Category Archives: Security

在 Git/Mercurial/Subversion 上 "-" 發生的問題

Posted on August 16, 2017 by Gea-Suan Lin

在「[ANNOUNCE] Git v2.14.1, v2.13.5, and others」這邊看到 - 開頭產生的問題： These contain a security fix for CVE-2017-1000117, and are released in coordination with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these systems, respectively, for issues … Continue reading →

Posted in Computer, Murmuring, Network, Security, Software | Tagged control, cve, dash, filter, forbid, git, mercurial, name, repository, security, source, subversion, system, version | Leave a comment

AWS CloudHSM 支援 FIPS 140-2 Level 3 了

Posted on August 15, 2017 by Gea-Suan Lin

AWS CloudHSM 推出了一些新功能：「AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads」。其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了： More Secure – CloudHSM Classic (the original model) supports the generation and use of … Continue reading →

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security, Service | Tagged amazon, aws, cloud, cloudhsm, encryption, fips, hardware, hsm, level, module, pricing, secure, security | Leave a comment

加州的手機防竊提案讓失竊率下降不少...

Posted on August 14, 2017 by Gea-Suan Lin

2013 的時候提過「加州的手機防竊提案...」，後來在 2015 年生效： In a press release sent to reporters on Thursday, George Gascón said that since the law went into effect on July 1, 2015[,] 在兩大陣營都有類似的功能： Such a kill switch has become standard in all iPhones ("Activation Lock") … Continue reading →

Posted in Computer, Hardware, Murmuring, Security, Social, Telephone | Tagged activation, android, california, device, francisco, ios, iphone, kill, law, lock, mobile, protection, san, switch, theft | 2 Comments

VPN 的評價

Posted on August 13, 2017 by Gea-Suan Lin

文章的作者試了很多家 VPN 服務，然後文章的標題有點長，有種輕小說的感覺...：「I tested the most recommended VPN providers using my credit card to find the best ones — and which ones you should avoid.」。不過這種文章有很多東西很主觀，大家心裡有個底就是了... 作者比較滿意的是 TunnelBear 與 OVPN 這兩家，也許等手上 PIA 到期的時候再試看看要怎麼選好了，畢竟 PIA 還是目前最便宜的方案。

Posted in Computer, Murmuring, Network, Privacy, Security, Service, VPN | Tagged access, anonymous, internet, openvpn, ovpn, pia, privacy, private, provider, report, security, tunnel, tunnelbear, vpn | Leave a comment

來拉板凳看日本警視廳對 Open Source 的敵意...

Posted on August 8, 2017 by Gea-Suan Lin

出自 Twitter 上的這則 tweet：【OSSの利用】オープンソースソフトウェア（OSS）は、コスト面等のメリットが大きい反面、セキュリティ（脆弱性）等に不安があります。OSSを利用する場合は、機能だけでなくセキュリティのテストをしっかり行うとともに、バージョンをリスト化して管理し、脆弱性情報の把握に心がけましょう。 — 警視庁サイバーセキュリティ対策本部 (@MPD_cybersec) August 7, 2017 下面已經開始有人在吵了，該來拉板凳了...

Posted in Computer, Murmuring, Network, Programming, Security, Social, Software | Tagged cyber, cybersec, japan, open, oss, police, security, source, tweet, twitter | Leave a comment

超過三億筆的密碼 (Hash 過的)

Posted on August 7, 2017 by Gea-Suan Lin

Troy Hunt 放出三億筆 SHA1 hash 過的密碼讓大家研究：「Introducing 306 Million Freely Downloadable Pwned Passwords」。他引用了 NIST 新的草案中對密碼的建議，阻擋已知外洩的密碼：檔案可以在「I been pwned? Pwned Passwords」這邊下載。

Posted in Computer, Murmuring, Network, Privacy, Security, Service, Social | Tagged database, db, download, hash, hunt, leak, nist, password, pwned, sha1, troy | Leave a comment

GitHub 推出軟體版的 U2F Authenticator (目前只有 macOS)

Posted on July 26, 2017 by Gea-Suan Lin

用軟體實做 U2F，目前是開發在 macOS 上：「Introducing Soft U2F, a software U2F authenticator for macOS」。實在是不愛這種方式，由於是軟體式的，安全性低了不少... (機器被入侵後就都沒有防護了) 不過 U2F 是目前少數可以在 protocol 層抵抗 phishing 的方式，相較於一般 OTP 的方式還是得很注意網址，所以站在推廣的立場的確是希望能多一點人用...

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged apple, authenticator, github, mac, macos, security, soft, software, token, u2f | Leave a comment

在飯店裡攻擊企業的高階主管

Posted on July 26, 2017 by Gea-Suan Lin

算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明... 這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管，想辦法塞木馬取得資訊，或是滲透進企業內部的網路：「Hackers are using hotel Wi-Fi to spy on guests, steal data」。 Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in … Continue reading →

Posted in Computer, Murmuring, Network, Security, VPN | Tagged apt, attack, data, hacking, hotel, malware, network, security, trojan, vpn, wifi | Leave a comment

Adobe Flash 將在 2020 年 End of Life

Posted on July 26, 2017 by Gea-Suan Lin

Adobe 發出的公告，將在 2020 年中止所有對 Flash 的支援：「Flash & The Future of Interactive Content」。 Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new … Continue reading →

Posted in Browser, Computer, GoogleChrome, IE, Murmuring, Network, Security, Software, WWW | Tagged adobe, content, end, eol, flash, format, google, life, microsoft, of, open, standard, web | 1 Comment

Telegram 使用 CDN 加速下載

Posted on July 25, 2017 by Gea-Suan Lin

Telegram 說明他們將會使用 CDN 加速：「More Speed and Security!」。資料在 CDN 的節點上是加密的，金鑰需要透過 Telegram 的 key server 提供： While these caching nodes are only used to temporarily store public media (imagine Telegram versions of superpopular YouTube hits), all data that goes through them … Continue reading →

Posted in CDN, Computer, Murmuring, Network, Privacy, Security, Service, Software, WWW | Tagged aes, cache, cdn, ctr, encryption, im, isp, key, network, node, privacy, security, speed, telegram | 1 Comment

Category Archives: Security

在 Git/Mercurial/Subversion 上 "-" 發生的問題

VPN 的評價

GitHub 推出軟體版的 U2F Authenticator (目前只有 macOS)

在飯店裡攻擊企業的高階主管

Adobe Flash 將在 2020 年 End of Life

Telegram 使用 CDN 加速下載

Recent Comments

Archives

Categories

Blogroll

Meta

Category Archives: Security

Recent Comments

Archives

Tags

Categories

Blogroll

Meta