Category Archives: Security

Akamai 阻擋 DDoS 能力的上限

這應該是最近在看 DDoS 事件中比較重要的新聞了,從這次的事件知道 Akamai 沒有能力擋下某種 620Gbps 以上的 DDoS 攻擊,而這是攻擊者已經有能力「示範」出來的量:「Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack」。 The assault has flooded Krebs' site with more than 620 gigabits per second of traffic … Continue reading

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , | Leave a comment

CloudFlare 把 HTTPS Everywhere 的清單拿到 CDN 上用所推出的產品...

這個產品就如同標題所說的方式而已,做起來不難,只是一直沒人做就是了:「How we brought HTTPS Everywhere to the cloud (part 1)」。 傳統的作法是直接硬幹下去換掉,或是用 header 讓瀏覽器主動轉過去: A naive way to do this would be to just rewrite http:// links to https:// or let browsers do that with Upgrade-Insecure-Requests directive. 但這有必須有兩個假設成立才可以: Each single HTTP … Continue reading

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , | Leave a comment

華盛頓郵報的歷史創舉:呼籲對告密者的求刑

在英國衛報與華盛頓郵報因報導 Snowden 事件而拿到 2014 年的普立茲獎後,華盛頓郵報正式公開立場,表達應該將 Snowden 弄回美國受審,而非現在大家在呼籲的特赦:「WashPost Makes History: First Paper to Call for Prosecution of Its Own Source (After Accepting Pulitzer)」。 In doing so, the Washington Post has achieved an ignominious feat in U.S. media history: the first-ever paper … Continue reading

Posted in Computer, Murmuring, Network, Political, Security, Social | Tagged , , , , , , , , | Leave a comment

Yahoo! 這次應該是史上最大的一次 leak...

Yahoo! 這次爆出來的 leak 應該是目前史上最大的一次:「An Important Message About Yahoo User Security」。 目前 Yahoo! 的研判是 2014 年時由政府單位搬出去的: A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , | Leave a comment

Google Allo 減弱本來的安全設計

Google Allo 減弱了本來的安全設計:「Google backs off on previously announced Allo privacy feature」。 藉由修改預設行為減弱: The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store … Continue reading

Posted in Computer, Murmuring, Network, Political, Security, Software | Tagged , , , , , | Leave a comment

Dropbox 儲存密碼的方式

記得 Dropbox 前陣子才強迫所有使用者重設密碼:「The Dropbox hack is real」,官方的報告在這:「Resetting passwords to keep your files safe」,當時洩漏出來的資訊可以知道 2012 年的時候 Dropbox 用的是 SHA1: What we've got here is two files with email address and bcrypt hashes then another two with email addresses and SHA1 hashes. … Continue reading

Posted in Cloud, Computer, Murmuring, Network, Programming, Security | Tagged , , , , , , , , , , , , | Leave a comment

ING Bank 在羅馬尼亞的機房出事...

ING Bank 在羅馬尼亞的機房發生資料損毀:「A Loud Sound Just Shut Down a Bank's Data Center for 10 Hours」。 不過原因是因為火災測試時噴發的音量太大,導致硬碟故障 XDDD ING Bank’s main data center in Bucharest, Romania, was severely damaged over the weekend during a fire extinguishing test. In what is a … Continue reading

Posted in Computer, Financial, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , , , | Leave a comment

Lenovo 開始出 Microsoft-only 機了,其他的 OS 都會被鎖住不能用

有人在 Reddit 上抱怨買了一台 Lenovo 的機器卻不能裝 Linux,因為會抓不到硬碟:「Warning: Microsoft Signature PC program now requires that you can't run Linux. Lenovo's recent Ultrabooks among affected systems.」,官方回覆是: This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement … Continue reading

Posted in Computer, Hardware, Linux, Murmuring, OS, Security, Software, Windows | Tagged , , , , , , , , | 1 Comment

英國 GCHQ 打算在英國實施全國大規模的 DNS filtering 過濾機制

如標題所提到的,GCHQ 打算以安全為由,實施大規模的 DNS filtering 機制:「GCHQ planning UK-wide DNS ‘firewall’」,GCHQ 的官方新聞稿在「A new approach for cyber security in the UK」這邊。 很類似 GFW 的作法,但在英國這種國家這樣做太明顯,所以政府需要使用 FUD (Fear, Uncertainty, Doubt) 的方式恐嚇公民,藉由洗腦公民取得更多的權力。 這次是對 DNS level 過濾,如果政策成功地壓過去實施,接下來就會有更多的機制來過濾對當政者不利的言論。

Posted in Computer, DNS, Murmuring, Network, Political, Security | Tagged , , , , , , | 1 Comment

透過 Deep Learning 辨識人臉馬賽克的技術

在某些新聞報導透漏出了受害者的某些背景身份,於是你手上有了這兩個資料: 符合這些背景身份的四十個人的照片。 人臉被馬賽克後的新聞照片。 現在的問題是,要怎麼判斷出新聞照片裡是哪個人:「Defeating Image Obfuscation with Deep Learning」。 類似這樣的實驗,從 40 個人中找出正確的人,有 50% 的正確率: 也許 50% 不算到能用的程度,但這代表老大哥的技術已經在發展了...

Posted in Computer, Murmuring, Programming, Security | Tagged , , , , , , , , , | Leave a comment