of Science and Technology announced ten national AI open‑innovation platforms, selecting 360 to lead the security‑brain platform, highlighting its role in AI‑driven cybersecurity, big‑data analytics, cloud and blockchain technologies.

360Big DataNational Platform
0 likes · 4 min read
360 Selected to Build a National New‑Generation AI Open Innovation Platform for a Security Brain
58 Tech
58 Tech
Aug 29, 2019 · Information Security

Graph-Based Anomaly Detection Framework for Security Threats

The article presents a graph‑based anomaly detection architecture that tackles black‑market resource switching by constructing complex user‑traffic networks, mining graph similarities, and applying multi‑dimensional strategies to achieve high‑accuracy detection while meeting timeliness, performance, and interpretability requirements.

Anomaly DetectionBig Databehavior analysis
0 likes · 8 min read
Graph-Based Anomaly Detection Framework for Security Threats
360 Tech Engineering
360 Tech Engineering
Aug 19, 2019 · Information Security

Highlights of the 7th Internet Security Conference: Global Collaboration and Emerging Cybersecurity Challenges

The 7th Internet Security Conference in Beijing gathered international experts to discuss the merging of cyberspace and physical space, the heightened impact of 5G and industrial IoT on cyber attacks, and collaborative strategies among China, Israel, Russia, and Singapore to build a comprehensive security ecosystem.

5GInternational Cooperationconference
0 likes · 8 min read
Highlights of the 7th Internet Security Conference: Global Collaboration and Emerging Cybersecurity Challenges
Qunar Tech Salon
Qunar Tech Salon
Aug 6, 2019 · Information Security

Data Security Construction at Qunar: Practices and Experience

This article describes Qunar's comprehensive data security framework, covering data classification, warehouse access control, permission compliance, encryption, leakage detection, and the supporting institutional policies that together enable a small security team to protect large‑scale business data.

Access ControlData SecurityEncryption
0 likes · 13 min read
Data Security Construction at Qunar: Practices and Experience
Alibaba Cloud Developer
Alibaba Cloud Developer
Aug 1, 2019 · Information Security

How MPC‑Based Key Management Eliminates Key Leakage Risks

This article explains the challenges of traditional key management, compares local and server‑side encryption approaches, and introduces a secure multi‑party computation (MPC) key management system that distributes key fragments across multiple servers to prevent key exposure even if some nodes are compromised.

MPCThreshold Cryptographyinformation security
0 likes · 9 min read
How MPC‑Based Key Management Eliminates Key Leakage Risks
21CTO
21CTO
Jul 27, 2019 · Information Security

How US Sanctions Are Silencing GitHub Users Worldwide

The article examines how recent U.S. sanctions have led GitHub to restrict private repositories and access for developers in regions such as Crimea and Iran, detailing specific limitations, personal accounts affected, community workarounds, and the broader implications for open‑source collaboration.

GitHubaccount restrictionsdata backup
0 likes · 8 min read
How US Sanctions Are Silencing GitHub Users Worldwide
Ziru Technology
Ziru Technology
Jul 25, 2019 · Information Security

PKI, Digital Signatures & SSH: A Practical Guide to Information Security

This article explains the fundamentals of Public Key Infrastructure, the differences between symmetric and asymmetric encryption, how digital signatures and certificates ensure data integrity and authenticity, and illustrates the SSH protocol’s secure authentication mechanisms, providing a comprehensive overview of modern information security techniques.

EncryptionPKIdigital signature
0 likes · 16 min read
PKI, Digital Signatures & SSH: A Practical Guide to Information Security
Architects Research Society
Architects Research Society
Jul 17, 2019 · Information Security

Understanding Open‑Source Dependency Security Risks and Available Scanning Tools

This article explains why open‑source components constitute a major attack surface, outlines the fragmented nature of vulnerability information, debunks the myth that open‑source code is inherently safer, and reviews a range of tools—both open‑source and commercial—that help organizations detect and manage security risks in software dependencies.

dependency managementinformation securitysoftware security
0 likes · 11 min read
Understanding Open‑Source Dependency Security Risks and Available Scanning Tools
360 Tech Engineering
360 Tech Engineering
Jul 3, 2019 · Information Security

File Upload Vulnerabilities and Mitigation Strategies

The article explains how attackers can exploit file upload functionality by uploading malicious files, crafted filenames, SVG payloads, or symlinks to achieve remote code execution, data theft, or server denial‑of‑service, and provides practical defense measures such as whitelist validation, content‑type checks, and upload rate limiting.

Node.jsSVGVulnerability
0 likes · 8 min read
File Upload Vulnerabilities and Mitigation Strategies
Architects' Tech Alliance
Architects' Tech Alliance
Jul 2, 2019 · Information Security

Data Backup and Replication Technologies: Methods, Architectures, and Best Practices

This article provides a comprehensive overview of data backup and replication technologies, covering file‑level and block‑level backup, remote copy methods, snapshot mechanisms, CoFW vs RoFW approaches, backup destinations, data paths, and strategies such as full, incremental, and differential backups.

Backup StrategiesSnapshotdata backup
0 likes · 25 min read
Data Backup and Replication Technologies: Methods, Architectures, and Best Practices
21CTO
21CTO
Jun 28, 2019 · Fundamentals

Beijing’s Software Industry Surpasses Trillion-Yuan Mark: 2019 Report Highlights

The 2019 Beijing Software and Information Service Industry Development Report reveals that the sector’s scale exceeded one trillion yuan, with double‑digit growth in cloud computing, big data, AI and cybersecurity, while talent, investment, and regional collaboration propelled the city to a leading national position.

BeijingBig DataSoftware Industry
0 likes · 9 min read
Beijing’s Software Industry Surpasses Trillion-Yuan Mark: 2019 Report Highlights
Tencent Cloud Developer
Tencent Cloud Developer
Jun 10, 2019 · Information Security

Third Tencent Information Security Competition (TCTF 2019) Finals Summary and Highlights

After a grueling 30‑hour showdown in Shanghai, the 2019 Tencent Information Security Competition crowned r3kapig as international champion with Balsn and Tea Deliverers trailing, while Fudan’s Whitzard seized the New Star title and a DEF CON berth, highlighting Chinese dominance, cutting‑edge cloud/IoT challenges, live commentary, and Tencent’s role in cultivating cybersecurity talent across universities.

CTFTCTF 2019Tencent
0 likes · 8 min read
Third Tencent Information Security Competition (TCTF 2019) Finals Summary and Highlights
ITPUB
ITPUB
May 19, 2019 · Information Security

Uncovering a SQL Server Job That Hid a Persistent Malware Loader

This article details a multi‑stage, file‑less attack that leveraged weak SQL Server credentials, Transact‑SQL stored procedures, and WMI to download and execute a downloader (cabs.exe) which fetched multiple botnet components, and explains the forensic steps and remediation measures taken to eradicate the threat.

MalwareSQL ServerStored Procedure
0 likes · 7 min read
Uncovering a SQL Server Job That Hid a Persistent Malware Loader
21CTO
21CTO
May 17, 2019 · Information Security

Why SHA-1 Is Dead: New Prefix Collision Attack Signals Its End

A recent $100k research effort demonstrated a prefix collision attack on SHA-1, proving that attackers can forge signed documents and TLS certificates, and highlighting why the cryptographic community must retire SHA-1 in favor of stronger hash algorithms.

SHA-1cryptographydigital signatures
0 likes · 6 min read
Why SHA-1 Is Dead: New Prefix Collision Attack Signals Its End
58 Tech
58 Tech
May 16, 2019 · Information Security

Key Takeaways from the 58 Group Technical Salon on Account System Practices and Security

The 58 Group Technical Salon on April 23, 2019 presented a comprehensive overview of account system design, risk control, gateway authentication, multi‑active data synchronization, overseas account handling, cloud account platform capabilities, and security strategies, offering practical insights for building robust and secure user authentication infrastructures.

account systemcloud accountgateway authentication
0 likes · 10 min read
Key Takeaways from the 58 Group Technical Salon on Account System Practices and Security
58 Tech
58 Tech
May 8, 2019 · Information Security

Overview of Web Crawling, Anti‑Crawling Techniques, and 58 Anti‑Crawling System

This article introduces the fundamentals of web crawlers, typical crawling methods, and a comprehensive set of anti‑crawling strategies—including IP control, browser and device simulation, CAPTCHA cracking, and traffic analysis—while detailing the architecture and capabilities of the 58 anti‑crawling platform.

Traffic analysisanti‑crawlingbot detection
0 likes · 17 min read
Overview of Web Crawling, Anti‑Crawling Techniques, and 58 Anti‑Crawling System
21CTO
21CTO
Apr 27, 2019 · Information Security

What Happens When a Drone Company’s Source Code Leaks? Legal and Security Lessons

A former DJI software engineer uploaded proprietary agricultural drone code to a public GitHub repository, leading to a criminal conviction for commercial‑secret theft, a six‑month prison term, a fine, and a detailed look at the legal penalties and security implications of such leaks.

DJIGitHubcommercial secret
0 likes · 5 min read
What Happens When a Drone Company’s Source Code Leaks? Legal and Security Lessons
Architects' Tech Alliance
Architects' Tech Alliance
Apr 9, 2019 · Information Security

GandCrab V5.2 Ransomware: Global Impact, Attack Methods, and Defense Strategies

GandCrab V5.2, a Bitcoin‑based ransomware first seen in 2018, has recently surged across Brazil, the US, India, Indonesia, Pakistan and especially China, using spam‑email delivery, web‑inject attacks and known vulnerabilities, while remaining largely uncrackable and prompting security teams to recommend strict email hygiene, patching, and anti‑malware measures.

GANDCRABcryptocurrencyinformation security
0 likes · 7 min read
GandCrab V5.2 Ransomware: Global Impact, Attack Methods, and Defense Strategies
Java Architecture Diary
Java Architecture Diary
Apr 9, 2019 · Information Security

How to Build an OAuth2.0 Authorization Server with Spring Cloud

This article explains how to create an open platform using OAuth2.0 authorization code flow, configure Spring Cloud dependencies, set up the authorization and security servers, test the endpoints, and customize the login and confirmation pages, providing complete code examples and diagrams.

OAuth2.0authorization-serverinformation security
0 likes · 7 min read
How to Build an OAuth2.0 Authorization Server with Spring Cloud
21CTO
21CTO
Mar 21, 2019 · Information Security

Why Tencent Demanded Duoshan Remove Your WeChat Avatar: A Data Privacy Showdown

The article examines Tencent's legal push to force ByteDance's Duoshan app to stop using users' WeChat/QQ avatars and nicknames, detailing the data‑sharing dispute, the PR tactics that spiked Duoshan's DAU, and the provisional court injunction that halted the practice.

ByteDanceTencentdata privacy
0 likes · 6 min read
Why Tencent Demanded Duoshan Remove Your WeChat Avatar: A Data Privacy Showdown
Alibaba Cloud Infrastructure
Alibaba Cloud Infrastructure
Mar 19, 2019 · Information Security

Alibaba Cloud DNS Engineer Guo Chuan Presents at ICANN64: Practices, Security Challenges, and Future Directions

Alibaba Cloud DNS senior engineer Guo Chuan, the sole Chinese participant selected for the ICANN64 Talent Program, delivered a keynote on DNS practice, highlighted stability and security challenges, discussed DoH/DoT, DNSSEC, IoT impacts, and emphasized collaborative governance for a resilient global internet infrastructure.

DNSDNSSECDoH
0 likes · 5 min read
Alibaba Cloud DNS Engineer Guo Chuan Presents at ICANN64: Practices, Security Challenges, and Future Directions
Alibaba Cloud Developer
Alibaba Cloud Developer
Mar 12, 2019 · Information Security

Why Publicly Verifiable Covert MPC Is a Game‑Changer for Secure Computation

This article explains the fundamentals of secure multi‑party computation, walks through oblivious transfer and garbled circuits, and introduces a novel publicly verifiable covert (PVC) model that offers near‑half‑honest performance with strong cheating deterrence, highlighting its practical impact on data privacy.

Garbled CircuitsOblivious TransferPublic Verifiable Covert
0 likes · 12 min read
Why Publicly Verifiable Covert MPC Is a Game‑Changer for Secure Computation
dbaplus Community
dbaplus Community
Mar 2, 2019 · Information Security

Home Ransomware Attack: GANDCRAB, Dark Web Payments, and Backup Strategies

After his father's PC was infected by the GANDCRAB ransomware, the author recounts the alarming symptoms, explains how ransomware works, explores the role of the dark web and DASH cryptocurrency in ransom demands, and shares practical backup methods—from simple USB copies to the 3‑2‑1 principle—to protect personal data.

DASHGANDCRABbackup
0 likes · 15 min read
Home Ransomware Attack: GANDCRAB, Dark Web Payments, and Backup Strategies
MaGe Linux Operations
MaGe Linux Operations
Feb 27, 2019 · Information Security

Deploy a One‑Line PHP Backdoor and Escalate Linux Privileges

This guide walks through creating a simple PHP backdoor, using Python pty for interactive shells, compiling and exploiting local binaries, sniffing network traffic with arpsniffer and linsniffer, and applying various Linux privilege‑escalation techniques to obtain root access.

information securitynetwork sniffingprivilege escalation
0 likes · 10 min read
Deploy a One‑Line PHP Backdoor and Escalate Linux Privileges
JD Tech
JD Tech
Feb 19, 2019 · Information Security

Understanding Threat Intelligence: Types, Importance, and Application in E‑commerce Security

The article explains what threat intelligence is, classifies it into strategic, tactical, and operational categories, illustrates its critical role in modern cyber‑warfare and e‑commerce defense, and discusses the challenges of timeliness, accuracy, and sharing within the security ecosystem.

Threat Intelligencee-commerce securityinformation security
0 likes · 8 min read
Understanding Threat Intelligence: Types, Importance, and Application in E‑commerce Security
Efficient Ops
Efficient Ops
Jan 29, 2019 · Information Security

How Hackers Hijacked a Server with Hidden Accounts and Crypto‑Mining: A Forensic Walkthrough

This article details a multi‑stage server compromise that injected gambling pages, planted hidden accounts, deployed crypto‑mining software, and opened unnecessary ports, providing step‑by‑step forensic analysis, code inspection, emergency response actions, and indicators of compromise.

crypto miningincident responseinformation security
0 likes · 12 min read
How Hackers Hijacked a Server with Hidden Accounts and Crypto‑Mining: A Forensic Walkthrough
Efficient Ops
Efficient Ops
Jan 24, 2019 · Information Security

How Alibaba Scales Host Security Across Its Global Economic Ecosystem

This talk outlines Alibaba’s massive global host infrastructure, the evolving security governance from manual controls to data‑driven, automated systems, the challenges of compliance and operational efficiency, and future directions such as zero‑trust and invisible security.

Host SecurityOperationscompliance
0 likes · 16 min read
How Alibaba Scales Host Security Across Its Global Economic Ecosystem
MaGe Linux Operations
MaGe Linux Operations
Jan 14, 2019 · Information Security

Explore the Complete Network Security Mind Map: From Basics to Advanced Defenses

This article presents a comprehensive collection of network security mind maps covering introductory concepts, scanning and defense techniques, monitoring, password cracking, deception attacks, denial-of-service, buffer overflow, web, trojan, virus threats, and future trends, guiding learners through a structured technical roadmap.

cybersecuritydefense techniquesinformation security
0 likes · 3 min read
Explore the Complete Network Security Mind Map: From Basics to Advanced Defenses
Zhongtong Tech
Zhongtong Tech
Jan 11, 2019 · Information Security

How Hunter Automates Web Security Scanning in CI/CD Pipelines

This article explains how the Hunter system integrates automated web vulnerability scanning—including black‑box testing, browser‑extension traffic capture, and distributed analysis engines—into CI/CD workflows to detect security risks early, improve efficiency, and reduce manual effort.

Browser ExtensionCI/CDinformation security
0 likes · 13 min read
How Hunter Automates Web Security Scanning in CI/CD Pipelines
Xianyu Technology
Xianyu Technology
Dec 27, 2018 · Big Data

Device Fingerprinting and User Growth Architecture in Alibaba's Xianyu Platform

Alibaba’s Xianyu platform uses a multi‑signal device fingerprinting system, UMID, to uniquely identify users across Android and iOS devices, storing the data in sharded MySQL, HiStore OLAP, and Tair caches, enabling precise ad bidding, conversion tracking, and scalable user‑growth strategies.

Big Dataadvertising optimizationdevice fingerprinting
0 likes · 9 min read
Device Fingerprinting and User Growth Architecture in Alibaba's Xianyu Platform
AntTech
AntTech
Dec 19, 2018 · Information Security

Red‑Blue Technical Attack‑Defense Exercises and SRE Practices at Ant Financial

Ant Financial’s internal red‑blue technical attack‑defense program, driven by a dedicated blue team and SRE‑based red team, continuously probes system weaknesses, refines fault‑injection tools like Awatch, and evolves high‑availability and self‑healing mechanisms to strengthen risk control and operational reliability.

Fault InjectionOperationsRisk Management
0 likes · 10 min read
Red‑Blue Technical Attack‑Defense Exercises and SRE Practices at Ant Financial
Efficient Ops
Efficient Ops
Dec 18, 2018 · Information Security

How the “DriverLife” Trojan Leverages EternalBlue for Rapid Worm‑Like Spread

On December 14, Tencent's security intelligence team uncovered a “DriverLife” Trojan that exploited the high‑severity EternalBlue vulnerability to propagate like a worm, infecting up to 100,000 users within two hours, and detailed its infection chain, malicious payloads, and mitigation recommendations.

EternalBlueMalware AnalysisThreat Intelligence
0 likes · 7 min read
How the “DriverLife” Trojan Leverages EternalBlue for Rapid Worm‑Like Spread
Tencent Cloud Developer
Tencent Cloud Developer
Dec 18, 2018 · Information Security

Designing a Relatively Secure Account System: Authentication, Authorization, and Auditing

Designing a relatively secure account system requires integrating strong multi-factor authentication, fine-grained authorization models like RBAC or ABAC, and continuous real-time and offline auditing to mitigate breaches, while recognizing that absolute security is impossible and ongoing vigilance is essential.

Access ControlAuthorizationaccount security
0 likes · 17 min read
Designing a Relatively Secure Account System: Authentication, Authorization, and Auditing
NetEase Game Operations Platform
NetEase Game Operations Platform
Dec 14, 2018 · Information Security

Database Injection Attacks: Principles, Exploits, and Defense Strategies

This article explains why database injection remains a critical security threat, illustrates how attackers exploit vulnerable web applications using manual techniques and automated tools such as sqlmap, and provides comprehensive defensive measures spanning secure coding, database hardening, web‑server configuration, WAF deployment, and log‑analysis to protect sensitive data.

Database SecuritySQL InjectionSQLMap
0 likes · 17 min read
Database Injection Attacks: Principles, Exploits, and Defense Strategies
JD Tech
JD Tech
Dec 10, 2018 · Information Security

Container Sandbox for Contextual Behavior Analysis Presented at BlackHat Europe

JD Security’s Silicon Valley AI security scientist unveiled a novel container‑based sandbox at BlackHat Europe, detailing how contextual behavior analysis can detect and trace malicious code by leveraging lightweight containers, improving threat detection speed and accuracy for enterprise defenses.

AI securitySandboxThreat Detection
0 likes · 6 min read
Container Sandbox for Contextual Behavior Analysis Presented at BlackHat Europe
MaGe Linux Operations
MaGe Linux Operations
Dec 9, 2018 · Information Security

How to Identify a Django-Powered Site During Penetration Testing

This guide outlines practical techniques—ranging from analyzing debug‑mode error pages and hidden CSRF tokens to inspecting admin static files and third‑party module footprints—to reliably fingerprint Django‑based web applications during black‑box security assessments.

Backend detectionDjangoFramework fingerprinting
0 likes · 6 min read
How to Identify a Django-Powered Site During Penetration Testing
Efficient Ops
Efficient Ops
Dec 6, 2018 · Information Security

What Are the Key Recommendations in China's Draft Internet Personal Information Security Guidelines?

The draft "Internet Personal Information Security Protection Guideline" issued by China's Ministry of Public Security outlines comprehensive management mechanisms, technical safeguards, and business processes to help internet enterprises protect personal data throughout its lifecycle, and invites public feedback via the national security platform.

ChinaData ProtectionGuidelines
0 likes · 27 min read
What Are the Key Recommendations in China's Draft Internet Personal Information Security Guidelines?
21CTO
21CTO
Dec 3, 2018 · Information Security

Can Your Keyboard Secrets Be Heard? Inside the Keytap Acoustic Attack

This article explains how the open‑source Keytap project captures short audio snippets from a microphone to reconstruct typed characters, outlines its four‑step process of data collection, model building, keystroke detection, and character identification, and compares it with related acoustic eavesdropping research.

acoustic side-channelaudio keylogginginformation security
0 likes · 8 min read
Can Your Keyboard Secrets Be Heard? Inside the Keytap Acoustic Attack
Architects' Tech Alliance
Architects' Tech Alliance
Dec 2, 2018 · Information Security

Understanding Data Protection: File‑Level vs Block‑Level Backup, Remote Replication, Snapshots, and Clone Technologies

This article explains data protection concepts—including file‑level and block‑level backup, remote file copy and remote volume imaging, snapshot mechanisms such as CoFW and RoFW, and clone technologies—while discussing their advantages, drawbacks, and practical backup architectures.

Data ProtectionSnapshotbackup
0 likes · 20 min read
Understanding Data Protection: File‑Level vs Block‑Level Backup, Remote Replication, Snapshots, and Clone Technologies
ITPUB
ITPUB
Nov 26, 2018 · Information Security

Inside Linux.BtcMine.174: How Dr.Web’s New Malware Hijacks Linux Systems

Dr.Web’s recent report reveals Linux.BtcMine.174, a sophisticated 1000‑line shell‑script trojan that exploits Dirty COW or CVE‑2013‑2094 for root access, disables dozens of antivirus processes, mines cryptocurrency, and spreads via SSH‑collected hosts, with its components’ SHA‑1 hashes published on GitHub.

Cryptocurrency MiningLinuxMalware
0 likes · 3 min read
Inside Linux.BtcMine.174: How Dr.Web’s New Malware Hijacks Linux Systems
Efficient Ops
Efficient Ops
Oct 30, 2018 · Information Security

How a Former Ops Manager Illegally Escalated Privileges to Steal and Sell Code Worth 8 Million Yuan

In a 2018 Beijing police operation, a former operations supervisor illegally raised his system permissions, downloaded three proprietary project source codes from a tech company, and sold them for nearly eight million yuan, leading to the arrest of two suspects after extensive digital forensic investigation.

Case StudyChinacybercrime
0 likes · 4 min read
How a Former Ops Manager Illegally Escalated Privileges to Steal and Sell Code Worth 8 Million Yuan
JD Tech
JD Tech
Oct 25, 2018 · Information Security

Common Encryption Methods for Frontend Development

This article introduces the most frequently used encryption techniques in frontend development—including Base64 encoding, hash functions, salting, slow hash algorithms, key‑hashing, XOR, symmetric and asymmetric encryption, digital signatures, and practical CryptoJS usage—explaining their principles, appropriate scenarios, and providing ready‑to‑use code examples.

EncryptionHashJavaScript
0 likes · 14 min read
Common Encryption Methods for Frontend Development
转转QA
转转QA
Oct 10, 2018 · Information Security

Using Wireshark for Packet Capture, Filtering, and HTTPS Analysis

This article introduces Wireshark as a cross‑platform packet capture tool, explains its installation and basic UI, details capture and display filter syntax with examples, and demonstrates how to decrypt and analyze HTTPS traffic by importing SSL key logs.

FiltersHTTPSSSL/TLS
0 likes · 8 min read
Using Wireshark for Packet Capture, Filtering, and HTTPS Analysis
21CTO
21CTO
Sep 29, 2018 · Information Security

How Weak Default Passwords Exposed Ukraine’s Military Network

A Ukrainian journalist revealed that the armed forces' Dnipro system used default passwords like "admin" and "123456", allowing anyone to access critical network devices and potentially map and infiltrate the entire military network, highlighting severe information‑security risks.

Network VulnerabilityUkraineinformation security
0 likes · 4 min read
How Weak Default Passwords Exposed Ukraine’s Military Network
JD Tech
JD Tech
Sep 7, 2018 · Information Security

Big Data and AI Security Insights from ISC 2018 Conference

The ISC 2018 conference highlighted the growing importance of big data and artificial intelligence security, presenting JD's research on anti‑scraping techniques, AI‑driven defenses against black‑market attacks, and a service‑oriented approach to protecting user data across enterprises.

AI securityBig Dataanti-scraping
0 likes · 5 min read
Big Data and AI Security Insights from ISC 2018 Conference
dbaplus Community
dbaplus Community
Aug 29, 2018 · Information Security

Operations Security: Why It Matters, Common Pitfalls & Real‑World Cases

Operations security, the intersection of IT operations and security, has become critical as high‑profile vulnerabilities like Struts2, OpenSSL Heartbleed, and massive DDoS attacks expose the costly ROI of ops‑related flaws; this article defines the field, explains its importance, lists common bad practices, typical vulnerabilities, and real‑world case studies.

Vulnerability Managementbest practicesinformation security
0 likes · 17 min read
Operations Security: Why It Matters, Common Pitfalls & Real‑World Cases
21CTO
21CTO
Aug 28, 2018 · Information Security

500 Million Hotel Records Exposed: How the Massive Data Leak Impacts Your Privacy

A recent dark‑web sale revealed that over 500 million records from dozens of Huazhu hotel brands—including personal IDs, booking details, and login credentials—were compromised, prompting urgent security advice and highlighting the growing risks of large‑scale data breaches.

Privacycybercrimedata breach
0 likes · 6 min read
500 Million Hotel Records Exposed: How the Massive Data Leak Impacts Your Privacy
MaGe Linux Operations
MaGe Linux Operations
Aug 26, 2018 · Information Security

Step‑by‑Step Linux Privilege Escalation and Exploit Techniques

This guide walks through creating a PHP backdoor, leveraging Python pty for interactive shells, compiling and using arpsniffer and linsniffer, performing network sniffing with tcpdump, applying various Linux privilege‑escalation exploits, and establishing persistent root access on vulnerable systems.

exploitinformation securityphp backdoor
0 likes · 11 min read
Step‑by‑Step Linux Privilege Escalation and Exploit Techniques
Qunar Tech Salon
Qunar Tech Salon
Jul 25, 2018 · Information Security

Understanding Web Crawlers: Definitions, Types, Traffic, and Harm

This article introduces web crawlers, classifies them by technology and intent, presents statistics on crawler traffic across industries and regions, and analyzes the various harms they cause, laying the groundwork for future discussions on anti‑crawling strategies.

Traffic analysisanti‑crawlingcrawler classification
0 likes · 10 min read
Understanding Web Crawlers: Definitions, Types, Traffic, and Harm
High Availability Architecture
High Availability Architecture
Jul 12, 2018 · Information Security

Evolution of Zhihu’s Anti‑Cheat System “Wukong”: Architecture, Strategies, and Lessons Learned

This article chronicles the three‑generation evolution of Zhihu’s anti‑cheat platform Wukong, detailing its business context, spam taxonomy, multi‑layered control methods, architectural redesigns, strategy language improvements, graph‑based risk analysis, and the continuous integration of big‑data and machine‑learning techniques to combat content and behavior spam.

Big DataRisk Managementanti-cheat
0 likes · 23 min read
Evolution of Zhihu’s Anti‑Cheat System “Wukong”: Architecture, Strategies, and Lessons Learned
Architects' Tech Alliance
Architects' Tech Alliance
Jun 13, 2018 · Information Security

Why HTTPS Matters: Understanding HTTP, SSL/TLS, and Encryption Basics

This article explains the fundamentals of HTTPS by clarifying key terms such as HTTP, SSL/TLS, and encryption, describing how HTTP works over TCP, the differences between symmetric and asymmetric cryptography, and the core security requirements of confidentiality, integrity, authenticity, and performance.

EncryptionHTTPHTTPS
0 likes · 14 min read
Why HTTPS Matters: Understanding HTTP, SSL/TLS, and Encryption Basics
Efficient Ops
Efficient Ops
Jun 13, 2018 · Information Security

AcFun Data Breach Exposes Millions – How to Safeguard Your Account

In early June, AcFun announced a massive hack that leaked nearly ten million user records, including IDs, nicknames and encrypted passwords, urging users—especially those who haven’t logged in since July 2017 or use weak passwords—to change them immediately, while noting that the data is already being sold on the dark web.

AcFundark webdata breach
0 likes · 4 min read
AcFun Data Breach Exposes Millions – How to Safeguard Your Account
UCloud Tech
UCloud Tech
May 25, 2018 · Information Security

How Blockchain and Advanced Cryptography Secure Data Flow: A Deep Dive

An in‑depth overview explains how blockchain, homomorphic encryption, zero‑knowledge proofs, group and ring signatures, and differential privacy collectively secure data flow, enabling trusted sharing while preserving ownership and privacy across providers, consumers, and algorithm services.

Data FlowDifferential PrivacyHomomorphic Encryption
0 likes · 11 min read
How Blockchain and Advanced Cryptography Secure Data Flow: A Deep Dive
Meituan Technology Team
Meituan Technology Team
May 24, 2018 · Information Security

Data Security: Full Lifecycle Construction and Best Practices

The article outlines a comprehensive, layered data‑security lifecycle—from secure traffic and authentication through encrypted storage, role‑based access, audit logging, and safe production‑to‑test data handling—emphasizing privacy‑compliant practices, anti‑scraping measures, secure deletion, and incremental ROI‑driven adoption for enterprises.

Access ControlPrivacycloud infrastructure
0 likes · 24 min read
Data Security: Full Lifecycle Construction and Best Practices
DataFunTalk
DataFunTalk
May 22, 2018 · Information Security

Designing a Credit-Based Content Management System: Strategies, Risk Assessment, and AI Techniques

The article outlines how to build a credit‑based content management platform by describing the evolution of security practices, defining user‑generated, professional‑generated, and occupational content models, proposing a credit‑audit workflow with risk assessment, and presenting AI‑driven text classification and anti‑cheat methods to balance traffic, quality, and trust.

Big Dataartificial-intelligencecontent moderation
0 likes · 12 min read
Designing a Credit-Based Content Management System: Strategies, Risk Assessment, and AI Techniques
Beike Product & Technology
Beike Product & Technology
May 18, 2018 · Information Security

DEFCON China 2018: Event Report and Highlights

The article reports on DEFCON China 2018 held in Beijing, describing the conference’s significance, keynotes by Jeff Moss, diverse security topics ranging from mobile and system security to deep‑learning workshops, detailed accounts of specific talks on account hijacking and decentralized networks, and the cultural aspects such as badge colors and puzzles.

DEFCONEvent ReportWorkshops
0 likes · 6 min read
DEFCON China 2018: Event Report and Highlights
Architect's Tech Stack
Architect's Tech Stack
May 11, 2018 · Information Security

Understanding Symmetric and Asymmetric Encryption, Key Distribution, Digital Signatures, and Their Practical Applications

This article explains the fundamentals of cryptography, covering symmetric and asymmetric encryption, key distribution challenges and solutions, digital signatures, certificates, and practical applications such as SSH login, HTTPS handshakes, and API authentication, providing clear examples and code snippets.

asymmetric encryptioncryptographydigital signature
0 likes · 17 min read
Understanding Symmetric and Asymmetric Encryption, Key Distribution, Digital Signatures, and Their Practical Applications
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Apr 19, 2018 · Information Security

How Suning Built a Comprehensive Information Security Architecture

This article outlines Suning's evolution from a basic network operations unit to a sophisticated, multi‑layered security architecture that integrates organizational structure, protection platforms, risk management, big‑data threat perception, and continuous improvement to safeguard e‑commerce operations.

Big Datainformation securitymachine learning
0 likes · 10 min read
How Suning Built a Comprehensive Information Security Architecture